EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > FastMail Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc.

Reply
 
Thread Tools
Old 4 Jul 2019, 02:02 PM   #1
Mr David
Member
 
Join Date: May 2003
Location: Melbourne, Aus
Posts: 96
Undelivered Mail RTS

Earlier this week two emails I sent from my Fastmail account to an email address on a particular domain were blocked. They bounced back to me via Fastmail's host, mailout.nyi.internal.

With identifying details redacted, the bounce message reads as follows:

Quote:
This is the mail system at host mailout.nyi.internal.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

<[email protected]>: host
au-smtp-inbound-1.mimecast.com[nnn.nn.nnn.nnn] said: 554 Email rejected due
to security policies - https://community.mimecast.com/docs/DOC-1369#554
[gZyIIRMdO8K-GC40uA7CCg.au58] (in reply to end of DATA command)
Earlier this year emails I sent to another address at the same domain were also blocked and bounced. A similar bounce message was sent to me within minutes.

The individuals to whom I sent these messages are very well known to me and it is exceedingly unlikely that my Fastmail email address is not in their respective email address books. The blocking is happening at the email server for the domain, I think.

I tried to contact the people managing the email server of the domain by forwarding the bounce message to "[email protected]" but this message also bounced.

Following this I sent a similar request for assistance to "[email protected]". This message did not bounce but I have not received a reply.

I would appreciate advice on how I might resolve this problem with the management of the email server. Who do you suggest I should contact? Is there a more appropriate email address format that is widely used in the tech industry to contact email service managers? Should I create a support ticket for Fastmail?

The email service at this domain is provided to a large number of disparate subscribers working in the same service industry who by and large are not particularly tech savvy. For many years the people who managed their web and email access provided scant attention to security issues. One result was that some thousands of more or less tech clueless subscribers had their email accounts bombarded with spam, spam with malware payloads, phishing attacks, the works. Stories of cyber attacks on this bunch of subscribers and others in the same industry hit the local news over the last year or so. I think the tech wizards dealing with these subscribers' email are paying much more attention to security concerns nowadays, which is probably why my messages have been getting bounced.

Cheers,
David
Mr David is offline   Reply With Quote

Old 4 Jul 2019, 02:35 PM   #2
Terry
The "e" in e-mail
 
Join Date: Jul 2002
Location: VK4
Posts: 2,744
Did the email have your signature added ? as some can get blocked as a virus.

https://www.fastmail.com/support/
Terry is offline   Reply With Quote
Old 4 Jul 2019, 02:51 PM   #3
Mr David
Member
 
Join Date: May 2003
Location: Melbourne, Aus
Posts: 96
No, I don't use a signature. My email was plain text too.

I'll get onto FM support. Will report back with results.
Mr David is offline   Reply With Quote
Old 4 Jul 2019, 04:31 PM   #4
BritTim
The "e" in e-mail
 
Join Date: May 2003
Location: mostly in Thailand
Posts: 2,791
The Minecast documentation provides this for the error you are receiving:

Quote:
Email rejected due to security policies (E.g. MCSpamSignature.x.x) A signature was detected that could either be a virus, or a spam score over the maximum threshold. The spam score isn't available in the Administration Console.

If you aren't a Mimecast customer but have emails rejected with this error code, contact the recipient to adjust their configuration and permit your address. If unsuccessful, your IT department can submit a request to review these email rejections via our Sender Feedback form.

Anti-virus checks cannot be bypassed. Contact the sender to see if they can stop these messages from being blocked. Anti-spam checks can be bypassed using a Configuring Permitted Senders or Auto Allow policy. Rejected emails can be viewed in your Outbound Activity and searching for the required email address.
As a first step, I would suggest sharing this information with your recipient. If unable to resolve the issue in this fashion, I would then use the Sender Feedback form, and see what Minecast have to say about the issue.
BritTim is offline   Reply With Quote
Old 4 Jul 2019, 07:29 PM   #5
Mr David
Member
 
Join Date: May 2003
Location: Melbourne, Aus
Posts: 96
Regarding the 554 error code, it has four entries in mimecast's table of reasons. The only one I know it can't be is max email size exceeded.

As to contacting the recipients, that would be pointless. Each has a rudimentary understanding of computing concepts and for them the technical stuff is for someone else to fix, even or especially when the problems are self inflicted. That is not the case in this instance, neither of my recipients did anything to cause my emails to be blocked. That was done in the IT control centre, and probably with the assistance of mimecast whose services are probably used to scan incoming messages, and maybe outgoing ones too.

If FM are unable to follow through with a positive result to my support ticket I'll endevour to contact the IT nerve centre in question. I reckon I'll do it the old fashioned way, by phone.

My guess is that the heart of this problem is the reputation of the domains FM owns and operates. If any of them have ever been hijacked by spammers then FM subscribers using email addresses on domains of ill repute can become collateral damage in the struggle to control unsolicited email.

Last edited by Mr David : 6 Jul 2019 at 10:31 PM.
Mr David is offline   Reply With Quote
Old 5 Jul 2019, 01:35 AM   #6
BritTim
The "e" in e-mail
 
Join Date: May 2003
Location: mostly in Thailand
Posts: 2,791
Quote:
Originally Posted by Mr David View Post
Regarding the 554 error code, it has four entries in mimecast's table of reasons. The only one I know it can't be is max email size exceeded.l.
The error shown in your initial post was the one I highlighted in my reply.


Quote:
Originally Posted by Mr David View Post
My guess is that the heart of this problem is the reputation of the domains FM owns and operates. If any of them have ever been hijacked by spammers then FM subscribers using email addresses on domains of ill repute can become collateral damage in the struggle to control unsolicited email.
It is possible, I guess, though that is not my first idea. Anyway, you could check out that theory by creating an alias in one of the rarely used FastMail domains and see if the same issue exists when sending using the alias.

More often, spam checks are based on message content, and the IP address of the sending server. This is augmented with checks on things like DMARC, SPF and DKIM. Some servers, in particular, do not like DMARC settings that are too loose.
BritTim is offline   Reply With Quote
Old 5 Jul 2019, 10:07 AM   #7
Mr David
Member
 
Join Date: May 2003
Location: Melbourne, Aus
Posts: 96
Quote:
It is possible, I guess, though that is not my first idea. Anyway, you could check out that theory by creating an alias in one of the rarely used FastMail domains and see if the same issue exists when sending using the alias.
How can one determine which FM domains are rarely used? Mine is @imap.cc; in my small circle of email correspondence I've not seen anyone else using it.

Quote:
More often, spam checks are based on message content, and the IP address of the sending server. This is augmented with checks on things like DMARC, SPF and DKIM.
It's hard to imagine how either of the recipients of my rejected messages could have identified them as spam, but I've no idea how server level filters grade content. The email rejected in May 2019 was sent to less than a dozen addresses as bcc. The email rejected this week was sent to a single address. Both messages contained links to third party websites, maybe that was flagged by the spam filter. Both were plain text and sans attachments.

As for SPF, DKIM and DMARC, they are beyond my control and well beyond my very modest technical capacity (thanks, though, for alerting me to their existence). Should they need to be addressed that would be something I would expect FM administrators to handle.

Last night I received a response from FM about my support ticket. The matter has been passed to FM's 'senior agents' for investigation.
Mr David is offline   Reply With Quote
Old 5 Jul 2019, 12:40 PM   #8
BritTim
The "e" in e-mail
 
Join Date: May 2003
Location: mostly in Thailand
Posts: 2,791
Quote:
Originally Posted by Mr David View Post
As for SPF, DKIM and DMARC, they are beyond my control and well beyond my very modest technical capacity (thanks, though, for alerting me to their existence). Should they need to be addressed that would be something I would expect FM administrators to handle..
The settings FastMail uses for these on its domains are perfectly reasonable. It is pointless to ask FastMail to change them because a small number of recipient servers apply unreasonable restrictions on the DMARC settings they will allow. One site that is known to often reject messages from FastMail is Craigslist, and it is simple ignorance on their part that leads to the problem.

In the case of Minecast, their documentation suggests there are often ways of addressing the issue at the recipient's end, but you have indicated that your recipients are too stupid to be able to apply the necessary settings. I sympathise as I have very occasionally met with recipients who do not want to go to the trouble of resolving such issues, and do not want to give me access to their accounts so I can fix the problem for them.
BritTim is offline   Reply With Quote
Old 5 Jul 2019, 01:41 PM   #9
Mr David
Member
 
Join Date: May 2003
Location: Melbourne, Aus
Posts: 96
I wouldn't go so far as to suggest that my recipients or the rest of the email subscribers on this domain are stupid, but they are perhaps naive, ignorant and blasť about computing and email issues such as this one. To the contrary, the leaders of this service industry are among the most intelligent people anyone could hope to meet.

In putting my service ticket to Fastmail I was not hoping that Fastmail would change its outgoing email settings and stoop to lower standards. Rather, I would much prefer they contact the administrators of this domain to set them on a path to better ways. That way everyone benefits.

As mentioned in an earlier post to this thread, the management of email services provided at this domain used to be atrociously lax. Not for a short time either, it went on for many years. Its subscribers pay a pretty penny for it and for years received rubbish, I think they still do. Having seen first hand the targeted spam arriving in at least one subscriber's inbox, and given the extreme sensitivity of the information flowing through the email accounts of its subscribers, I was aghast that this shocking state of affairs endured for so long.

Fastmail's HQ is in the very same city where this disparate bunch of service industry workers is based. If the board overseeing the provision of services like email accounts to its members was to engage Fastmail as a service provider a lot of problems would be solved. If anyone at FM still reads these forums, this is business that would be well worth your while to try to win.
Mr David is offline   Reply With Quote
Old 12 Jul 2019, 10:59 AM   #10
Mr David
Member
 
Join Date: May 2003
Location: Melbourne, Aus
Posts: 96
As foreseen in responses to my query here, my bounced email issues stem from the spam filter system at Mimecast.

My FM support ticket was created on 4 July. An initial FM response was received same day, and followed up with a properly considered one on 9 July.

My email to postmaster[A.T.]FM was sent on 3 July. I received a detailed response on 10 July.

The support ticket and postmaster responses from FM concurred that Mimecast's spam filter protocols are unnecessarily heavy handed. At FM's end there is nothing that can be done to rectify my issue.

Today I completed a Mimecast sender feedback form. I'll report back in due course with the result of their response.

Last edited by Mr David : 12 Jul 2019 at 11:22 AM.
Mr David is offline   Reply With Quote
Old 15 Jul 2019, 07:00 PM   #11
Mr David
Member
 
Join Date: May 2003
Location: Melbourne, Aus
Posts: 96
I received a response from a Mimecast operator in the late evening AEST of 12 July. It requested copies of the bounce messages and the original outgoing messages that were blocked to be sent to Mimecast as attachments. Next day I mailed these through.

With a weekend to complete its investigation of this issue, today the following reply came from Mimecast:
Quote:
Update for Case #MIMEnnnnn - "MCRBL Removal Request"

Hi David,

Thanks for your response.

The email was rejected as there was a fingerprint for the domain imap<dot>cc, which was in the text of messages that were reported spammy by the community.

There were a very high number of reports. Feedback is provided below:
- 97% of reports seen were to block
- 84% of blocks were from spam traps
- 8 ISPs provided spam trap feedback
- Last spam trap hit : 2019-04-28 14:20:08
- First report : 2016-01-18 05:18:03
- Last report : 2019-06-25 23:51:56

It has been reset and we request you to try again.

Please let us know in case of any issues or queries.

Regards,
Axxxxt
I'm not sure what is meant by 'community'. Is it the community of users at the domain my messages were blocked from? Or is it the broader community of all Mimecast subscribers? Who knows.

One thing is certain, if there was a very high number of reports they could not possibly be caused by the trivial amount of messages sent from the @imap.cc addresses of my FM account.

Shortly after receiving this notification from Mimecast I sent a test message through to the email address that was blocked last week. It was successfully delivered. All good.
Mr David is offline   Reply With Quote
Old 16 Jul 2019, 01:53 AM   #12
JeremyNicoll
Member
 
Join Date: Dec 2017
Location: Scotland
Posts: 81
Quote:
Originally Posted by Mr David View Post
One thing is certain, if there was a very high number of reports they could not possibly be caused by the trivial amount of messages sent from the @imap.cc addresses of my FM account.
If your emails are genuinely innocent, then presumably the problem is that another FM user, or perhaps several of them, are sending mails with URLs in them that end in "imap.cc" and those have been reported as spam.

Spam-blocking services identify things at a domain level - so will mistrust everything from imap.cc, not pick and choose which subdomains are ok.

You need to tell FM so that - hopefully - they can identify other users who are doing this. In the meantime your only choices are to change the FM-owned domain you use to something else, or acquire your own domain.
JeremyNicoll is offline   Reply With Quote
Old 16 Jul 2019, 08:40 AM   #13
BritTim
The "e" in e-mail
 
Join Date: May 2003
Location: mostly in Thailand
Posts: 2,791
Quote:
Feedback is provided below:
- 97% of reports seen were to block
- 84% of blocks were from spam traps
- 8 ISPs provided spam trap feedback
- Last spam trap hit : 2019-04-28 14:20:08
- First report : 2016-01-18 05:18:03
- Last report : 2019-06-25 23:51:56
I am unsure how many FastMail users send using imap.cc. The statistics Minecast cite do not suggest a massive amount of spam from the domain. Note that it is over 10 weeks since a spam trap hit, and about three weeks since any negative report.
BritTim is offline   Reply With Quote
Old 16 Jul 2019, 11:01 AM   #14
Mr David
Member
 
Join Date: May 2003
Location: Melbourne, Aus
Posts: 96
My FM support ticket has been handled by Kurian. Here's what he had to say on 2019-07-15 about the Mimecast report:
Quote:
Originally Posted by Kurian
Odd. That indicates that they have received spam from our servers. I'll have a look at our abuse report queue to see if there is an unusual amount of spam reports for that domain.
And shortly afterwards,
Quote:
Originally Posted by Kurian
That 'First report' timestamp is something that surprised me. They really shouldn't be tracking that long to see whether a host is compromised or spammy, but I guess it all depends on how their algorithm treats the first report incident, and the earlier ones. It would be good to know how their systems work (like how many total incidents, incidents within the last month, and within the last week).

I just went through our abuse queue and didn't find anything about imap.cc, so can't tell whats going on by looking just at the things at our end..
I've put supplementary questions to the operator who handled my support request at Mimecast. It took a while before I received a response to the support request I submitted to them. If I get a reply to my supplementaries I'll report it here.

BritTim, are you having a dig at 'Minecast'?
Mr David is offline   Reply With Quote
Old 16 Jul 2019, 03:25 PM   #15
Mr David
Member
 
Join Date: May 2003
Location: Melbourne, Aus
Posts: 96
I received this response from Mimecast a short time ago:
Quote:
Update for Case #MIMEnnnnnn - "MCRBL Removal Request"

Hi David,

Thanks for your response.

We use a number of vendors and the email was reported by the users who received emails with imap.cc in the content and they considered the emails as spammy. It does not necessarily take into account only the recipient domain users.

Unfortunately, we can only share the information provided in the previous email due to security reasons.

I hope that helps and please let me know if you have any further issues or queries.

Kind regards,
Axxxxt Gxxxxxx
Disregarding the 'security reasons' defence, I have asked for more information.
Mr David is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 03:09 PM.

 

Copyright EmailDiscussions.com 1998-2013. All Rights Reserved. Privacy Policy