Rejected by filters, Matched map: SPAMMY_SUBJ

I guess we’re not using Slack anymore so here’s my question:
I know there are many reasons why an email bounces but in this case I have just one person on a list of 87 recipients whose email is a @comcast.net address that gets bounced even though there are many other comcast.net recipients on the list that do not bounce. The errors are:

If there’s a way to tell whether these hundreds of bounce messages are on Comcast’s side or Mxroute’s side, that could help.
The “Matched map: SPAMY_SUBJ” message seems to be on mxroute’s end, but hard to tell.
(Note the Subject line was: Announcement of the 2020 Annual Meeting Format)
The body of the email was only plain text: no images; no links; no HTML; just a few paragraphs of plain text.

I just don’t get this.
Any help appreciated.

I found the answer @rowan. It was what I originally suspected. Someone logged into the account in Crossbox (mail.mxlogin.com) and configured a blanket forwarder as a filter. So any inbound email is filtered, without condition, to the external address in question. So one email bounces, the bounce is received, the bounce is forwarded, which then bounces, and then is forwarded, rinse and repeat endlessly.

I deleted the filter. The customer should be advised to use forwarders in cPanel instead of sieve filters, sieve filters are far too literal for such a job.

Indeed that is an MXroute filter. In between the slashes are the subject strings that are part of that filter:

/Invalid HTTP_HOST header/g
/Fwd: for/g
/Internal Server Error/g
/Faggot American/g
/Mail delivery failed/g
/Automated certificate renewal/g
/You have been registered on porn/g
/Payment Swift/g
/BANK TRANSFER/g
/payment copy of/g
/Euro Payment Only/g
/Completed backup of Virtualmin/g
/Verify your Contact Information/g

The subjects in that list were determined to either be part of a trend relating to users with compromised email passwords, or that were found only and consistently sending undesirable emails that were destined for failure.

In this case I’d draw your attention to “Mail delivery failed.” It isn’t that we don’t deliver bounces, it’s that bounce emails which land at the inbound servers and are then sent back out for delivery tend to relate to a failure situation (and commonly a loop). The inbound servers shouldn’t be sending bounce emails, that’s why email leaving the inbound servers are filtered for it.

So in this case I’d question if or why you’re actively sending an email that needs to look like a bounce email. From my view it looks like you’re directly sending an email with the subject “Mail delivery failed: returning message to sender” and that isn’t normal behavior. Note in the bounced email it has a name that you blurred out to the left of the email address in the From field (it’s inside quotations). MTAs (exim, postfix, etc) generally don’t fill in names like that when they bounce an email because those names are configured in email clients and not in a server database (unless that database just happens to be for a server hosted email client). So I think we have an email client software actively sending bounce emails out, and that’s a bit confusing. I saw it once before when someone had set up a filter in Crossbox to forward emails without any conditions, which is too heavy handed and literal and ends up forwarding loops of bounce emails (just like this). If that sounds familiar, you should adjust that filter to have conditions (or use a regular forwarder set in cPanel).

If it’s not something you’re actively doing or the result of a client-side filter you’ve set (Crossbox being considered client-side due to how it functions), I don’t think it’s a scenario I’ve encountered before. You can reach out to me at chat.mxroute.com if this reply hasn’t helped, it may be a relatively invasive task for me to troubleshoot deeper. I’ll likely need full access to the email account and inbox to personally test in order to gain any more insights.

You should have received one from Comcast and then some piece of software attempted to forward that bounce error, which bounced due to our filter, which forwarded again, then again bounced due to our filter. The question is, what software is attempting to forward the bounce error? Whatever software is doing that is doing so with far too heavy of a hand, forwarding bounces to the address they bounced at is destined to cause a loop.

We’d also have to reference the first bounce error to find out the one that triggered the first event.

That’s a lot to digest. No, I’m not sending an email with the subject line “Mail delivery failed…” at least, not intentionally. But it certainly seems to be a loop, given the 117 bounced email notifications.

As I tried to explain, this one, single email address was the only one responding this way from a list of 87 emails, many of which were also comcast.net addresses. (I use a bulk mailer called SerialMailer for the Mac that has always worked well and I set the rate to be a very slow 10 emails, wait 1 minutes, then another 10 emails, so I’m not tripping some rule.)

The person (whose name is blanked out) told me after I posted my question that an earlier email I’d sent ended up in spam, so she whitelisted the email I was sending from…then this happened. So, seems to be the biggest variable.

I really don’t know what to do, so thanks for the reply. I guess I’ll just see if it happens again.

I would truly love to know what kind of action I can take to address this issue because out of the clear blue, in the past hour, I have receive over 30,000 email bounce backs from either MXroute or from comcast (I can’t tell which, it seems to be MXroute) with the exact same text as I showed in my original post. Thirty thousand emails is really distressing and upsetting, so I would really love to get some help.

I have the person who’s email this belongs to calling comcast, so perhaps she can find out from them if it’s a problem on their end. Otherwise, all concrete suggestions (actions that I, as a user, can take), would be great.

Whoops, I think I did that. I was trying to autoforward emails to this person (she on the board of directors so needed to see emails sent to the official address) so I put in that forwarding rule.

I still don’t understand why the email is bouncing but glad you deleted the filter…whew!

OK, note to self: use cPanel. Thanks for fixing it.