email

Your email bounced with a message leading you here. Why?

We hate spam. To try to keep spam levels down, we’ve implemented a bunch of filters to block as much as we can.

Unfortunately, nobody’s perfect and we occassionally block email from our friends too. This page lists all of the messages our server sends when it blocks email so you can read about what the filter is and why you were blocked.

If you’re not a spammer and your email has been blocked, we’re sorry.  Please submit a whitelist request and we’ll fix our filters so you never get blocked again.

Error messages you might have come across

DENIED_RBL_MATCH

Refused. Your IP address is listed in the RBL

We are using the Real Time Blacklist mentioned above. You have to contact them in order to be unlisted. To check where your IP address is listed: MX Toolbox Blacklist Checker

DENIED_RDNS_MISSING

Refused. You have no reverse DNS entry.

Every server on the internet should have a reverse DNS entry, especially mail servers.

Our mail server checks for reverse DNS entries. Any email coming from a server without one is blocked. This stops a lot of email from servers that shouldn’t be sending email, such as virus-infected home computers, bot nets, anonymous servers all running from temporary IP addresses.

DENIED_IP_IN_CC_RDNS

Refused. Your reverse DNS entry contains your IP address and a country code.

Your server’s reverse DNS entry contains its IP address and ends in a two-character country code. For example, if your IP address is 11.22.33.44 and your reverse DNS entry is 11.22.33.44.example.com.us, our server is going to block your email. IP addresses in reverse DNS entries usually indicate servers that shouldn’t be sending email – just the kind of server a spammer would use.

Just change your reverse DNS entry to something meaningful to resolve the issue.

To look up your mail server’s reverse DNS, use this rDNS tool: Reverse DNS Lookup

DENIED_SENDER_NO_MX

Refused. The domain of your sender address has no mail exchanger (MX).

Your domain’s MX record either doesn’t exist or lists a name that doesn’t resolve AND your domain name doesn’t have an A record. This means no mail to your domain can possibly be delivered, including bounce messages.

DENIED_AUTH_REQUIRED

Refused. Authentication is required to send mail.

We do not accept any email unless the sender authenticates first. Reconfigure your mail client and try again. Ensure you are using SMTP port 587 to authenticate. Port 25 rarely works these days.

DENIED_IDENTICAL_SENDER_RECIPIENT

Refused. Identical sender and recipient addresses are not allowed.

You are attempting to send email both “to” and “from” the same address, which we don’t accept. In most cases, authenticating your connection will avoid this block.

ENVELOPE_SENDER_IN_BADMAILFROM_LIST

Refused. Your address is in our BadMailFrom list

Your email address (or domain) has violated a number of anti-spam filters and has triggered a time limited block. The block is automatically removed within 12-24 hours.

Catchall Addresses & Dictionary SPAM Attacks

Catchall (or wildcard) addresses are the addresses that receive all email for a domain, unless there is a specific address better suited to handle the incoming email. You may or may not have one on one of your domains. e.g.

Bloggs.com has two email addresses, “joe@bloggs.com” and “@bloggs.com” (the catchall). If a mail comes in addressed to joe@bloggs.com, it is delivered to the “joe@bloggs.com” mailbox. If a mail comes in addressed to sales@bloggs.com, it is delivered to the “@bloggs.com” mailbox.

With the ever increasing level of spam on the Internet, people are being more guarded with their email addresses. It’s therefore more difficult for spammers to obtain valid addresses to send their messages to. Rather than scour the WWW for a limited supply of well protected addresses, they’ve come up with a better idea: Find domains through search engines, and then send thousands of emails to common ‘local parts’ at those domains. (The ‘local part’ is the bit before the @ sign)

For example, they might find the bloggs.com domain through a search engine, or a domain registration tool, and then send to the following email addresses:

sales@bloggs.com, info@bloggs.com, webmaster@bloggs.com, john@bloggs.com, peter@bloggs.com, simon@bloggs.com, steve@bloggs.com, neil@bloggs.com, paul@bloggs.com, derek@bloggs.com, etc, etc.

There’s only a small amount of addresses listed here, but depending on the thoroughness of the spammer, there can be upwards of 20,000 variations for a single domain. And, because bloggs.com has a catchall email address – every single message will end up in the one mailbox..

Dictionary SPAM Attacks

This is called a ‘dictionary attack’, and is getting more and more popular with spammers. Quite often, they’ll send these messages out from a huge network of ‘zombie machines’ or ‘bots’, which are virus/adware infected home PCs. Because of this vast distributed network of infected machines sending the mail, there’s no reliable way of blocking the mail.

What’s worse is that some of the dictionary attacks check for ‘successful’ delivery, i.e. if a recipient is not refused at the destination mail server, then the recipient’s address is added to the ‘verified’ list, and possibly sold on to other spammers.

So now, the catchall mailbox at bloggs.com is overwhelmed with 20,000 messages, and because none of the mail was rejected, is on the list of ‘viable targets’ for another attack.

Recently, more and more domains that we host email for have been falling victim to dictionary attacks. A lot of them do not have catchalls, and the spammer’s mail is harmlessly bounced before even being allowed onto our servers, but a few domains have been effectively disabled for many hours, thanks to the catchall accepting the many thousands of email messages. Either the customer’s Exchange/Outlook server falls over under the strain, or the customer has to retrieve all the messages slowly, and then sift through, looking for legitimate mail. This isn’t limited to POP accounts either, as catchall forwards are affected. Both affect the performance of the servers, and impact the quality of service for your domains, and the domains of other customers.

How do I eliminate the SPAM generated from a dictionary attack?

The solution is to remove the catch-alls. We’ve disabled the creation of new catch-all accounts, as we believe that in 99% of cases, there is no need for them to be there. Any existing catchalls on the system have been left untouched, but you are encouraged to phase them out as soon as possible, before your domain finds its way onto a ‘viable target’ list.

Parked Domain Names

Login to your Domain Control Panel to disable the catchall for your domain name.

• Login to https://www.uk-cheapest.co.uk/members
• Select “Email Forwarding” from the Functions list
• Select “Delete” on your [ CATCH-ALL ] alias
• SPAM to your domain will be instantly reduced

Web Hosting Customers

The following documents will show how your catchall should be set

• How to Reduce SPAM and Protect your Reputation

If you have any questions please contact the HelpDesk for support.

How to fix DENIED_AUTH_REQUIRED Error

To reduce spam levels and eliminate damage caused by compromised web applications and plugins, it is no longer possible to send from OR receive to email addresses that do not exist.

If you have been using email addresses that do not exist to send emails, form submissions then you will find the emails are no longer sent. The fix is easy, see the steps below.

Sending Outgoing Emails (SMTP)

If you receive this error when sending emails from the server, then you need to ensure that

• The email address must exist and show here: Plesk > Website & Domains > Mail
• You are authenticating to the SMTP server correctly in your web application
• You are using port 587 in your SMTP connection scripts (not port 25)
• It does not matter if your MX records are externally managed

Receiving / Forwarding Emails Externally

If you receive this error when receiving emails and you are forwarding them externally

• Are you using a catch-all email address? Don’t do it! Here’s why.
• Ensure the email exists as either a mailbox, forwarding alias or receiving alias
• You should be able to see this email in Plesk > Websites & Domains > Mail or as a receiving alias to an address in this list.
• If this email does not exist, then you must create it

Still not working after fixing the above? Contact the Helpdesk

If you are suddenly receiving this problem then you must ensure the email address you are using (the one experiencing the problem) actually exists in your Plesk panel, as it may have been abused by spammers previously.

If in doubt, do not hesitate to contact the helpdesk after reviewing the above information and supply the following information so that we may assist:

• Confirm you have waited 15 minutes since making changes in the Plesk panel
• Explain if the problem is receiving or sending
• Explain the email address experiencing the problem
• Confirm that you are using SMTP authentication (if problem is outgoing)
• Confirm that the email address exists (if problem is incoming)
• Copy the bounce message into the helpdesk ticket

If you do not supply enough information it will take much longer to help you resolve the problem as we will need to gather this information before being able to help you to resolve the issue.

Have you triggered the BadMailFrom Spam Trigger?

1. You have sent a large number of emails from an account and the recipients have marked some of this email as SPAM
2. Your account has been hacked and a spammer is sending emails from your account

The BadMailFrom filter stops SPAM before it gets ‘too’ serious. The filter is automatically removed after a short period of time. If the problem persists the lock will be in place for a longer period.

The recommended actions you should take are:

• Ensure you are sending emails only to recipients that are expecting the email
• If you are sending to a large number of recipients try spreading out the mailshot (over a number of hours or days)
• If you did not send a quantity of outgoing mail then change your mailbox password straight away.