cancel
Showing results for 
Search instead for 
Did you mean: 

Message rejected due to spam or virus on avasout07

robatworkuk
Dabbler
Posts: 20
Thanks: 4
Registered: 23-05-2017

Message rejected due to spam or virus on avasout07

Brief synopsis:

If I send an email without a URL embedded in it, it goes fine.

Identical email with certain URLs bounce back:

Your message couldn't be delivered and there was no valid enhanced status code being issued by the remote mail system to determine the exact cause, status: '552 EFK6fhGxzHyvzEFK7fHhkw message rejected due to spam or virus. If you believe this is in error please login to your portal or contact your ISP support team.'.
The following organization rejected your message: avasout07.

This happens identically with different destination email addresses. 

This is a very small email with no graphics

So then I tried a different URL (google.co.uk) and that one got through.

The link was a (safe) download link for teamviewer. Is that being detected and filtered as suspicious?

Then I tried a redirected (shortened) link - also failed.

My final test were emails to gmail and yahoo test accounts with just the teamviewer homepage. So far they haven't bounced nor have they got through to the recipients.

8 REPLIES
robatworkuk
Dabbler
Posts: 20
Thanks: 4
Registered: 23-05-2017

Re: Message rejected due to spam or virus on avasout07

The two messages with just the teamviewer homepage have got through now. I guess avasout07 is clever enough to know the link I sent was actually a link to an (innocent) executable.

Superuser
Superuser
Posts: 11,872
Thanks: 3,237
Fixes: 22
Registered: 22-08-2007

Re: Message rejected due to spam or virus on avasout07

robatworkuk
Dabbler
Posts: 20
Thanks: 4
Registered: 23-05-2017

Re: Message rejected due to spam or virus on avasout07

Hello Townman,

I'd rather not post the exact link as it's company confidential however it's very similar to:

https://get.teamviewer.com/nectarine

The shortened one is

https://bit.do/nectarine

robatworkuk
Dabbler
Posts: 20
Thanks: 4
Registered: 23-05-2017

Re: Message rejected due to spam or virus on avasout07

And for giggles I thought I'd send those links through to my gmail account.

The first one got through, but the bit.do one bounced

The following organization rejected your message: avasout03.

Weird as they both don't exist!

Something isn't right in the state of Denmark

 

Superuser
Superuser
Posts: 11,872
Thanks: 3,237
Fixes: 22
Registered: 22-08-2007

Re: Message rejected due to spam or virus on avasout07

I just ran a couple of test emails using both of those URLs.  The tests consisted of sending an otherwise empty email (other than sigs)...

  1. From an Outlook.com email account to a Plusnet account
  2. Forwarding the received email to a second Plusnet account

In the case of the URL https://bit.do/nectarine the email was successfully received by the Plusnet email account at step 1.  The attempt to forward it at step 2 failed.

 

In the hope that it assists @bobpullen or @Kelly here is the header from the undeliverable notification email (if something else is required, please ask).

From: "System Administrator"
Sender: "System Administrator"
To: <kevin@mydomain.me.uk>
Subject: Undeliverable: test
Date: Fri, 4 May 2018 20:17:35 +0100
Message-ID: <08cb01d3e3dc$90321d30$b0965790$@Domain>
MIME-Version: 1.0
Content-Type: application/ms-tnef;
 name="winmail.dat"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="winmail.dat"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQIPxGBH2sxGnCG0vqlxYBYZhpc4XQ==
X-MS-TNEF-Correlator: 00000000C5DBECB4DF41F041970549314BBD176B0700C3B68E10F77511CEB4CD00AA00BBB6E600000000000C0000CB6686C597231C47B18B821CC6B5F1D40000000004050000

Text from the email

552 EgD0flJqUHyvzEgD1fIJzp message rejected due to spam or virus.

Note that there is no attachment as suggested above.

 

Headers from the forwarded email sat in the Plusnet mail account sent folders (step 1 above)...

 

 

From: "MyAccount Admin" <MyAccount@mydomain.me.uk>
To: <kevin@mydomain.me.uk>
References: <HE1PR02MB13725FAF289B2207ACDD7409ED860@HE1PR02MB1372.eurprd02.prod.outlook.com>
In-Reply-To: <HE1PR02MB13725FAF289B2207ACDD7409ED860@HE1PR02MB1372.eurprd02.prod.outlook.com>
Subject: FW: test
Date: Fri, 4 May 2018 20:17:33 +0100
Message-ID: <08cc01d3e3dc$925cec70$b716c550$@mydomain.me.uk>
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="----=_NextPart_000_08CD_01D3E3E4.F4215470"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQK53nyntiMKSNApbtQ4zZTu/tRRpgH0ueVe
Content-Language: en-gb

 

Forwarded email content

My Signature

From: My Outlook Name <me@outlook.com> 
Sent: Friday, May 4, 2018 8:16 PM
To: MyAccount Admin <MyAccount@mydomain.me.uk>
Subject: test

https://bit.do/nectarine

 

Community Gaffer
Community Gaffer
Posts: 13,281
Thanks: 1,050
Fixes: 86
Registered: 04-04-2007

Re: Message rejected due to spam or virus on avasout07

https://bit.do/nectarine is seen as spam, it's valid and redirects to content that has been reported as such. I've not visited it personally, and would urge others not to either, unless they know pre-hand that it's safe.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

Superuser
Superuser
Posts: 11,872
Thanks: 3,237
Fixes: 22
Registered: 22-08-2007

Re: Message rejected due to spam or virus on avasout07

@bobpullen,

Thank you for the very prompt response confirming a valid SPAM rejection.

 

@robatworkuk,

If your "very similar" non bit.do URL is getting the SPAM reject, then it is not sufficiently similar to the one which works here.  If you are not able to disclose the URL in public (or send it to Bob via a PM - click his name) then I fear that there is little more which can be done to assist.  Without knowledge of the URL, it is not possible to review the SPAM filter performance.

robatworkuk
Dabbler
Posts: 20
Thanks: 4
Registered: 23-05-2017

Re: Message rejected due to spam or virus on avasout07


@bobpullen wrote:
https://bit.do/nectarine is seen as spam, it's valid and redirects to content that has been reported as such. I've not visited it personally, and would urge others not to either, unless they know pre-hand that it's safe.

 

Bob I pulled the word nectarine from thin air, and that link goes nowhere as it's made up (the real link is a bit.do one too).

Can you explain how it's valid and redirects to spam content as it just goes to a 404 page that has a link to click to bit.do's homepage. It's safe.