Email Issues

SENDING	Actions	Step/Check	Details/Instructions	Expected Outcome	Common Errors	Next Steps	Additional Help article and confluence
	What to check	Check MX Records	Use a DNS lookup tool to verify MX records for the domain	MX records should point to our Email server	"No MX records found"	Update DNS records if incorrect	https://www.bluehost.com/help/article/dns-management-how-to-modify-mx-records
		Check TXT Records	Verify SPF, DKIM and DMARC records in the DNS settings	SPF, DKIM and DMARC records should be valid	"SPF failure"	Update TXT records if invalid	https://www.bluehost.com/help/article/dns-spf
	What to ask/probe	Identify Email Client/Webmail	Ask the customer if they are using a webmail or email client	Confirm the type of email access		Adjust troubleshooting based on the type
		Check for Errors in Email Client	Ask if they receive errors only when using the email client	Specific error messages received	"Authentication failed"	Follow up with specific error resolution
		Test Sending Without Attachments	Instruct customer to send an email without attachments	Email sends successfully	"Message too large"	If successful, check attachment sizes	https://www.bluehost.com/help/article/email-deliverability-problems
		Request Bounce Back Message	Ask for any bounce-back messages received	Message provides clues to the issue	User not found, AUP error, message could not be delevered	Investigate based on bounce-back message, provided confluence to check	https://confluence.newfold.com/pages/viewpage.action?pageId=253866901#253866901ac41c2d052074d75b38f23c733a07f10
	What you will do	Commands which you need to run	EC command ec [-h # of hours]	This will show the email sent for last 24-72 hours so that we can make out whether the customer is sending bulk emails and any emails are on queue	You will see queued emails if there was bulk emails sent	If there is no queue or customer has not sent bulk emails, send test email from your end see if you can replicate
			loggrep command loggrep exim	When debugging an email issue, the loggrep command helps you quickly search through email server logs for specific errors or messages. You can find out what went wrong by looking for keywords like "error" or checking the status of specific email addresses. This makes it easier to identify and fix the problem faster.	Authentication Errors: Messages indicating failed login attempts or invalid credentials (e.g., "Authentication failed"). Delivery Failures: Logs showing that emails could not be delivered, often with messages like "Mailbox unavailable" or "User not found." Connection Timeouts: Errors indicating that the server could not connect to the recipient's mail server (e.g., "Connection timed out"). Spam Rejections:Entries indicating that emails were rejected due to spam filters (e.g., "Message rejected as spam"). Quota Exceeded: Messages indicating that a user's mailbox is full and cannot accept new emails (e.g., "Quota exceeded"). Protocol Errors:Errors related to SMTP or IMAP/POP3 protocol issues (e.g., "Protocol error" or "Unexpected response"). DNS Resolution Issues: Errors indicating that the server could not resolve the recipient's domain (e.g., "DNS lookup failed"). Configuration Errors: Messages indicating misconfigurations in the email server settings (e.g., "Invalid configuration").		Check the Splunk tool : https://eig.reporting.a.cloudfilter.net/en-US/app/launcher/home see if the emails are blocked due to spam or virus and suggest accordingly reach out to your team manager depending on the result
RECEIVING	Actions	Step/Check	Details/Instructions	Expected Outcome	Common Errors	Next Steps	Additional Help article and confluence
	What to check	Check Routing	Verify the email routing settings for the domain	Routing settings should direct emails correctly	"Email not routed"	Correct routing settings if needed	can run the command to check current routing : rldomcheck domain.com IP can run this command to change the routing: dtoggle domain.com IP
		Check A Record for Mail Domain	Use a DNS lookup tool to verify the A record for the mail server	A record should point to the correct IP address	"No A record found"	Update DNS records if incorrect	mail.domain A record should point to Account IP
		Check MX Records	Verify MX records for the domain	MX records should be valid and pointing to the correct server	"No MX records found"	Update MX records if necessary
	What to ask/probe	Identify Affected Users	Ask the customer if they are not receiving emails from all users or specific ones	Clarify the scope of the issue		Troubleshoot based on affected users
		Request Email Headers	Ask for the email header from the sender for analysis	Headers provide information about delivery		Analyze headers for issues
		Check Spam/Junk Folder	Instruct the customer to check their spam or junk folder	Emails should not be in spam/junk	"Emails found in spam"	Whitelist sender's email address	Can whitelist in cpanel/Email filters or update the threshold score
		Verify Email Client Settings	Confirm that the email client settings are correct	Settings should match the email provider	"Configuration error"	Update client settings if necessary
		Check Firewall/Antivirus Settings	Ensure that firewall or antivirus settings are not blocking emails	Emails should be received without issues	"Blocked by firewall"	Adjust firewall/antivirus settings
	What you will do	Review Email Quota	Check if the mailbox is full or if there are any quota issues	Mailbox should have available space	"Mailbox full"	Clear space or increase quota
		Check for Domain Blacklisting	Use online tools to check if the domain is blacklisted	Domain should not be blacklisted	"Domain blacklisted"	Follow procedures to delist the domain	https://confluence.newfold.com/display/BHCS/Email+Troubleshooting%3A+Receiving+Issues

1	Please confirm the email address with which you are experiencing the issue.
2	Are you unable to send or receive emails?
3	Are you experiencing issues sending emails from a specific email address or from all the email addresses in your account?
4	Since when are you experiencing this issue?
5	Are you receiving a bounceback message when you send an email?
6	Please help me with the bounceback message you are receiving.
7	Do you use Webmail or email clients to send/receive emails?
8	What app or client are you currently using for your email (Apple Mail, Thunderbird, Roundcube, Outlook, etc)
9	Did you make any changes to your email configuration recently?
10	Have you sent bulk emails recently?
11	Have you made any changes to the DNS records recently?
12	When was the last time your email was working properly?
13	Can you please confirm the email configuration setting you are using?
14	May I know what are the incoming and outgoing servers you are using?
15	Is the sender receiving a bounceback message when sending an email to your email address?
16	Are you not receiving emails to a specific email address or to all the email addresses in your account?

Fix mail folder permissions to default	mailperm
Check the current outbound limit set for the account	cat /var/cpanel/users/cpanelusername
Enables iPhone pushmail w/z-push	pushmail
Check if an ip is on the exim blacklist	checkblacklist
List email accounts / Quota / Email sent	ec
Search the logs	logtail [search keyword]
	loggrep
To check the local IP blacklist in RBL	rblcheck
To whitelist the IP address	wprbl whitelist [server]
To check the current router setup	rldomcheck [server]
To toggle the routing option from local to remote and vice versa	dtoggle
This command will most commonly be used with VPS/Dedicated hosting packages to ensure all services are running properly.	status
To fix the shadow file	mail_shadow
DKIM Generator	Shared hosting>> dj and command >>> uapi EmailAuth enable_dkim domain=domain.com VPS>>> Terminal>> run this command >> read -p "Enter the domain name: " DIN && DOMAIN="${DIN:?Need to set DOMAIN}" && openssl genrsa -out /var/cpanel/domain_keys/private/${DOMAIN} 1024 && openssl rsa -in /var/cpanel/domain_keys/private/${DOMAIN} -pubout -out /var/cpanel/domain_keys/public/${DOMAIN}&& echo "Add the following DKIM txt record: " && echo "default._domainkey IN TXT \"v=DKIM1; k=rsa; p="$(awk '$0 !~ / KEY/{printf $0 }' /var/cpanel/domain_keys/public/${DOMAIN} )\"
Check the email account list and the size of the email account	emailcheck

DNS	Brand	Records	Key Comments	Reference
MX	BlueHost/JustHost/Hostmonster/FastDomains	mail.domain.com or domain.com	domain.com if the mail A record for the domain is pointing to the account IP	https://www.bluehost.com/help/article/dns-management-how-to-modify-mx-records
	Titan Emails	mx1.titan.email mx2.titan.email	mx1.titan.email Priority: 10 TTL (Time to Live): 4 hours	https://confluence.newfold.com/display/BHCS/Bluehost+-+Titan+Email+-+How+to+Set+up+MX+and+TXT+Records
	Professional Email	mx001.bluehost.xion.oxcs.net mx002.bluehost.xion.oxcs.net mx003.bluehost.xion.oxcs.net mx004.bluehost.xion.oxcs.net	CNAME to be added: pop.bluehost.xion.oxcs.net imap.bluehost.xion.oxcs.net smtp.bluehost.xion.oxcs.net	https://www.bluehost.com/help/article/how-to-manage-cloud-mail-dns
	Google Workspace	@ ASPMX.L.GOOGLE.COM 1 @ ALT1.ASPMX.L.GOOGLE.COM 5 @ ALT2.ASPMX.L.GOOGLE.COM 5 @ ALT3.ASPMX.L.GOOGLE.COM 10 @ ALT4.ASPMX.L.GOOGLE.COM 10	This MX record is needed to be updated to the Google workspace purchased before 2023	https://confluence.newfold.com/display/BHCS/Google+Workspace
		@ SMTP.GOOGLE.COM	This MX record should be updated to the Google workspace purchased after 2023
	MS O365 - Outlook	domain-com.mail.protection.outlook.com	The domain name should be changed and there will be changes with the dot(.) to dash(-) with the domain name	https://learn.microsoft.com/en-us/microsoft-365/admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider?view=o365-worldwide
SPF	BlueHost/JustHost/Hostmonster/FastDomains	WordPress/Shared Hosting: v=spf1 a mx include:websitewelcome.com ~all VPS/Dedicated Hosting: v=spf1 +a +mx +ip4:162.240.171.79 ~all	Default SPF records should be used in Shared Hosting accounts. Please replace the IP address.	https://www.bluehost.com/help/article/dns-spf https://www.bluehost.com/help/article/spf-records-vps-dedicated
	Titan Emails	v=spf1 include:spf.titan.email ~all	Correct TXT record for Titan	https://confluence.newfold.com/display/BHCS/Bluehost+-+Titan+Email+-+How+to+Set+up+MX+and+TXT+Records
	Professional Email	v=spf1 include:spf.cloudus.oxcs.net ~all	Cooreect SPF record for Professional Email	https://www.bluehost.com/help/article/how-to-manage-cloud-mail-dns
	Google Workspace	v=spf1 include:_spf.google.com ~all	Correct TXT record for Google Workspace	https://support.google.com/a/answer/33786?hl=en
	MS O365 - Outlook	v=spf1 include:spf.protection.outlook.com -all	Correct TXT record for MS O365	https://learn.microsoft.com/en-us/microsoft-365/admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider?view=o365-worldwide
DKIM	How to check DKIM records	https://mxtoolbox.com/dkim.aspx	Add the Domain Name and use the Selector as Default
	How to generate DKIM	https://easydmarc.com/tools/dkim-record-generator	Add the Domain Name and use the Selector as Default and can use the Key Length as 1024
DMARC	How to check DMARCrecords	https://mxtoolbox.com/dmarc.aspx	Can be easily checked for domain name
	How to generate DMARC	https://mxtoolbox.com/DMARCRecordGenerator.aspx	Add the domain name and required options if needed

cPanel Email	Secure SSL/TLS Settings (Recommended)	Username: Your email address: john@example.com Password: The password for that email account. Incoming Server: example.com* or box####.brand.tld Incoming Port: 993 (IMAP) or 995 (POP3) Outgoing Server: example.com* or box####.brand.tld Outgoing Port: 465 (SMTP) Authentication: Password	example.com should be replaced by domain name, box#### should be replaced by box number and brand.tld should	https://www.bluehost.com/help/article/email-application-setup
	Standard (without SSL/TLS) Settings	Username: Your email address: john@example.com Password: The password for that email account. Incoming Server: mail.example.com* or box####.brand.tld Incoming Port: 143 (IMAP) or 110 (POP3) Outgoing Server: mail.example.com* or box####.brand.tld Outgoing Port: 25 (SMTP) Authentication: Password	example.com should be replaced by domain name, box#### should be replaced by box number and brand.tld should
Titan emails	Advanced Setting(IMAP)	Incoming server (IMAP): imap.titan.email Port: 993 Outgoing server (SMTP): smtp.titan.email Port: 465 Username for both IMAP and SMTP: Your full Professional Email address (e.g., [email address removed]) Encryption Method :SSL/TLS	Important: Double-check for any typos and ensure there are no extra spaces before or after the information you enter.	https://confluence.newfold.com/display/BHCS/Bluehost+-+Titan+Email+-+How+to+Configure+Email+in+Outlook#pop
	Advanced Setting(POP)	Incoming server (IMAP): pop.titan.email Port: 995 Outgoing server (SMTP): smtp.titan.email Port: 465 Username for both IMAP and SMTP: Your full Professional Email address (e.g., [email address removed]) Encryption Method :SSL/TLS	IMAP for ongoing synchronization: This option keeps your emails constantly in sync between your devices and Outlook. POP for basic access: This option downloads your emails to your computer, but they won't be deleted from the server unless you configure additional settings.
Professional emails	Advanced Setting(IMAP)	Incoming server (IMAP): imap.oxcs.bluehost.com Port: 993 Outgoing server (SMTP): smtp.oxcs.bluehost.com Port: 465 Username for both IMAP and SMTP: Your full Professional Email address (e.g., [email address removed]) Encryption Method :SSL/TLS	Important: Double-check for any typos and ensure there are no extra spaces before or after the information you enter.	https://www.bluehost.com/help/article/ox-email-application-setup
	Advanced Setting(POP)	Incoming server (IMAP): pop.oxcs.bluehost.com Port: 995 Outgoing server (SMTP): smtp.oxcs.bluehost.com Port: 465 Username for both IMAP and SMTP: Your full Professional Email address (e.g., [email address removed]) Encryption Method :SSL/TLS	IMAP for ongoing synchronization: This option keeps your emails constantly in sync between your devices and Outlook. POP for basic access: This option downloads your emails to your computer, but they won't be deleted from the server unless you configure additional settings.

Type of Bounceback	Bounceback Message	Reason/Meaning	Unnamed: 3	Resolution
Quota/Limit Related Bounceback Message (Incoming)	SMTP 421 (Server Temporarily Not Available)	Temporary fail because our mail queue is too full.		Try sending the email at a later time.
	SMTP 550 ("fromemail" max messages per session)	Too much mail was sent at once. Email limits exceeded.		Try sending the email at a later time.
Receiver Account-Related Bounceback Message (Incoming)	SMTP 452 ("toemail" requested action aborted: try again later - GL/GL)	Temporary failure. The account is using greylisting and will be accepted when the delivery is retried.		Retry sending the email as the account is using greylisting.
	SMTP 550 ("fromemail" sender rejected)	Email address isn't properly formatted (has no @domain).		Make sure you enter the correct email address. It should be properly formatted.
	SMTP 550 ("toemail" recipient rejected GL/BL)	Permanent failure. The sender is blacklisted at the user level (the customer blacklisted them).		Try to contact the receiver by other means. Your email address could have been blacklisted by accident.
	SMTP 550 ("toemail" recipient rejected)	The "To" mailbox doesn't exist.		Remove the invalid email address from the email.
\n	SMTP 421 (Temporary Rejection. Reverse DNS for "IP" failed)	SMTP Temporary rejection - Couldn't identify the PTR record.		Verify if the sending IP Address has reverse DNS Set up before resending an email.
Content-Related Bounceback Message (Incoming)
	SMTP 552 (Remote MTA $ip: A URL contained in this message is blacklisted by Spamhaus DBL. See http://www.spamhaus.org/dbl)	A URL in the body is blacklisted.		Removed the URL from the body of the email and sent it again.
	SMTP 552 (virus-infected message rejected)	Cloudmark detected the message as having a virus.		Put an option to opt-out in your email messages. Check the sending lists to ensure the correct recipients. If the message was flagged erroneously, save a copy of the original email and report it to us.
	SMTP 552 (virus-infected message rejected)	Sender attached something a file format that our server does not allow (.bat .btm .cmd .com .cpl .dll .exe .lnk .msi .pif .prf .reg .scr .vbs).		Put an option to opt-out in your email messages. Check the sending lists to ensure the correct recipients. If the message was flagged erroneously, save a copy of the original email and report it to us.
	SMTP 554 (Connection refused - "IP")	This is rejected for spam based on CSI.		Check Cloudmark Sender Intelligence (CSI) to see the current reputation of the sending IP Address.
	SMTP 554 (Connection Rejected. Reverse DNS for "IP" does not exist)	Permanent rejection. They don't have a PTR record.		The incoming server perceives that your email is spam or that your IP has been blacklisted.
	550 Mailbox is full / Blocks limit exceeded / Inode limit exceeded	Mailbox full, email quota exceeded, inode limit exceeded, emails sent beyond the shared server limit		Need to cross-check mailbox size, inode usage, ec results (EIGSSH command) to clarify the number of emails sent from the account is within shared server limits, valid SPF TXT set for the domain
\n	Reject connection SMTP 554 (rejected for policy reasons)	Was blacklisted or detected as most likely being spam. The recipient server has doubts about the sender’s authenticity or the sender’s message.		Review and check if the IP address is listed on the Spamhaus Policy Block List.
Common Outgoing Bounceback Message	Reject SMTP 550 ($toemail recipient rejected - ERR016)	The recipient is blocked for spam, blacklist, and email limit purposes.		Contact the sender to check the server logs on their end to know the exact reason for the rejection of the email. Additionally, it is advisable to whitelist your email address on the recipient's end and our mail server hostname in their spam filter. Apart from this, it is necessary to resend the email and check if it gets delivered.
	SMTP 452 ("fromemail" sender rejected. Too many messages for this connection ERR034)	Too much mail was sent at once. Email limits exceeded.		Have them try sending the email at a later time.
	SMTP 550 ("fromemail" sender rejected - ERR082)	The sender is blocked for spam, blacklist, and email limit purposes.		Contact the sender to check the server logs on their end to know the exact reason for the rejection of the email. Additionally, it is advisable to whitelist your email address on the recipient's end and our mail server hostname in their spam filter. Apart from this, it is necessary to resend the email and check if it gets delivered.
	SMTP 550 ("fromemail" sender rejected - ERR081)	Domain is blacklisted.		This is most probably because the receiver blocks your domain which results in the email not going through. Suggest getting the domain name whitelisted at the receiver's end.
	SMTP 550 ("fromemail" suspect invalid mailer domain, please check your DNS records - ERR006)	The 'From' email is sent as an IP address.		Validate your existing DNS Records. This could be an issue with misconfiguration of DNS, an SPF or DKIM Record not allowing the emails to be received, or blacklisting of the email address/domain. Make sure that all records are up to date. And try to whitelist the email and try again.
	SMTP 550 ("fromemail" Suspect invalid mailer domain, please check your DNS records - ERR007)	No A or MX records.		Validate your existing DNS Records. This could be an issue with misconfiguration of DNS, an SPF or DKIM Record not allowing the emails to be received, or blacklisting of the email address/domain. Make sure that all records are up to date. And try to whitelist the email and try again.
	SMTP 550 ("fromemail" Suspect invalid mailer domain, please check your DNS records - ERR008)	If DNS check fails.		Validate your existing DNS Records. This could be an issue with misconfiguration of DNS, an SPF or DKIM Record not allowing the emails to be received, or blacklisting of the email address/domain. Make sure that all records are up to date. And try to whitelist the email and try again.
	SMTP 550 ("fromemail" Suspect invalid mailer domain, please check your DNS records - ERR009)	Invalid A or MX record.		Validate your existing DNS Records. This could be an issue with misconfiguration of DNS, an SPF or DKIM Record not allowing the emails to be received, or blacklisting of the email address/domain. Make sure that all records are up to date. And try to whitelist the email and try again.
	SMTP 550 ($toemail recipient is invalid - ERR010)	The 'To' email is an IP address.		Confirm the email address with the cx and ask to verify the spelling of it. Suggest him to retry sending.
	SMTP 550 ($toemail recipient is invalid - ERR011)	Recipient DNS check fails.		Validate your existing DNS Records. This could be an issue with misconfiguration of DNS, an SPF or DKIM Record not allowing the emails to be received, or blacklisting of the email address/domain. Make sure that all records are up to date. And try to whitelist the email and try again.
	SMTP 550 ($toemail recipient is invalid - ERR013)	The recipient domain is not FQDN.		Confirm the email address with the cx and ask to verify the spelling of it. Suggest him to retry sending.
	SMTP 550 ($toemail recipient is invalid - ERR014)	The email recipient is not a valid email address/domain.		Try sending the email at a later time.
	Error 550: You have reached the maximum number of messages per session.	The IP address has reached the maximum allowed messages for that particular session.		Try sending the email at a later time.
	Reported error: 550 The Domain Name System (DNS) reported that the recipient's domain does not exist	The recipient's domain does not exist		Validate your existing DNS Records. This could be an issue with misconfiguration of DNS, an SPF or DKIM Record not allowing the emails to be received, or blacklisting of the email address/domain. Make sure that all records are up to date. And try to whitelist the email and try again.
		The recipient has no MX records
		The recipient has no A record for the mail server
	SPF Permanent Error: Too many DNS lookups 550-5.5.2 There is a fatal syntax error in the SPF record	Invalid SPF set under TXT record		Correct the SPF record depending on the Bluerock or legacy platform by referring to the hosting live article
	550 Mailbox is full / Blocks limit exceeded / Inode limit exceeded	Mailbox full, email quota exceeded, inode limit exceeded, emails sent beyond the shared server limit		Need to cross-check mailbox size, inode usage, ec results (EIGSSH command) to clarify the number of emails sent from the account are within shared server limits, valid SPF TXT set for the domain
	UCE ( Unsolicited Commercial Email ) strictly prohibited	The recipient is sending unsolicited emails to any person, or persons the sender does not know or have prior explicit consent to send the message(s) to.

Error Code	Bounceback example/Logs	What to tell customer	Resolution	Escalation needed Y/N
AUP#IPBL00001	554 eig-obgw-6011a.ext.cloudfilter.net cmsmtp Connection Rejected - see http://www.spamhaus.org/query/ip/69.49.247.43 AUP#IPBL00001	In order to resolve this issue, you will need to contact your Internet Service Provider (ISP) and have them either whitelist your IP address.	The customer's public IP address is blacklisted. You can identify the reason by accessing the link specified in the email log. It will help you to understand the reason. 1. The customer should fix the malware or spamming issue from the IP and place a delist request 2. Use a different public IP address 3. This happens when the customer is sending the emails from email clients like Outlook. So, the customer can use Webmail to send the emails.	No
AUP#CDRBL	2023-05-12 00:55:38 1pxKoV-0003xj-1y ** mailhostingserver@gmail.com R=dkim_lookuphost T=dkim_remote_smtp H=gmail-smtp-in.l.google.com [64.233.177.26] X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no: SMTP error from remote mail server after MAIL FROM: SIZE=1638: 550 xKoapfSZn00XrxKobp107n - sender rejected AUP#CDRBL	On checking the emails logs, we could see that spam emails are sent from your domain. *Share the exim logs to justify that spam emails are sent from his account* *Share from which account the spam emails are sent* Kindly fix the spamming by following the steps given below. * Change the email password * Use SMTP authentication in your email scripts * Ensure you are using the latest version of themes/plugins/3rd party applications * Audit the email scripts	Check ec for spamming or bulk emails, check splunk reason=spam, initiate scan This issue occurs when the email has been flagged as spam by the filtering system. Kindly check if the customer is sending spam emails. If the email is legitimate & he is not sending spam emails, please contact Proofpoint support to reset as legit.	Yes
AUP#BL	2023-06-20 05:51:58 1qBY1k-00056p-2d <= test_admin@lafresca.in H=(server.digitalspoint.com) [::1]:55380 P=esmtpa A=dovecot_login:test_admin@lafresca.in S=603 id=a7afca269ccc338e09aca2581fe6291e@lafresca.in T="Test" for mailtestingserver@gmail.com 2023-06-20 05:51:59 1qBY1k-00056p-2d == mailtestingserver@gmail.com R=dkim_lookuphost T=dkim_remote_smtp defer (0) H=gmail-smtp-in.l.google.com [142.250.4.26]: SMTP error from remote mail server after initial connection: 554 eig-obgw-5002a.ext.cloudfilter.net cmsmtp 216.10.250.218 is listed on Cloudmark CSI-Global. Please visit:// https AUP#BL	Local IP is blacklisted: In order to resolve this issue, you will need to contact your Internet Service Provider (ISP) and have them either whitelist your IP address or move you to a dedicated IP.	To resolve this issue, Customer need to get the IP address delisted from https://csi.cloudmark.com/en/reset or get a dedicated IP from their ISP. Until the IP is delisted, the customer can send emails via Webmail	No
		Server IP address is blacklisted: We've escalated this to our spam filter partner. We shall update you once we get more details	Contact SRT or T2 * Check whether spamming/mass mailing is happening from this server/IP * Identify the spammers and suspend them using Abusetool. Share the details (all email logs) with the Abuse Mitigation team to take action against the spammers * Once the email service of the spammers is suspended, place the delist request from https://csi.cloudmark.com/en/reset\n	Yes
AUP#SNDR	2023-07-29 13:32:35 1qPeuJ-004Cdc-2l Sender identification U=thomsos9 D=thomsonreutersjournalsdatabaseineyhe.com S=test_admin@thomsonreutersjournalsdatabaseineyhe.com 2023-07-29 13:32:44 1qPeuJ-004Cdc-2l ** mailtestingserver@gmail.com F= R=dkim_lookuphostHG T=dkim_remote_smtp H=eig-west.smtp.a.cloudfilter.net [34.217.196.71] I=[162.241.123.119] X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=yes DN="/C=US/ST=California/O=Proofpoint, Inc./CN=*.smtp.a.cloudfilter.net": SMTP error from remote mail server after end of data: 550 PeuJqICjhDw91PeuKqNb4X - message rejected AUP#SNDR	Kindly fix the spamming by following the steps given below. * Change the email password * Use SMTP authentication in your email scripts * Ensure you are using the latest version of themes/plugins/3rd party applications * Audit the email scripts	Check ec for spamming or bulk emails, check splunk reason=spam, initiate scan This issue occurs when the email has been flagged as spam by the filtering system. Kindly check if the customer is sending spam emails. If the email is legitimate & he is not sending spam emails, please contact Proofpoint support to reset as legit.	Yes
AUP#MXRT	2022-08-21 04:57:03 1oPKTL-00046F-SM Sender identification U=klxnghss D=nghss.eduklix.com S=noreply@nghss.eduklix.com 2022-08-21 04:57:06 1oPKWM-0004YE-LV H=alt4.gmail-smtp-in.l.google.com [64.233.171.26]: SMTP error from remote mail server after MAIL FROM: SIZE=20113954: 421 server temporarily unavailable. AUP#MXRT	We've escalated this to our spam filter partner. We shall update you once we get more details	Check ec for spamming or bulk emails, check splunk reason=spam, initiate scan This issue occurs when the email has been flagged as spam by the filtering system. Kindly check if the customer is sending spam emails. If the email is legitimate & he is not sending spam emails, please contact Proofpoint support to reset as legit.	Yes
AUP#DNS	2023-05-06 21:07:46 1nn01X-0004pK-KM ** mailhostingserver@gmail.com R=lookuphost T=remote_smtp H=gmail-smtp-in.l.google.com [172.253.118.26] X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no: SMTP error from remote mail server after MAIL FROM: SIZE=1489: 550 sender rejected. AUP#DNS	Please add the following details and allow 24-48 hours for the changes to complete the propagation. *Specify the MX, SPF records to be used*	This issue occurs because of Sender domain/hostname is not resolving. Make sure domain is properly resolving. Hostname is resolving to server IP and PTR has been configured.	No
AUP#CNCT	2023-02-20 13:07:52 1pU0ju-0007o3-0F H=alt4.gmail-smtp-in.l.google.com [64.233.171.27]: SMTP error from remote mail server after initial connection: 421 eig-obgw-5009a.ext.cloudfilter.net cmsmtp U0k9pUqHpVU6V - too many sessions from 103.211.218.93 AUP#CNCT	We've escalated this to our server admins. We shall update you once we get more details	Contact SRT or T2	Yes
AUP#POL	2023-07-19 07:17:22 1qM5BI-0003TC-33 [74.125.136.27] SSL verify error: certificate name mismatch: DN="/C=US/ST=California/O=Proofpoint, Inc./CN=*.smtp.a.cloudfilter.net" H="gmail-smtp-in.l.google.com" 2023-07-19 07:17:24 1qM5BI-0003TC-33 ** australianassignmenthelp1@gmail.com R=dkim_lookuphost T=dkim_remote_smtp H=gmail-smtp-in.l.google.com [74.125.136.27] X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no: SMTP error from remote mail server after end of data: 550 message rejected AUP#POL	On checking the emails logs, we could see that spam emails are sent from your domain. *Share the exim logs to justify that spam emails are sent from his account* *Share from which account the spam emails are sent* Kindly fix the spamming by following the steps given below * Change the email password * Use SMTP authentication in your email scripts * Ensure you are using the latest version of themes/plugins/3rd party applications * Audit the email scripts	Contact SRT or T3	Yes

VOC ID	VOC Category	Status	VOC Summary
VOC-11833	Email	Open-Tracking	BH/HG Jarvis: Sent emails are rejected with bounce message rejected AUP#SNDR
VOC-12591	Account	Open-Active	HG-BH | cPanel Email link removed from Side Navigation Menu (INFO-278)
VOC-11489	Billing	Open-Tracking	Jarvis: Professional Email (OX Cloud) 3-month free trial
VOC-12914	Email	Open-Tracking	OXC - Bounce Backs For Emails That Customer Didnt Send
VOC-12863	Email	Open-Tracking	BH-HG | Customers needing to set MX records for cPanel Email
VOC-12655	Email	Open-Backlog	BH/HG Jarvis: SPF Record Showing Incorrect IP Address Under Email Deliverability.
VOC-11724	Email	Open-Tracking	BH/HG: Phishing Emails
VOC-11942	VPS/DEDI	Open-Active	HG-BH Jarvis: VPS/Dedi Cpanel Email Button in Account Manager Doesnt Work
VOC-10933	Email	Open-Tracking	OXC - Sending Latency
VOC-11986	Email	Open-Tracking	OX Cloud Email Delivery Issues
VOC-12608	Email	Open-Tracking	OX Cloud - Incorrect SPF Record Displayed In Storefront
VOC-11745	Hosting	Open-Tracking	Customers receiving invalid emails about disk space at full utilization
VOC-10979	Email	Open-Tracking	OXC Sending Issues - postmaster-oxsus.vadesecure.com/outbound_error_codes/#_202
VOC-12238	Email	Open-Tracking	HG-BH Email - Mailman users getting flagged by CloudMark for spam_ip_daily
VOC-8923	Email	Open-Tracking	Error Message - Wrong or missing login data 127.0.0.1
VOC-10039	Email	Open-Tracking	Unauthorized Email Forwarders (Email Forwarders Set Up, But Not By The Customer/Company)
VOC-11513	Email	Open-Tracking	Jarvis: Titan Pro on Bluehost for Free to Paid Email
VOC-10073	Email	Open-Active	BH Jarvis: Constant Contact dashboard inaccessible
VOC-10405	Email	Open-Tracking	OX Cloud Calendar Unable To Connect Through iPhone (IOS)
VOC-10496	Email	Open-Tracking	2024 Gmail-Yahoo New Email Authentication Requirements
VOC-10721	Email	Open-Tracking	Ability To Have More Than 4 Forwarders In OX Cloud
VOC-10764	Email	Open-Tracking	OX Cloud - Option To Recover Deleted Emails In Bulk (One Click)
VOC-10858	Email	Open-Tracking	OXC - Error: Server Unreachable
VOC-11359	Migrations	Open-Tracking	BH/HG | Improved User Experience for Pro Email/Site Migrations in AM
VOC-11871	Email	Open-Tracking	Jarvis: Domain is not eligible for Titan Pro Email Service
VOC-12016	Email	Open-Tracking	Known Issues: 10/9/2024 Google Workspace Launch
VOC-12662	Domains	Open-Tracking	.Name Email Forwarding
VOC-12917	Email	Open-Tracking	Jarvis: Google workspace - Alternate email may not be on account domain
VOC-13103	Email	Open-Tracking	BH Jarvis | OX Cloud: Unable to add users to existing subscription
VOC-8766	SSL/Security	Open-Tracking	Password reset/token emails are being flagged as spam with Hotmail/AOL/Yahoo
VOC-8841	Account	Open-Tracking	PEGA :: Emails going to Customers Spam Folder
VOC-9872	Account	Open-Tracking	BH Jarvis: Ability to resend Order Confirmation Email to updated address
VOC-9939	Hosting	Open-Backlog	BH Jarvis: cPanel Contact Email not set
VOC-10055	Email	Open-Tracking	BH Jarvis: Incorrect mailbox details on the Professional Plus upgrade screen
VOC-10064	Email	Open-Tracking	BH Jarvis: Pro or Pro+ Additional Storage 50 GB is not allocated to Emailboxes
VOC-10335	Billing	Open-Tracking	HG Jarvis: Customers Receiving Monthly Email Notifications About $0.00 Addons
VOC-10499	Account	Open-Tracking	Product/Addon setup email after order purchase
VOC-10950	Ownership	Open-Tracking	Clicking the initiate button does not update the email address after 24 hours (Manual Update)
VOC-10961	Hosting	Open-Tracking	Purchase Flow at BH doesnt throw an error when incorrect email address is entered
VOC-11017	Email	Open-Tracking	OXC - Error - The Provided Login Data To Access Mail Server Netsol-Imap-Oxcs-Hostingplatform.com
VOC-11032	Other	Open-Tracking	Pega: Email threads are not updating.
VOC-11271	Email	Open-Tracking	Request to include a notification about restricted usernames in the Professional email interface.
VOC-11318	Email	Open-Tracking	An Error Occurred Inside Server - When Using Custom Names That Include a Comma and Special Character
VOC-9872	Account	Open-Tracking	BH Jarvis: Ability to resend Order Confirmation Email to updated address
VOC-9939	Hosting	Open-Backlog	BH Jarvis: cPanel Contact Email not set
VOC-10055	Email	Open-Tracking	BH Jarvis: Incorrect mailbox details on the Professional Plus upgrade screen
VOC-10064	Email	Open-Tracking	BH Jarvis: Pro or Pro+ Additional Storage 50 GB is not allocated to Emailboxes
VOC-10335	Billing	Open-Tracking	HG Jarvis: Customers Receiving Monthly Email Notifications About $0.00 Addons
VOC-10499	Account	Open-Tracking	Product/Addon setup email after order purchase
VOC-10950	Ownership	Open-Tracking	Clicking the initiate button does not update the email address after 24 hours (Manual Update)
VOC-10961	Hosting	Open-Tracking	Purchase Flow at BH doesnt throw an error when incorrect email address is entered
VOC-11017	Email	Open-Tracking	OXC - Error - The Provided Login Data To Access Mail Server Netsol-Imap-Oxcs-Hostingplatform.com
VOC-11032	Other	Open-Tracking	Pega: Email threads are not updating.
VOC-11271	Email	Open-Tracking	Request to include a notification about restricted usernames in the Professional email interface.
VOC-11318	Email	Open-Tracking	An Error Occurred Inside Server - When Using Custom Names That Include a Comma and Special Character
VOC-11758	Email	Open-Tracking	BH Jarvis: Professional Email (OX Cloud) fulfillment issues
VOC-11945	Email	Open-Tracking	BH Jarvis - OX Cloud - No Option To Configure Professional Email
VOC-12160	Billing	Open-Tracking	The unsubscribe option is missing from marketing emails.
VOC-12330	Email	Open-Tracking	OXC - 407 Error On Sent Messages
VOC-12410	Account	Open-Tracking	Jarvis: AM - rename the Email & Office tab to Professional Email or Pro Email
VOC-12464	Email	Open-Tracking	OXC Cloud - Content Transfer Tool Request
VOC-12510	Email	Open-Tracking	BH Jarvis - OX Cloud Emails Not Properly Reactivating Post Renewal (After Deactivation)
VOC-12548	Email	Open-Tracking	BH - Webmail login from bluehost.com Loading Unsecured Warning
VOC-12592	Email	Open-Tracking	Unable To Create Email - Were Are Sorry, No DNS Hosting In This Account
VOC-12709	Email	Open-Tracking	Unable To Purchase OX Cloud Email In Account Manager (When No Emails Are Configured)

Blacklist Vendor	Will we delist?	Removal Information		Additional Information
Abuse.ro		Must send delisting from postmaster@domain.tld, which we cannot do. The customer will have to set up an email account and request delisting themselves.		Site:  https://abuse.ro. A Blacklist is rarely ever used.
Abusix		https://www.abusix.ai/		Username: delisting@websitewelcome.com\nPassword: Ke5rOafLeLs2hUtLugOt1eS
AHBL/Abusive Host Block List		http://www.ahbl.org/lktool		DEAD LIST
Anonmails		http://anonmails.de/dnsbl.php		Listings are automatically removed within 24 hours since the last spam was sent; however, you can request for an IP to get delisted sooner.
AOL		http://postmaster.aol.com/SupportRequest.php		DEAD LIST
Apple		See Proofpoint on how to delist. Cloudmark blacklist has also been used.		If you see 554 ${apple_server}.me.com ESMTP not accepting connections, then the server's IP address is blacklisted.
				Includes the following domains:
				icloud.com
				mac.com
				me.com
AT&T		Send an email to abuse_rbl@abuse-att.net with details about this block. They previously had a form we needed to fill out; however, it appears they have depreciated the delisting form.		If you email AT&T and do not hear back within 4 days/96 hours, email them again!
				Includes the following domains:
				Bellsouth
				Prodigy
				Pacbell
				AT&T
				https://flastnet.com/
				Some SBC Global and Bellsouth accounts (they are transitioning to Yahoo's mail network as of Sep 2012)
				Some Bell.ca accounts
				Filling out the form and emailing ensures that the IP address will be delisted -- failure to do both negatively affects our clients!
AT&T ISP/networkblackholes		Send an email to g20695@att.com directly or use ticket  https://gatordesk.hostgator.com:7778/#view_ticket/DJC-21179827		This is only to be used when there are Brobot-related or ISP-based black holes where they are blocking IP ranges. It is NOT for blacklist removal for email.
		Can also send an email to DC@att.net or 1-888-321-2375
BACKSCATTERER		http://www.backscatterer.org/?ip=IPADDRESS		In order to be listed, BACKSCATTERER will first spam an account to generate a bounce back; this is an unreliable and untrustworthy list, and they will block an IP for a single bounce. This list operates on the basis of blocking IPs in order to get users to pay to have them delisted. We do not suggest any user do this, ever. Blocks are automatically removed 4 weeks after the last spam email they receive.
				This company is also run by UCEPROTECT.
Barracuda/BBL		http://www.barracudacentral.org/lookups/ip-reputation		Removal typically takes ~5 minutes. Suppose Barracuda does not delist an IP after two (2) delisting requests; email intent@barracuda.com for escalation. Let Barracuda know that we have submitted multiple delisting requests with no change in status; they will usually delist within 24-48 hours after the email is sent. They work from Monday through Friday, 9 AM -5 PM PT.
BLAGGR/Emailsrvr.com		http://blaggregate.emailsrvr.com/		DEAD LIST
BROADCOM		https://knowledge.broadcom.com/external/article?legacyId=TECH246726		BROADCOM does not offer direct support to postmasters.
				mhaus
BT/British Telecom		Send email to abuse@eu.bt.net directly
Cablevision		Send an email to postmaster@cv.net and include the full bounce back received from the client.		Also includes the following ISPs:
				Optimum Online/optimum.net
				Including the full bounce is mandatory per their own instructions.
Calivent		http://dnsbl.calivent.com.pe/		The blacklist is in Spanish. Chrome will auto-translate for you. DEAD LIST
CBL (Spamhaus XBL)		http://check.spamhaus.org/ (requires reCAPTCHA)		You must complete any removal instructions before delisting, or this will be re-listed or prevent removal.
Charter		Charter uses Cloudmark to block mail. Refer to Cloudmark/CSI.
Cloudmark/CSI		http://csi.cloudmark.com/reset-request/		Proofpoint acquired Cloudmark in November 2017. The blacklists may consolidate.
Comcast/Xfinity		https://spa.xfinity.com/postmaster?faq=comcast-mail-errors		Error codes: https://spa.xfinity.com/postmaster?faq=comcast-mail-errors
		Check Cloudmark/CSI for delisting as well.
Cox		Send an email to unblock.request@cox.net Google Apps account.		Please send us the delisting request via email with the following details. More information can also be found on the page https://www.cox.com/residential/support/email-error-codes.html#contactus
				Necessary Information to be Included in the Email (List)
Cyren		https://www.cyren.com/		They do not have an exact removal method -- as it's just an appliance that can be configured in many ways. Status can be checked on the contact URL.
DNSBL Chile		http://www.dnsblchile.org/index.en.html		To delist, they request that they email postmaster@websitewelcome.com. postmaster@websitewelcome.com forwards to delisting@websitewelcome.com, so you will need to check delisting@websitewelcome.com for the confirmation email to delist.
Earthlink		Send email directly to blockedbyearthlink@abuse.earthlink.net		Email responses are automated, and you should receive a response immediately.
		The email subject must be "Blocked <$IP Address>."
FABELSOURCES / Fabel.dk		http://www.spamsources.fabel.dk/lookup		Requires logging in with a Gmail account to request removal, and due to the lack of legitimate use of this list plus needlessly complex removal requirements and changes, we do not remove from this list.
Fasthosts		http://antispam.fasthosts.co.uk/
Fortiguard Anti-spam		https://www.fortiguard.com/services/antispam		Also referred to as ASE/ASE reports.
GoDaddy/Secureserver		http://unblock.secureserver.net/?ip=IPADDRESS		If you see 552 IB212:
				This is a spam rejection that the customer has to send to support@godaddy.com.
Grandecom		Send an email to postmaster@grandecom.net directly.
Gremlin.com		\n		This list is broken. Gremlin is supposed to have a specific removal address in their voting zones, but when you look up an IP address, there is no such address. Therefore, it's broken and set up in violation of how it's reported to work on their own page.
Hostkarma		https://ipadmin.junkemailfilter.com/remove.php
Hostmonster		Send an email to tos@hostmonster.com directly.
Hotmail		Click Here		NOTE: When filling out the form, please only use the IP(s) blocked.  If you use an IP range, use the smallest range possible, e.g., 192.168.0.1/30.  Do not use large ranges like a /24; Hotmail is not going to mitigate such a large range.
				Use of these credentials by anyone other than a trained ISPBL admin or an Admin Supervisor is prohibited and may result in disciplinary action.
				Do not change the password, give this information to another non-trained employee, or provide access to anyone outside of the allowed Newfold user groups.
				You can check IP status by logging into our SNDS account:
				Email: cubecitytesting@hotmail.com\nPassword: WgamrWsH1bKgxzBk
				Includes the following domains:\t\t\n\tHotmail\t\n\tLive.com\t\nMSN\t\n\tOutlook\t\n\tAlso handles some *bell.net email accounts\t
IBM		https://exchange.xforce.ibmcloud.com		1. To delist, enter the IP at the top of the page and click on the magnifying glass.\t\n2. Click on the Suggest Edit button (in the upper right).\t\n3. Select Does Not Apply for the category Spam.\t\n4. Click Submit at the bottom to send your change request.\t
Interia Poczta		http://pomoc.poczta.interia.pl/antispam,ip, $IP		The only way to check if an IP is blacklisted is by using the format listed to the left by changing the $IP with the actual IP.
ivmSIP/Invaluement		http://www.invaluement.com/removal/		The list is not frequently used, and it's hell getting off this list.
Juno		Please refer to United Online, which owns Juno.
KISA		http://kisarbl.or.kr/english/e_removeIP.jsp		They only allow 10 IP look-ups a day and require a screenshot to be made of the IP shown as an IP on our server to get delisted.
Lashback		http://blacklist.lashback.com/		The ISPBL Department will no longer request removal from Lashback now that they have instituted a pay-per-removal policy. IPs can be removed once for free every 30 days, which makes removing gator# boxes, Website welcome boxes, and gateways almost impossible without incurring a fee. The decision to pay is dependent on managerial approval.
				Once you fill out the form, make sure to select Email Service Provider (ESP) from the drop-down box, and don't select any of the checkboxes.
LinuxMagic BMS		http://www.linuxmagic.com/products/bms/lookup		Almost every listing will be based on MIPSPACE, which itself is owned/operated by LinuxMagic. Please refer to the MIPSPACE section for more information.
Mailspike		https://mailspike.io/ip_verify		The list frequently breaks, so you may have to contact them using the contact form on their site.
Manitu/NiXSPAM		https://www.nixspam.net/?old_domain=true		\n
MAPS, Mail Abuse, Trend Micro RBL+		https://servicecentral.trendmicro.com/en-US/ers/		This list is very frequently used and a pain to remove.
				When you fill out the removal/info request form, make sure to select "ISP Abuse Desk" under Your Role and "Mail hosting service" under IP usage.
Microsoft Messaging		Please refer to Office365 for delisting		Bounces for Microsoft Messaging currently still mentions to email delist@messaging.microsoft.com or delist.forefront@messaging.microsoft.com directly; however, they have recently updated their delisting process to instead fill out the form at https://sender.office.com/ and are referring delisting requests emailed to use that form instead.
MIPSPACE		https://www.mipspace.com/		This list is owned/operated by LinuxMagic BMS.
				Removal of gateway IPs is very difficult because they require us to make a lot of WHOIS/IPWHOIS changes that we will not currently accommodate with our data center.
MXLogic		The customer must send an email directly to saas_falsepositives@mcafeesubmissions.com		MUST have a full bounce-back showing that MXLogic is blocking the email, and it must be recent (within the last 7 days of ticket creation), or they will not be able to offer much help.\n\nMXLogic only keeps backlogs for 7 days.
NetZero		Please refer to United Online, which owns NetZero.
NJABL		http://njabl.org/lookup.html		DEAD LIST
NoSolicitado		https://www.nosolicitado.org/		Bounce ID required
				Without the bounce ID, we cannot request delisting. You will get a message, "The Bounce ID does not match any of our records."
Office365		https://sender.office.com/
Outblaze		http://spamblock.outblaze.com/		DEAD LIST
PenTeleData		I need to email postmaster@ptd.net with a copy of the bounce with full headers.
Proofpoint		https://proofpointcommunities.force.com/community/s/		Login required for removal from Proofpoint; current login information can be found at the following URL: https://newfoldbin.corp.endurance.com/?60f1f5ea2fefb8b7#2TVCiWVsD4JcFpcgSN1PzjTRYgLfWtVVBESkQdjDYURS
PSBL		http://psbl.org/		Extremely reliable; we use this for our in-house RBL.
Rediff		Send an email to ipreputation@rediff-inc.com directly.
Registeredsite		http://emailadmin.registeredsite.com/
Scientific Spam		Send an email from delisting@websitewelcome.com to rocket.scientists@scientificspam.net requesting delisting.		They are going to want specific details before delisting the IP address. (Example of the reply: Discuss the specific customers by name and indicate the actions taken.)
Senderscore RTBL		https://senderscore.org/act/blocklist-remover/
SORBS		http://www.sorbs.net/lookup.shtml		Requires login for removal – contact a Security Supervisor or a Tier 4 Web Administrator for more information.
				Use the Get Help/Support button, and do not select the Get Delisted once you are logged in.
				Before submitting a removal request, check the most recent report date. SORBS requires 48 hours before submitting a removal request.
Spam RATS		http://www.spamrats.com/		This list is owned/operated by LinuxMagic BMS.
SpamCop		http://spamcop.net/bl.shtml		Extremely reliable list; listings get automatically delisted and shouldn't need to request delisting.
SpamHaus CSS		https://check.spamhaus.org/
SpamHaus SBL		Send an email to sbl-removals@Spamhaus.org directly using SBL ID from the SpamHaus report.		The subject of the email needs to be the actual SBL listing, which is generated on the SpamHaus listing page automatically.
SpamHaus XBL		Refer to the CBL list for instructions.
spamrl		https://spamrl.com/delist/		They blacklist IPs and domains. The delisting link only whitelists an IP address or a domain for 7 days. Recommended to request delisting from any blacklists on mxtoolbox to help prevent being blacklisted again.
Srntools/Korumail		https://tools.korumail.com/contact		https://tools.korumail.com/. Use the contact page to request delisting.
SWINOG		http://antispam.imp.ch/spamikaze/spamlisting.php?ipfirst=W.X.Y.Z
Telus		Email abuse@telus.com		Provide the full headers in an email to Telus. Subject can be anything (e.g., Blocked: 123.45.67.89).
Tiopan		http://www.tiopan.com/blacklist.php		Infrequently used and very tough to get removed from.
Truncate		This is a list with auto-delisting		Site: http://www.gbudb.com/truncate/truncateTidbits.jsp
UCEPROTECT		http://www.uceprotect.net/en/rblcheck.php?ipr=IPADDRESS		In order to be listed, UCEPROTECT will first spam an account to generate a bounce back. This is an unreliable and untrustworthy list. This list operates on the basis of blocking IPs in order to get users to pay to have it de-listed. We do not suggest any user do this.\t\n\n\t\nBlocks are automatically removed 1-2 weeks after the last spam email they receive.\t\t
United Online		Send an email to unblock@support.untd.com directly		Includes the following:\t\n\tJuno\n\tNetZero\n\tBlueLight
		or
		http://www.unitedonline.net/postmaster/blocked.html
USGO		A report from USGO Abuse will contain an automatically generated link to their site, which lets an administrator both acknowledge that we received the report and provide you with a full spam sample of what was reported.		NOTE: Do not acknowledge the report UNTIL you have completed your investigation and resolved the reported issue. USGO removes all samples after 24 hours after acknowledging receipt of the report.
Woody		e.g.,  http://m.usgoabuse.net/_AbuseAck?mJhcm1hY2tAdXNmYW1pbHkubmV0OjIwMTkwMzA0MTE1NDQ4MDAx		When working on these reports, copy all of the headers from USGO's report into the case you are creating for our customer.
		Expire Times: Bounces: 1 hour | Spam: 24 hours | DB Entry: 14 days
WPBL		http://www.wpbl.info/cgi-bin/detail.cgi		Easy removal but infrequently used. DEAD LIST
XMission		http://postmaster.xmission.com/senders/rbls.php?address=IPADDRESS		Many of the IPs are listed under legacy blocks, so you will have to email support@xmission.com to have them removed. If needed, you can provide a range of IPs. These blocks date back to 2009. If you are getting no response for a block, contact Brinton with XMission.
ZapBL		https://zapbl.net/lookup		Blocks automatically expire after 3 days but can get delisted sooner through the delisting form.

Bluehost - Titan Email - How to Import Google Workspace Emails to Titan Email	https://confluence.newfold.com/display/BHCS/Bluehost+-+Titan+Email+-+How+to+Import+Google+Workspace+Emails+to+Titan+Email
Email Spoofing	https://confluence.newfold.com/display/BHCS/Email+Spoofing
POP vs IMAP	https://confluence.newfold.com/display/BHCS/POP+vs+IMAP
Professional Email - Scope of Support	https://confluence.newfold.com/display/BHCS/Professional+Email+-+Scope+of+Support
Troubleshooting Emails Suddenly Disappearing	https://confluence.newfold.com/display/BHCS/Troubleshooting+Emails+Suddenly+Disappearing
Troubleshooting Missing Email Folders	https://confluence.newfold.com/display/BHCS/Troubleshooting+Missing+Email+Folders

Splunk tool details	https://confluence.newfold.com/display/BHCS/Email+-+Cloudmark#splunk
Splunk tool link	https://eig.reporting.a.cloudfilter.net/en-US/app/eig_porta/support_search_main_dev?
Login details	Username: HGFrontline-splunk@newfold.com\nPassword: TyKkFLh4AS
	Username: BHFrontline-splunk@newfold.com\nPassword: fSLtnQ3V3c
Reason Codes and Resolution	https://confluence.newfold.com/display/BHCS/Email+-+Cloudmark#codes
Reason Codes and Resolution

Codes	Issue	Troubleshooting	Resolution
Blocklist_hosting	The customer's hosting provider is blocklisting the customer's email.	1. Visit MXToolbox (https://mxtoolbox.com/) to check where the email is coming from. ​Click Blacklists and search for the domain name or IP address to confirm if the IP Address is being blacklisted.\n2. ​Have the customer try sending the message from another location. For example, if they attempted sending from their computer with Wi-Fi, try sending from their phone off Wi-Fi.	​To resolve the issue, advise the customer to contact their Internet Service Provider (ISP) and have them either delist the IP Address or move them to a dedicated IP Address. Once their ISP has resolved this, the issue will stop after a short time.
CSI:POOR	The sender's IP address may be on an RBL (Remote Block List) or a blocklist.	1. Visit MXToolbox (https://mxtoolbox.com/) to check where the email is coming from. ​Click Blacklists and search for the domain name or IP address to confirm if the IP Address is being blacklisted.\n2. Have the customer try to send from a different location (for example, using mobile data on a phone if the original email was sent using Wi-Fi.)	To resolve this issue, customers will need to contact their Internet Service Provider (ISP) and have them either delist the IP or move them to a dedicated IP. Their ISP will need to fill out a form located at https://csi.cloudmark.com/en/reset/ to get the IP address removed from the CSI list. Once their ISP has resolved this, the issue will stop after a short time.
Max Recipients Per Message	The email has too many recipients in one message.	1. Using Splunk, check for recent email activity using the customer’s domain or email address.\n2. Review the listed email and work with the customer to identify if the email is legitimate or not (legitimate email examples could be the customer is sending to a mailing list.)	Advise the customer that sending large amounts of email at once are commonly seen as spam.\n\nIf the email is legitimate, escalate the case/ticket to the appropriate team to review and potentially delist the emails so they will pass in the future.\n\nIf the email is not legitimate:\n\n> Advise the customer to change their email password.\n> Scan any devices they use to connect to their email to ensure there are no security risks.
RCPT_LIMITS_USER_HOURLY	The affected domain or email address is sending large amounts of emails per hour.	1. Using Splunk, check for recent email activity using the customer’s domain or email address.\n2. Review the listed email and work with the customer to identify if the email is legitimate or not (legitimate email examples could be the customer is sending to a mailing list.)	Advise the customer that their emails are not going through because they are sending to too many recipients in a single message; they should try sending to fewer people/email addresses per message.\n\nIf the email is legitimate, for this particular error, we cannot delist anything. We can only inform the client that they need to send emails with fewer recipients per email.\n\nIf the email is not legitimate:\n\n> Advise the customer to change their email password.\n> Scan any devices they use to connect to their email to ensure there are no security risks.
SPAM (7 Reason Codes)	Spam restrictions or the sender's email was marked as spam manually by the end-users/ recipient. You may see reason codes such as: \n\n​SPAM – Spam restrictions are blocking the email. \n​SPAM:IP:5min - The IP address sent too many emails in 5 minutes.  \n​SPAM:IP:Day - The IP address is sending too many emails in a day.  \n​SPAM:IP:Hour - The IP address is sending too many emails in an hour.  \n​SPAM:User:5min - The user sent too many emails in 5 minutes.  \n​SPAM:User:Day - The user is sending too many emails in a day.   \n​SPAM:User:Hour - The user is sending too many emails in an hour.	1. Check the outbound email filter tool for recent email activity to see if the email is legitimate (such as sending emails to mailing lists) or illegitimate (such as unusual activity due to being compromised).  \n2. ​If the customer did not send the messages, their account might be compromised. Advise the customer to double-check their mail delivery settings, scan devices used to connect to email, and update to strong passwords. If the customer is using a contact form on their site, advise them to use a captcha to prevent their mail from being exploited to send spam.\n\n3. ​If the customer sent the messages, but they aren't spam, you can escalate to see if the email address can be removed from the spam list.	If they are not spamming, escalate for further review. \n\nIf there is evidence of spamming:\n\n> Advise the customer to double-check their mail delivery settings, scan devices used to connect to email, and update to strong passwords.\n> If the customer is using a contact form on their site, advise them to use a Captcha to prevent their mail from being exploited to send spam.
		What to Say to the Customers
		Email not spamming	Email is spamming
		​I am truly sorry for the inconvenience and confusion that this may have caused. Looking at your mail logs, I see that your mail being sent is being marked as spam, as some of your mail has the same features as others that are marked as legitimate spam. To help you with this issue, I have whitelisted the entry that was causing this block so that your mail can be sent properly. Please allow a little time for your whitelist to take effect and for your mail to work as intended.	​I am truly sorry for the inconvenience and confusion that this may have caused. Looking at your mail logs, I see that your mail being sent is being marked as spam, as some of your mail has the same features as others that are marked as legitimate spam.\n\n(or)\n\n​To resolve this, you will need to update your mail delivery settings and ensure that the email you send is only being sent to parties that want to accept these emails. If you are using a contact form on your site, please ensure that you use a captcha so your mail is not being exploited to send spam.
Spamhaus:XBL	The IP address used to send mail from an email client is being marked as spam.	1. Visit MXToolbox (https://mxtoolbox.com/) to check where the email is coming from. ​Click Blacklists and search for the domain name or IP address.\n\n​2. Have the customer try sending the message from another location. For example, if they tried sending from their computer with Wi-Fi, try sending from their phone off Wi-Fi. \n\n​3. Advise the customer to contact their Internet Service Provider (ISP) and have them either delist the IP Address or move them to a dedicated IP Address. Once their ISP has resolved this, the issue will stop after a short time.	To resolve this issue, customers will need to contact their ISP and have them either delist the IP or move them to a dedicated IP. Once the ISP has its IP blacklist resolved, customers will no longer have issues after a short period of time. You can provide the MXToolbox link showing their IP address is on a blacklist. Since we did not provide the IP they’re using, they will have to work with their ISP. ​
SPF:Hard	​The SPF record is telling the receiving server to reject messages from senders that are not included in the SPF record.	Check the outbound email filter tool (Splunk) for recent email activity to see if the email is legitimate (such as sending emails to mailing lists) or illegitimate (such as unusual activity due to being compromised).	If they are not spamming, advise the customer that the SPF record needs to be updated from -all (hardfail) to ~all (softfail). \n\nIf there is evidence of spamming:\n\n> Advise the customer to double-check their mail delivery settings, scan devices used to connect to email, and update the emails to use strong passwords.\n> If the customer is using a contact form on their site, advise them to use a Captcha to prevent their mail from being exploited to send spam.

Platform	Email Account	Password
Hotmail/Outlook	troubleshooting00724@outlook.com	;2Y!(|iXd+c=d",<
Hotmail/Outlook	helloworld03489@outlook.com	;2Y!(|iXd+c=d",<
Professional email Test	proemail1@nh-bluehost1.com	P@ssw0rd1!!!
Yahoo Test	hellofromhostgator@yahoo.com	$nappy2nH0$t
Gmail	emailtroubleshooting24@gmail.com	;2Y!(|iXd+c=d",<