Why does my Email Bounce_

·

Why Does My Email Bounce?

Often, you’ll learn about a problem when the email you send gets bounced back. Chances are high that your IP has been blocked by one or more blocklists (also known as DNSBL, RBL or blacklist). When your emails bounce, they will usually come back with a subject line that says:

– Mail delivery failed: returning message to sender

– failure notice

– Delivery Status Notification (Failure)

– Undelivered Mail Returned to Sender

– Returned mail: see transcript for details

– Mail System Error – Returned Mail

In the body of these messages, you’ll find some text that is a standardized format, called delivery service notifications.

Even if they look daunting, these notifications actually tell you everything you need to know about why the message couldn’t be delivered.

This notification is usually in three parts, one for humans to read and understand, one for computers to read and the third part is the message that you sent originally.

Example Message:
This is the mail system at host <server name> .
I’m sorry to have to inform you that your message could not be delivered to one or more recipients. It’s attached below.
For further assistance, please send mail to the postmaster.
If you do so, please include this problem report. You can delete your own text from the attached returned message.
<[email protected]>: host hostname.example[1.2.3.4] said: 550 5.1.1 <[email protected]>: Recipient address rejected: User unknown in relay recipient table (in reply to RCPT TO command)
Human readable
Reporting-MTA: dns; <server name>X-Postfix-Queue-ID: <server queue ID>X-Postfix-Sender: rfc822; [email protected] Arrival-Date: Wed, 28 Jul 2021 00:00:00 +0000 (GMT) 
Final-Recipient: rfc822; [email protected] Original-Recipient: rfc822;[email protected]: failedStatus: 5.1.1 Remote-MTA: dns; 1.2.3.4Diagnostic-Code: smtp; 550 5.1.1 <[email protected]> : Recipient address rejected: User unknown in relay recipient table
Computer

One of the most common types of listings come from when we’ve received messages to our spam traps.

This results in the mail server sending us that mail being listed by its IP address.  

This isn’t your IP address because you don’t send email directly from your mail client to the destination. Instead, it goes via mail server and it’s that mail server that will be listed.

The other type of common listings are domain names that were found inside a spam message. In this case, the error message inside the bounce message will contain a domain name instead of an IP address.  

IP addresses are the most commonly blocked, followed by domain names. We rarely block by email address as these are too easy to fake.

We always ask that Abusix Mail Intelligence customers return the text record that we provide with any listing as this contains a URL hyperlink that will be inserted into the bounce message that will be received by the sender and that makes it easier for someone to find out why they are listed and delist themselves.

However, sometimes, due to the limitations of their mail server software, the URL is not available.

This is a bounce message you might get if one of our customers decided to block an IP address that was listed in Abusix Mail Intelligence:

Examples:
(reason: 554 5.7.1 Service unavailable; Client host [1.2.3.4]
blocked using combined.mail.abusix.zone;
https://lookup.abusix.com/search?q=1.2.3.4)
With URL link
521 5.7.1 Service unavailable; client [1.2.3.4]
blocked using black.abusix.rbl
Remote mail server ip: 4.3.2.1
No URL link
550 5.7.1 Service unavailable; client [1.2.3.4]
blocked using dynamic.mail.abusix.zone
No URL link

In the above examples, 1.2.3.4 is a fake placeholder for the blocked IP address that you would need to look up.

If the link is available, you can simply click on it. If there is no link, and it mentions Abusix, you can go to our Lookup Service Page and enter the IP address or domain that has been reported as listed. 

Note: If the bounce message doesn’t mention Abusix, the listing may be from another source. Tools like MXToolbox and multirbl.valli.org check your IP or domain name against known blocklists, so you can see on which blocklists they have been listed. 

The item you are looking up might also show up as not listed, this could be because it already expired (listings usually expire 5.2 days after the last bad event) or has already been delisted by someone else. 

However, if it is listed you will see a big red button that you can click to remove it from the list.

Once you’re certain that you’ve fixed the issue that caused the listing, simply click the red button “Remove from list” and follow the instructions.

Please keep in mind that the delisting process may take up to 15 minutes. You can try to send your message again after this time. If you continue to have issues even though you have fixed the issues that caused the listing, use the live chat for assistance.

Read more about the process of your IP address getting blocklisted and possible ways to solve it in this blog post

Read More

·

Editor’s note: This post was originally published in July 2017 and has been revamped and updated for accuracy and comprehensiveness....

·

This is the last article in the 3 part blog series “The Layers of the Email Security Tech Stack” where...

·

Email remains a cornerstone of business communication but also a primary vector for cyber threats like <a class="glossaryLink" aria-describedby="tt" data-cmtooltip="cmtt_0d5115a19961821ee5d6d5d40616c9d2"...