This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Outbound SPAM

Hi Community

 

From our company has been sent a newsletter. It was sent to 4800 recipients at the same time.

 

Now many e-mails from the AntiSpam have been marked as SPAM with the following reason:

Message sender is universally blacklisted

 

What can I do?



This thread was automatically locked due to age.
Parents
  • Since we don't know what kind of compromise you had, I'll list some basic outbound SPAM remediation steps that will cover nearly all of the scenarios in sme fashion:

    • Change passwords on mail servers and mail accounts. If the mail was sent from a compromised, legitimate company account you need to cut that off.
    • Identify the computer that was compromised and remediate. Once you have followed the next step, look at your firewall logs and see which host. if any, is generating the blocked traffic.
    • Determine if the mail was sent from inside your network. If it was, put rules in place that restrict outbound mailflow, if possible. This can often be as simple as blocking port 25 and/or 587 outbound. If you have an internal email server you can block all outbound mail ports EXCEPT from the server. If you don't have an in-house email server and use something like Office 365, you shouldn't have any mail traffic from inside your network and can block 25 and 587. 
    • Check MX Toolbox (https://mxtoolbox.com/blacklists.aspx) or another similar site to determine if you've been blacklisted. You can also send an email to ping@tools.mxtoolbox.com. If you have been blacklisted, don't panic. Usually you can "self service" unblock with many lists as long as you aren't a chronic offender. For the lists that don't have simple removal, you usually drop off on a time based policy. A couple of weeks is common. Don't request forgiveness until you've fixed your problem, though. There are several 
    • Take some time to set up SPF, DKIM, and DMARC (https://docs.microsoft.com/en-us/office365/securitycompliance/use-dmarc-to-validate-email). This will increase mail recipients (their mail servers, anyway) confidence in your mail domain and make it more difficult for the bad actors to fake a mail to make it look like it was sent from your company. 

    I.T. Professionals of Florida 

Reply
  • Since we don't know what kind of compromise you had, I'll list some basic outbound SPAM remediation steps that will cover nearly all of the scenarios in sme fashion:

    • Change passwords on mail servers and mail accounts. If the mail was sent from a compromised, legitimate company account you need to cut that off.
    • Identify the computer that was compromised and remediate. Once you have followed the next step, look at your firewall logs and see which host. if any, is generating the blocked traffic.
    • Determine if the mail was sent from inside your network. If it was, put rules in place that restrict outbound mailflow, if possible. This can often be as simple as blocking port 25 and/or 587 outbound. If you have an internal email server you can block all outbound mail ports EXCEPT from the server. If you don't have an in-house email server and use something like Office 365, you shouldn't have any mail traffic from inside your network and can block 25 and 587. 
    • Check MX Toolbox (https://mxtoolbox.com/blacklists.aspx) or another similar site to determine if you've been blacklisted. You can also send an email to ping@tools.mxtoolbox.com. If you have been blacklisted, don't panic. Usually you can "self service" unblock with many lists as long as you aren't a chronic offender. For the lists that don't have simple removal, you usually drop off on a time based policy. A couple of weeks is common. Don't request forgiveness until you've fixed your problem, though. There are several 
    • Take some time to set up SPF, DKIM, and DMARC (https://docs.microsoft.com/en-us/office365/securitycompliance/use-dmarc-to-validate-email). This will increase mail recipients (their mail servers, anyway) confidence in your mail domain and make it more difficult for the bad actors to fake a mail to make it look like it was sent from your company. 

    I.T. Professionals of Florida 

Children
No Data