Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to analyze false recogniced non-spam mails from outside

Hi,

we have a customer which complains about quarantined mails which never reaches the destinations. It seems they are blocked by a sophos spam recognition system.

After asking the customer we got only the information

  SCANNER[3555]: id="1001" severity="info" sys="SecureMail" sub="smtp" name="email quarantined" srcip="37.120.167.131" from="ab@source.de" to="xy@dest.de"   subject="WG: Auszahlung" queueid="1lCPLV-0000vL-5P" size="18989" reason="as" extra=""

   Reason as = Sophos Antispam

and that is quarantined. Nothing more.

How can we analyze what happend and get information about any mistakes we make?

Of course, we did our homework:

- No spamming from source.de, the only newsletter are christmas greetings.

- We checked our server on blacklists, the common known ones and also here with the sophos check. All green.

- The mails itself were handwritten mails to only on Post e recipient.

- Checked our servers to fullfil all requirements.

- Mail servers are several years old. IP's many months.

- SPF & DKIM fitting, dmarc currently not enforced because of a few broken 3rd party mail servers, which can't forward mails properly.

- This particular subject may be misleading, but I cant tell all of my customers to avoid any certain phrases. (it was indeed an "Auszahlung")

We never had any problems with other recepients, even gmail & co accepts the mails.

But how can we get information why sophos antispam is rejecting our mails? Or is it accepted that a few percent of valid mails are quarantied?

Thanks, Jan



Edited tags
[edited by: Raphael Alganes at 1:10 AM (GMT -7) on 8 Jun 2023]