Rejected Emails - Abusix/SMX Email

Forums › IT Pro and developers › Rejected Emails - Abusix/SMX Email

tchart

2396 posts

Uber Geek
+1 received by user: 577

ID Verified

Trusted

#289582 14-Sep-2021 13:10

My email to another company started getting rejected over the weekend (I assume over the weekend, I was able to email on Friday but not on Monday). These are legitimate work emails BTW so nothing spammy.

I sent a request to SMX Email to ask why, they replied that its a Rule Based Block? They also suggested I look at https://lookup.abusix.com/ - which shows my domain and IP are listed. My IP is a fixed IP (from my ISP).

So not knowing anything about these two companies (SMX and Abusix), are they legit? Abusix has an option to get delisted.

Is it likely someone reported my domain? Seems a bit suspicious as I dont send a lot of emails.

Thanks

CYaBro

4708 posts

Uber Geek
+1 received by user: 1182

ID Verified

Trusted

#2778220 14-Sep-2021 13:23

If your ip is static and has been blacklisted then something on your network could be compromised and is sending out spam.
Is this a business network or just at home?

Opinions are my own and not the views of my employer.

tchart

2396 posts

Uber Geek
+1 received by user: 577

ID Verified

Trusted

#2778224 14-Sep-2021 13:31

Home network but I work from home.

Kids are pretty diligent and all devices have AV/malware. So unlikely something originating from the network but will scan anyway.

Im guessing some content in an email mustve tripped a rule somewhere. It's only this one company BTW all other email traffic is fine.

tchart

2396 posts

Uber Geek
+1 received by user: 577

ID Verified

Trusted

#2778227 14-Sep-2021 13:47

This kind of makes it seem a bit suspicious - as far as I can see its saying my IP has 100K trap hits in the past 30 days?

Update: Actually ignore me - this wasnt for my IP :)

tchart

2396 posts

Uber Geek
+1 received by user: 577

ID Verified

Trusted

#2778228 14-Sep-2021 13:52

I have request to get delisted. Had to sign up on Abusix - sigh...

gehenna

8667 posts

Uber Geek
+1 received by user: 3883

Moderator

Trusted

Lifetime subscriber

#2778229 14-Sep-2021 13:54

Do you host your own email service? That's usually how to get into this situation. If you're using company email that is managed by someone else, chances are you're not the only in your company that's impacted and IT should know about it.

tchart

2396 posts

Uber Geek
+1 received by user: 577

ID Verified

Trusted

#2778230 14-Sep-2021 13:56

Also interestingly it shows when it was list but not why - checked my emails and I didnt send any emails on Saturday...

Dyson

Shop now for Dyson appliances (affiliate link).

tchart

2396 posts

Uber Geek
+1 received by user: 577

ID Verified

Trusted

#2778237 14-Sep-2021 14:05

gehenna:

Do you host your own email service? That's usually how to get into this situation. If you're using company email that is managed by someone else, chances are you're not the only in your company that's impacted and IT should know about it.

No, email is hosted/provided by Zoho (generally this is problem free although one US company I work with does not like the Zoho mail servers)

I was mistaken about the IP, this wasnt listed/flagged. Only my domain was - the domain is only used for my website and email.

I suspect the content of one of the emails I sent Friday may have caused (an over zealous filter) to list the domain - it contained installation instructions that included hyperlinks to installers etc. Which is a bit odd given the company I sent it to is another IT company.

SATTV

1670 posts

Uber Geek
+1 received by user: 657

ID Verified

#2778259 14-Sep-2021 14:51

You might like to block port 25 outbound on your firewall / router in case it is a phone or tablet with a bit of malware.

Only allow approved devices on port 25.

This may help

John

I know enough to be dangerous

1101

3141 posts

Uber Geek
+1 received by user: 1143

#2778634 15-Sep-2021 10:17

Ive had to go through the delist process for quite a few clients, it happens .

Basically, just go through the delist process.
Also, search other Blacklist checkers, you may be on more than one Blacklist

Many things can cause you to be blacklisted.
A hacked website , email Out-of-Office autoreplying to spams , compromised email a/c's
Even hosted email services can get their servers(IP) blacklisted

Also check your spf etc.

BlakJak

1329 posts

Uber Geek
+1 received by user: 735

Trusted

#2791970 8-Oct-2021 20:00

tchart:
Hi

My email to another company started getting rejected over the weekend (I assume over the weekend, I was able to email on Friday but not on Monday). These are legitimate work emails BTW so nothing spammy.

I sent a request to SMX Email to ask why, they replied that its a Rule Based Block? They also suggested I look at https://lookup.abusix.com/ - which shows my domain and IP are listed. My IP is a fixed IP (from my ISP).

So not knowing anything about these two companies (SMX and Abusix), are they legit? Abusix has an option to get delisted.

Is it likely someone reported my domain? Seems a bit suspicious as I dont send a lot of emails.

Thanks

Just to add - SMX is very much a local and legit anti-spam business. They actually handle a fairly large proportion of NZs email market. (I worked there many, many moons ago).

If they are dealing with Abusix and pointed you there, then that's legit too.

SMX in addition to their own mail operations, run the system operated by Xtra these days (since it came back from Yahoo).

You, or someone impersonating you, has gotten on their radar either through manual feedback (someone clicked 'report as spam') or by hitting a honeypot (email to an address that solely exists to collect spam) or by tripping some other threshold (such as volume).

Upside of being a local company with relatively clooful folks is that it should be relatively straightforward to clear things up and get some idea of how it happened. But I'd echo the comments around things like SPF - ensure that people can't use your domain without your consent.

Yes I know this is a few weeks old but I just wanted to directly answer the question - this is all legit.

No signature to see here, move along...

freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41025

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2791978 8-Oct-2021 20:15

tchart:

I suspect the content of one of the emails I sent Friday may have caused (an over zealous filter) to list the domain - it contained installation instructions that included hyperlinks to installers etc. Which is a bit odd given the company I sent it to is another IT company.

You haven't updated the thread to let us know the result. In any case since this showed up again on the frontpage: a single email won't blacklist a domain. There has to be a lot of traffic for this to happen.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

Dell

Shop now for Dell laptops and other devices (affiliate link).

michaelmurfy

meow
13579 posts

Uber Geek
+1 received by user: 10910

Moderator

ID Verified

Trusted

Lifetime subscriber

#2791981 8-Oct-2021 20:34

There is more to this - please ensure that your domain has SPF / DMARC / DKIM enabled on it. Many providers these days won't actually pass email through if you have not signed it.

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41025

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2791982 8-Oct-2021 20:45

Also, if you have a considerable volume of emails then you could sign up for something like Google Postmaster for some info. Unfortunately it only shows data for emails sent to Google-hosted domains (including Gmail and Google Workspace). Or once you have DMARC, DKIM and SPF setup then use a DMARC report consolidation service like Valimail (free basic service with paid options, there are many others).

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

tchart

2396 posts

Uber Geek
+1 received by user: 577

ID Verified

Trusted

#2791986 8-Oct-2021 20:55

Just to update this, thought I had.

I requested a delist and it was done pretty much straight away. As mentioned I suspect this was triggered by some content in an email. I believe the company I sent the email to has their email through SMX.

I've had no issues since then.

BTW the IP address wasn't mine so it wasn't IP address related.