Back in early 2019, I wrote about a problem I was having with mail from my system going to BT based accounts. At the time, BT was rejecting my mail as potential spam. As I wrote at the time, I was pleasantly surprised when the BT postmaster replied positively to my request that they investigate the problem. Even better, after investigation they acknowledged that the problem lay at their end and they then fixed it.
I am now having a problem with mail to an ntlworld address (@ntlworld.com), part of the virginmedia empire. But this time I have no possibility of getting their postmaster to do anything. Why? Because mail to their postmaster is also refused.
I first noticed the problem only a month or two ago. Here again, email from me to that same group of friends I wrote about in the BT scenario was being refused to one member of the group. That member has an ntlworld account, and has had for as long as he has been on the mailing list, so they must have changed their mail receipt policy recently. The ntlworld system now refuses all mail from my mailserver. The mail is apparently refused because they believe my mail server is not trustworthy.
What I see is shown below (email address changed for obvious reasons):
This is the mail system at host tap.rlogin.net.
I’m sorry to have to inform you that your message could not
be delivered to one or more recipients. It’s attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
firstname.lastname@example.org: host mx.tb.ukmail.iss.as9143.net[220.127.116.11] refused to talk to me:
550 mx2.tb.ukmail.iss.as9143.net mx2.tb.ukmail.iss.as9143.net MXIN103 Your IP 18.104.22.168 is in RBL.
Please see http://csi.cloudmark.com/reset-request/?ip=22.214.171.124;id=SLGdkvFdAZFcz;sid=SLGdkvFdAZFcz;mta=mx2.tb;d=20201013;t=162707[CET];ipsrc=126.96.36.199;
The first point to note is that the stupid ntlworld system has given a 550 SMTP response code when it “refused to talk to” my mail server when it should have used a 554 (permanent failure). The 550 response code is supposed to be used when the address in question doesn’t exist, whilst a 554 response means that the receiving server thinks my mail is spam or my email server has otherwise been blacklisted. Now since the message goes on to say “Your IP is in RBL (or Real Time Blacklist), it suggests a 554 return would be more appropriate, my mail server would not then requeue the message for later attempted delivery – but no matter, they have already proved themselves a bit stupid by implementing a rule based system from cloudmark which lists my server as untrustworthy simply because it happens to be on a network providing VPS services. The “Please see….” line points me to clooudmark’s “reputation” system where they say:
Cloudmark Sender Intelligence™ (CSI) is a comprehensive global sender monitoring and analysis system that delivers timely and accurate reputation on good, bad, and suspect senders. CSI uses real-time data from Cloudmark’s Global Threat Network™ system to create the industry’s most comprehensive sender reputation service.
If you believe the reputation of your IP address is not correct or if the reputation has changed, you may request a reset of all related email traffic statistics within CSI for your IP address.
Please note this is not a portal for submitting complaints regarding content based spam signatures. Those requests must be directed at the service provider who is blocking the message. This portal will only accept statistical reset requests for IP addresses published by Cloudmark Sender Intelligence.
More information about Cloudmark Sender Intelligence and why your email may have been blocked: FAQ.
So Cloudmark’s “Global Threat Network” has determined that my email server is bad. Let’s take a look at that on mxtoolbox.
So, mxtoolbox has checked my server against 86 RBLs and got the all clear from all of them. Furthermore, my server has both valid SPF and DKIM records in the DNS so even a cursory check by a “Global Threat Network” would find that my server is probably OK.
A check of Cloudmark’s FAQ suggests that the only way I can get my IP address removed from their database is to complete their on-line form at their “CSI IP Reputation Remediation Portal”, which of course I have done (well, you can but hope). Of course nothing has happened, and I have not even received any acknowledgement from Cloudmark that they have even received, let alone reviewed my request. That is simply not acceptable. If they promulgate “reputation” lists which can result in all mail from a particular system failing to be accepted by a system using their list, then they must have in place a better system of remediation in cases where they are wrong. Of course they get out of this by saying that “we are not blocking your email, only the possible recipient of the email is blocking it”. This of course is perfectly true, but they are blocking it based on your recommendation, a recommendation which is wrong.
“Timely and accurate”? I don’t think so. I’d call their “intelligence” slow and inaccurate.
And of course I cannot complain to postmaster@ntlworld, because all mail from my domain is refused.