Email marked as spam
We are using the network edition of Zimbra and I need some help!
We have a user whose email is being marked as spam and I am not sure why. The message header looks like the following:
Received: from localhost (localhost.localdomain [127.0.0.1])
by ourdomain.com (Postfix) with ESMTP id 4321C760360;
Fri, 7 Dec 2007 08:15:32 -0500 (EST)
X-Virus-Scanned: amavisd-new at
X-Spam-Status: Yes, score=10.028 tagged_above=-10 required=6.6
tests=[AWL=-1.270, BAYES_50=0.001, DNS_FROM_RFC_BOGUSMX=1.482,
HELO_DYNAMIC_SPLIT_IP=3.493, HTML_MESSAGE=0.001, RCVD_IN_PBL=0.905,
Received: from ourdomain.com ([127.0.0.1])
by localhost (ourdomain.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id kn7MfuRXbYgm; Fri, 7 Dec 2007 08:15:25 -0500 (EST)
Received: from 245.sub-75-198-83.myvzw.com (245.sub-75-198-83.myvzw.com [126.96.36.199])
by ourdomain.com (Postfix) with ESMTP id 2B03E76035D;
Fri, 7 Dec 2007 08:15:22 -0500 (EST)
In-Reply-To: <215013471.164781197032804100.JavaMail.root@ourdom ain.com>
Content-Type: multipart/alternative; boundary=Apple-Mail-8--317212103
Mime-Version: 1.0 (Apple Message framework v912)
Date: Fri, 7 Dec 2007 08:15:19 -0500
References: <215013471.164781197032804100.JavaMail.root@ourdom ain.com>
X-Mailer: Apple Mail (2.912)
This appears to only happen when he sends email when his in not in the office, but using a ISP.
What exactly does: DNS_FROM_RFC_BOGUSMX=1.482 mean? :confused:
It's likely the IP address (or IP block) he's posting from is listed on an RBL list. The "DNS_FROM_RFC_BOGUSMX=1" means "Envelope sender in bogusmx.rfc-ignorant.org", details of those messages are here. I forgot to add that the web site is here: http://rfc-ignorant.org/
Thanks! I learn something new everyday!
So do I. :)
Originally Posted by scrapper
Some ISPs are famous for either
If either is the case with your employee's home ISP, this may be really tough to remedy. Your best bet in this case would be to set him/her up with a VPN connection. If he/she connects first to the VPN, then the email will still look like it's coming from inside your network and the problem will be solved.
- being really sloppy with their network configuration, or
- being really sloppy with allowing bad guys to spam from their networks.