Hello All,
I have below header info for emails which keep getting quarantined even though they are whitelisted.
I have domain sender.com in a WHO -> Domains -> domain-> "sender.com"
and
WHO -> Domains -> Regular Expression-> ".+@sender.com"
Since they are using servers like sendgrid, we certainly can't whitelist server IP.
Now I see the negative score ( or positive number ) on Sendgrid, and then Mime 64, so I look at my quarantine/Mark Spam rule, with a priority at 80 ( and it is set to Spam Level 3.
And then my whitelist set at priority 96 making me feel like I'm whitelisting before the quarantine, but I'm clearly missing something.
Any assistance appreciated.
I have below header info for emails which keep getting quarantined even though they are whitelisted.
I have domain sender.com in a WHO -> Domains -> domain-> "sender.com"
and
WHO -> Domains -> Regular Expression-> ".+@sender.com"
Since they are using servers like sendgrid, we certainly can't whitelist server IP.
Now I see the negative score ( or positive number ) on Sendgrid, and then Mime 64, so I look at my quarantine/Mark Spam rule, with a priority at 80 ( and it is set to Spam Level 3.
And then my whitelist set at priority 96 making me feel like I'm whitelisting before the quarantine, but I'm clearly missing something.
Any assistance appreciated.
Delivered-To: megan.User@ClientDom1.com
Return-Path: bounces+17068649-3fb4-megan.User=ClientDom1.com@em6264.Sender.com
Received: from wrqvrsrn.outbound-mail.sendgrid.net (wrqvrsrn.outbound-mail.sendgrid.net [149.72.86.82])
(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
(No client certificate requested)
by mgw.innovativeinternet.net (Proxmox) with ESMTPS
for <megan.User@ClientDom1.com>; Mon, 16 Oct 2023 11:11:19 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Sender.com;
h=mime-version:from:subject:content-type:content-transfer-encoding:to:
cc:cc:content-type:from:subject:to;
s=s4; bh=Nfw0mRiebXl1GUWuP9kVjBpab/t+OtGPDiMYkhcw3Jw=;
b=pfx9nVy3tY6odQ8VxMs6n4wAitGmAvouExbp/hwnJ7VOFRAxCeaFcenjzC4DD8YhCeA5
lpAt1HiV1J9G/eliJ9xrBRi1CTwfEsFabUkt6mb9m/eX3LhS0Zoz0kAE6fz0Gqek/DJH4r
nun4uUs0JhIC0Em+/MgvuBDO+idCugImOiZcDdG/vBQaJE2Q9Qb++5UgR5rfz6KKOvi2Kr
5bLOjRj1UIxWmxJNDrGYwrqWBrs1yOv8zXBgDBfWBa8zPpxIzQH3JrJ5p8Z/jK/X8NMBkD
G4Px2I8Du0RUM4SDEvFhmPTYrnKHiZ+QTz06B9KuRT8J7eOWmcj3VscVznYxKHRA==
Received: by filterdrecv-7d6bbb66cf-hlsgd with SMTP id filterdrecv-7d6bbb66cf-hlsgd-1-652D5296-3A
2023-10-16 15:11:18.264743396 +0000 UTC m=+499678.389559267
Received: from pd0mdwk0002FU (unknown)
by geopod-ismtpd-11 (SG) with ESMTP
id UxvBIGvMQ-60k7UNF2yYAQ
Mon, 16 Oct 2023 15:11:18.155 +0000 (UTC)
MIME-Version: 1.0
From: CompanyBrand Motors Inc <CompanyBrand@Sender.com>
Date: Mon, 16 Oct 2023 15:11:18 +0000 (UTC)
subject: SPAM: Company Co-Op Assistance Claim 975352 for Company Info
Approved
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: base64
Message-ID: <UxvBIGvMQ-60k7UNF2yYAQ@geopod-ismtpd-11>
X-SG-EID:
=?us-ascii?Q?1zo8u7vbk9AiE0UNuOTFRv9KNLvu771oSamzOUdxx2M3FRjGxgicUjC9FIoJ9a?=
=?us-ascii?Q?T1kJSiErPs2fLS7LQTS79JdCyKKI7yJdx=2Fss9lJ?=
=?us-ascii?Q?7x+Be0aklo=2FNCH7EdQfP5dG4sg9Ncy6lF8B2qZM?=
=?us-ascii?Q?Jgnn0zr23avjRdbYs=2FLJxiDU4jZJ7txWp+fB24O?=
=?us-ascii?Q?VmZuOyCZbnucE7kp2dgYIgmtWYdSTCUAYlyXF3w?=
=?us-ascii?Q?4ER9QEIc5U3uU6+KKmOzhqL4SdXhvwewTgHQI0U?=
=?us-ascii?Q?eIb8=2F=2FXeatio+aPmt7Aig=3D=3D?=
To: CompanyBrandSupport@Team.com,
Megan.User@ClientDom1.com
Cc: CompanyBrand@Sender.com
X-Entity-ID: /6t8jkrfbgzpNNWZlasF+g==
X-SPAM-LEVEL: Spam detection results: 3
AWL -0.147 Adjusted score from AWL reputation of From: address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid
DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain
DMARC_MISSING 0.1 Missing DMARC policy
HTML_IMAGE_ONLY_20 1.546 HTML: images with 1600-2000 bytes of words
HTML_MESSAGE 0.001 HTML included in message
HTML_MIME_NO_HTML_TAG 0.377 HTML-only message, but there is no HTML tag
KAM_REALLYHUGEIMGSRC 0.5 Spam with image tags with ridiculously huge http urls
KAM_SENDGRID 1.5 Sendgrid being exploited by scammers
MIME_BASE64_TEXT 1.741 Message text disguised using base64 encoding
MIME_HTML_ONLY 0.1 Message only has text/html MIME parts
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
T_REMOTE_IMAGE 0.01 Message contains an external image