Cloudmark's reputation

I recently created a new MailInABox server on Digital Ocean.

I immediately got badly rated by CSI (Cloudmark). I contacted them and they said the following:

Please contact your hosting provider, there are recent reports of spam passing through this server. Let us know when the source of this spam has been stopped and we can consider remediation. Below is a sample header that you can forward:

Received: from dtysd5k60b.emoong.live ([159.65.223.197])
From: =?utf-8?q?=53=6d=c3=a4=72=74=61=20=6b=6c=61=67=6f=6d=c3=a5=6c?= 7Z0IX988@dtysd5k60b.emoong.live.728.732
Subject: Ta bort dina ledproblemen inom 7 dagar!

I don’t understand how I can block that.

What I did is use the firewall to block more and not allow port 25 SMTP at all and only allowed some of my server to send email through 587 (SMTP submission) through my new email server.

But blocking 25 seems to also block any incoming email to my MailInABox. This would be blocking the above “emoong.live” from using my server to send emails, but it also blocks everything else…

CSI said I should contact my Host to report abuse, which I did but there must be a way to block this within my MailInABox?

Respond to Cloudmark and tell them that you are the current user of the IP address since x day and were not responsible for behaviour before you were assigned that IP address. It is more than likely that the spam reports were from before you were assigned the IP. Mail-in-a-Box does not do relaying so there is no way it happened since you installed MiaB unless you have modified it, or used very weak passwords that were compromised.

Or change your IP by making a snapshot of your server and restoring it to a new VPS (thus receiving a new IP) and destroying the original.

This is exactly what I said to them.
This IP address is new to me since July 21, 2020, so they reset my rating.
Then 3-4 days later my rating went bad again, so I requested again what was going on.
They said we keep seeing those this is the message:

This is from 7/22 and we are still receiving dozens of reports a day.
--------------------------
Received: from dtysd5k60b.emoong.live ([159.65.223.197])
From: =?utf-8?q?=53=6d=c3=a4=72=74=61=20=6b=6c=61=67=6f=6d=c3=a5=6c?= 67M73P6N@dtysd5k60b.emoong.live.453.601
Subject: Ta bort dina ledproblemen inom 7 dagar!
--------------------------

I have reset the reputation of your IP, but with this many reports flowing in, they may exceed all our thresholds and make your IP address spammy again.

The MailInABox config is default I didn’t change anything.

Microsoft is also blocking me on all there platforms (Live.ca, hotmail.com, outlook.com,etc…)

I have reported it to Digital Ocean and also like I said now the firewall is blocking port 25 and only my own server are configured to send the email.

So what are you are saying is quite possible that this IP assigned to someone else who did that. So I need the IP to be changed and that is what I thought too.

Maybe the other people were using this IP and then they lost it, but people still have those emails in there inbox and are reporting them as spam and now it falls all on me. Could that be possible?

I guess I will make it swap IP that will be the fastest way to get this resolved.

It could yes … I know that SpamCop will not accept reports for emails that are over 48 hours old, but I do not know what Cloudmark’s policies are.

Certainly the method with the least amount of time and effort expended. Though I would suggest running your new IP through this tool: http://multirbl.valli.org/dnsbl-lookup/

One thing that I noticed running that tool on your current IP is that one of the blacklists that your IP is a block against DO’s entire AS range - meaning against ALL DO IP’s. Perhaps it would be a good idea to use a better provider?

Thank you very much for your help, getting an IP that will not be black listed seems to be a challenge.
I don’t want to move to another provider as all my server are with DO.

So I will try to get de listed as much as I can and see how it goes.
I guess I will leave my server blocked so port 25 is not exposed and no one can use that new IP.

But as you said with them I might always be blocked somewhere.

Try a different data center … sometimes that helps tremendously with DO.

2 Likes

Thanks again great idea

I did a few trial of IP address and each time a re span a new droplet, and check if the IP is blocked they are actually more blocked then the one I already have.

So I will keep my current ip.

Something I don’t quite understand is why when I block the port 25, the incoming email are also blocked?
If I try to email from gmail to my box email they cannot be reached, if I unblock the port 25 then they start coming in again.

When trying to delist request with https://spfbl.net/en/delist while my port 25 is blocked I get this error message: The delist key can not be sent because the destination MX is unreachable.

Turns out that they now confirmed that the traffic was BEFORE 2020-07-22, this is the day we obtained the IP.
Now they said they are getting reports on Hold emails that were sent before that date and for that reason they are making our IP as spammy.

But at least once reported they clean the status pretty often which should clean that IP reputation.

I’m still confused what that port 25, it’s outgoing why does MX record resolve on that??

Because incoming emails all arrive on port 25.

I had the same problem with seemingly no resolution. Changing Datacenters/IP address resolved the issue. No problem since.