DMARC reports blocked as virus

paella · September 22, 2020, 7:02pm

I have MXGuarddog in front of my domains, which is working fine. I also have setup DMARC p=reject for my domains. I now see two DMARC reports being stuck at the “Delivery Failures” tab, where the mxroute server (I guess) is blocking:

SMTP error from remote mail server after end of data: 550-This message contains a virus or other harmful content
550 (Sanesecurity.Foxhole.Mail_gz.UNOFFICIAL)

and the other

SMTP error from remote mail server after end of data: 550-This message contains a virus or other harmful content
550 (Sanesecurity.Jurlbl.f679d5.UNOFFICIAL)

While googling for it, I found this post:

Do you have any idea why this is and is it possible to resolve this?

Jarland · September 22, 2020, 7:02pm

That one should be whitelisted now.

This means the email includes a reference to a known phishing domain khobiza[.]xyz. Sample: https://brendinghat.com/2020/07/27/bitcoin-expert-try-it-there-is-nothing-to-lose/

That one I definitely don’t want to whitelist.

paella · September 22, 2020, 7:02pm

I understand and respect your position and decision.

paella · April 3, 2022, 6:43pm

I understand the reasoning. However, this could possibly be because of someone spoofing my domain, which I would like to know and which is why DMARC was invented more or less.

I only host a few private domains on MXRoute, but if I had business domains I would have need those reports too…

Jarland · December 19, 2021, 6:30am

I think both reasons are sound, but I think blocking known phishing campaigns will take the lead on this one. I’d say there’s less value in knowing that someone is spoofing who is already receiving abuse complaints than there is in protecting customers from known phishing campaigns. The former is significantly less likely to generate complaints from our customers than the latter, if I must choose between the two. That’s my take anyway.