Messaging Gateway

We're not a BrightMail user, but one of our staff sent a legitimate, not-spam message today to several hundred recipients (at the same domain) at one of our business clients. Our client uses Symantec Brightmail AntiSpam Filter and has received bulk messages from us successfully in the past.

Immediately after our bulk message was sent out, none of our staff could send any subsequent messages to any individual recipient at the client's domain (we tried some test messages and then checked with their intended recipients by phone).

As you might expect, we received no errors or bounce-backs indicating that our message had been blocked, but our messages started getting through again later on. In subsequent email converations with our client's IT staff, they told us that our original bulk message was intercepted by BM, and it blocked any further messages from our domain to the client for about 1-1/2 hours. After that time, all email between ourselves and our client worked normally.

We checked our mail server's IP address at:

Symantec Business
IP Reputation Investigation
http://ipremoval.sms.symantec.com/lookup/

... and received the result "The IP address you submitted, xxx.xxx.xxx.xxx, does not have a negative reputation and therefore cannot be submitted for investigation", so we're apparently OK now. We also used the online blacklist utility (with clean results) at:

MX Toolbox - Blacklists
http://www.mxtoolbox.com/blacklists.aspx

We tried calling Symantec Enterprise Technical Support at https://support.broadcom.com for further information, but received no help since we're not a BrightMail subscriber. Being unfamiliar with BM's operation, we'd like to know:
 
1. What about our original bulk message might have triggered BM's filters to block our domain this time? Was it the initial volume of messages to the recipient's domain?

2. Why was BM's block lifted later on (without any feedback to them from ourselves or the client)?

3. What we can do to prevent this in the future? Is there a specific limit as to how many messages can be sent to a BM user at one time?

4. Who can we contact at Symantec for further information?

Any help is appreciated, thanks! 

Your client may be fiddling around with the spam settings or the Directory Harvest Attack of BG.
Ask them what policies did your bulk email violated by looking at the logs and have them fix that. Also, you may want to ask your client to add your domain to their whitelist.
And depending on the subject line, the spam filter might be triggered by keywords that could also be found in your subject title.

Try to send a message here to check your spam score, lower the better.

http://spamcheck.sitesell.com/

can you paste your spf records?

Hi,

The Symantec Brightmail products uses different technologies to block messages in addition to IP reputation.

In answer to your questions:

1. We obviously cannot share specific details of filters because we do not want spammers evading them. Sending a large volume of legitimate messages in itself would not cause messages to be blocked.

2. Without knowing what caused the block it is impossible to say.

3. The only way to 100% guarantee that your messages will be received by a particular company is to request that they whitelist the IP from which you send email (or domain, but this could be more easily spoofed exposing them to spam not really from your domain).

To make sure your recipient email addresses are legitimate, Symantec recommends the following general best practices:

 * Make sure your database does not contain older email addresses of those who do not want to receive your promotional or marketing email. Send confirmation emails to determine who should remain on your list and who to remove.
* Do not accept email addresses from third party marketers, unless you can assure that such email addresses are legitimate and that such subscribers want to receive your promotional or marketing email.
* If a subscriber no longer wants to receive your emails, provide a method by which a subscriber can opt-out. Promptly remove these opted-out email addresses from your list.
* Promptly remove from your email list emails that bounce back to you. This indicates that the recipient is no longer available.
* Use a double opt-in method to sign up subscribers. This will confirm that the subscriber did request your promotional and marketing email.
* Remove email addresses of those who do not open your email messages.
* Consider using a third party to manage and update the addresses on your email list.

Only messages identified as having a known threat verdict would be blocked by Symantec Brightmail products.

4. If the issue should occur again you would really be best off working with the recipient to find out why the message was blocked and if it was blocked by Symantec Brightmail product then what verdict did the message(s) have. If a legitimate message is being blocked by a spam verdict caused by a Symantec Brightmail product, they can work with Symantec support to report the message as a false positive.

Best regards,
Amanda

I think you have escalate your concern to the domain that your SBG ip is being block and considered a spam.They can set the SBG IP as valid mail host.

@shrinerp: have you already talked with you client regarding this?