Menu
Reply
freakyhonda
  • 5
  • 0
  • 0
Joining in
1,617 Views
Message 1 of 12
Flag for a moderator

Transactional emails bouncing from Ntlworld.com

My Gettheneedle.co.uk commerce site is routinely having transactional emails bounce by NTLWORLD.COM with the suggestion that they contain virus content.. I have had the site monitored by SUCURI who have installed a Web Application Firewall and the hosting company also declare that there are no viruses coming from the site.. Can you suggest how I get this issue investigated and help remove any detrimental flags ? 

A sample message is below...

To: info@gettheneedle.co.uk
Subject: Mail delivery failed: returning message to sender

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

 w*****.sh*****@ntlworld.com
   host mx.tb.ukmail.iss.as9143.net [212.54.56.11]
   SMTP error from remote mail server after end of data:
   554 5.2.0 MXIN601 Message contains Virus Content ;id=EWKwkGfv1G8IZEWKwkhHyP;sid=EWKwkGfv1G8IZ;mta=mx3.tb;dt=2020-09-05T13:26:31+02:00;ipsrc=79.171.34.102;

0 Kudos
Reply
用心棒
  • 5.8K
  • 652
  • 2.01K
Very Insightful Person
Very Insightful Person
1,597 Views
Message 2 of 12
Flag for a moderator

Re: Transactional emails bouncing from Ntlworld.com

Issue has been flagged to the forum team who are best placed to take this forward; be aware it can take them a few hours / days to respond.

FYI: to guard against miscreants gaming the de-listings process some security vendors will not immediately de-list a website now reported as clean.

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply
freakyhonda
  • 5
  • 0
  • 0
Joining in
1,540 Views
Message 3 of 12
Flag for a moderator

Transactional Emails bounced from Virgin and NTLworld

We send confirmation emails from our Gettheneedle.co.uk site as part of out e-commerce business, but every email connected with virgin group is bounced.. 

I have contacted our hosting company and Sucuri who provide a secure WAF and neither can find any problem with our site.. 

A typical response from virgin group is below.. 

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

 t?????@virginmedia.com
   host mx.tb.ukmail.iss.as9143.net [212.54.56.11]
   SMTP error from remote mail server after end of data:
   554 5.2.0 MXIN601 Message contains Virus Content ;id=FCZWkfPw3UcoTFCZWkN2AW;sid=FCZWkfPw3UcoT;mta=mx7.tb;dt=2020-09-07T10:32:18+02:00;ipsrc=188.227.164.88;

How do I get virgin to remove any blocks on our account? Obviously I get Similar messages from NTLworld... 

 

0 Kudos
Reply
Katie_WT
  • 4.82K
  • 293
  • 545
Forum Team
Forum Team
1,531 Views
Message 4 of 12
Flag for a moderator

Re: Transactional emails bouncing from Ntlworld.com

Hi there @freakyhonda

 

Welcome to our Community and thanks for your post - we are sorry that you're having some issues emailing an ntlworld email address.

 

Can you please confirm if you can send to that email address whilst on another device and Network? I can see that you have advised that you have no viruses coming from the site - have you also been able to run a scan on the devices you are using to send whilst getting that error? 

 

Please keep us posted. 

 

Cheers

 

 

Katie - Forum Team


New around here? To find out more about the Community check out our Getting Started guide


0 Kudos
Reply
HowardML
  • 12.23K
  • 1.42K
  • 5.72K
Very Insightful Person
Very Insightful Person
1,515 Views
Message 5 of 12
Flag for a moderator

Re: Transactional emails bouncing from Ntlworld.com

gettheneedle.co.uk is not reporting completely clean on "VirusTotal". Something needs to be looked at here by the web site host. The engine reporting malicious content is CDRF.

However I have now also checked the IP address which is sending the mail. It belongs to Hostinguk.net and a VirusTotal check of that server shows it is completely clean. I think this needs to go back to the VM Forum Team for them to get the VM e-mail team to investigate.

@ModTeam 



I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply
Steven_L
  • 4.62K
  • 338
  • 458
Forum Team
Forum Team
1,413 Views
Message 6 of 12
Flag for a moderator

Re: Transactional emails bouncing from Ntlworld.com

Hey freakyhonda,

 

I have been looking into this issue and have sought some advice on how to proceed. Please could you send me the header from one of the emails that have bounced back, to maintain security please send this over to me via a private message.

 

You can send a private message over to me by right clicking on my name.

 

 

 

Regards

Steven_L

0 Kudos
Reply
freakyhonda
  • 5
  • 0
  • 0
Joining in
1,249 Views
Message 7 of 12
Flag for a moderator

Re: Transactional emails bouncing from Ntlworld.com

Did I manage to send the  header, as requested... ?  It’s the first time I used PM , so I may have made mistakes.. 

0 Kudos
Reply
Steven_L
  • 4.62K
  • 338
  • 458
Forum Team
Forum Team
1,221 Views
Message 8 of 12
Flag for a moderator

Re: Transactional emails bouncing from Ntlworld.com

Hey @freakyhonda,

 

Nope you didn't make any mistakes with the private message, I'm in conversation with our Internet security team to discuss this further and get this resolved for you.

 

I will be in touch as soon as we have a response from the team.

 

 

Regards

Steven_L

0 Kudos
Reply
freakyhonda
  • 5
  • 0
  • 0
Joining in
862 Views
Message 9 of 12
Flag for a moderator

Re: Transactional emails bouncing from Ntlworld.com

Hi Steven, 

 

Sorry to bother you ,but has there been any progress on this,  as it is causing quite a few problems for us?

 

I am thinking of changing the hosting company , but not sure that it would solve anything! 

 

Best Regards

 

 

0 Kudos
Reply
Geoff_Ad
  • 9
  • 3
  • 8
Tuning in
796 Views
Message 10 of 12
Flag for a moderator

Re: Transactional emails bouncing from Ntlworld.com

freakyhonda

Following the post from HowardML (message 5 above) mentioning CDRF (typo for CRDF?), I tried entering your website URL on the CRDF site:  https://threatcenter.crdf.fr/check.html    It returned the following information:

"The domain name 'gettheneedle.co.uk' is well known to violate our detection criteria.
Internal ID: 14841817
Detection category: Phishing:URL
Date and hour: about 4 months ago
Advert domain: No
Detection history
Added to the database by "Robot Explorer" - about 4 months ago
Threats found on the website
Nothing to display yet."

I also tried sending an email from my own ntlworld.com address containing a link to your website. It was bounced by the server smtp.virginmedia.com with the following message:

"An error occurred while sending mail. The mail server responded: 552 5.7.0 Message is Virus (VM605) YreukqSFcYfS1Yreuk0kbM. Please check the message and try again."

I think this shows pretty conclusively that your website is listed on one of the block lists that VM use for spam control. I don't know if that is the CRDF list, and VM probably won't say, but in any case it would be worth reporting this as a false positive on the CRDF site.

Needless to say, neither Malwarebytes nor Microsoft Defender show any issues with your webpage.

I think it is disappointing, to say the least, that VM have not come up with any useful information in the 8 weeks since you first posted.

Geoff

0 Kudos
Reply