Error: "553 sorry, your envelope sender is in my badmailfrom list" from Email Security.cloud
search cancel

Error: "553 sorry, your envelope sender is in my badmailfrom list" from Email Security.cloud

book

Article ID: 162232

calendar_today

Updated On:

Products

Email Security.cloud

Issue/Introduction

You have received an email notification from Symantec Email Security.cloud:

  • An individual end user account is either sending spam through Symantec Email Security.cloud or is receiving a bounceback error message indicating they are on the "badmailfrom" list.
  • The error message received is: "553 sorry, your envelope sender is in my badmailfrom list. Please visit www.symanteccloud.com/troubleshooting for more details about this error message and instructions to resolve this issue. (#5.7.1)."

Cause

  • A block has been placed on the user account from sending email through Symantec.cloud.
  • A full investigation is needed to determine how the user account became compromised.
  • It is often the case that the user may have replied to an email that requested their username and password.

 

Resolution

You are advised to check with the user in question to confirm this and provide the email they responded to so that detection measures can be added.

Before we can re-enable the user account, you need to provide the following information in your support case:

  • Confirmation of a detailed virus scan of all machines on your network.
  • Whether any machines were found to be infected.
  • If any machines were infected, how they were cleared of infection.
  • Confirmation of whether the user in question responded to an email with their user credentials.
  • Whether they followed a link requesting their user credentials.
  • If you answered 'no' to questions 2, 3, 4, and 5, you should confirm how the user was compromised.
  • Information about whether the user's password has been changed and if it is a strong password.
  • Confirmation that the user cannot reuse any of their previously used passwords.
  • Whether the user has been educated not to reply to emails asking for usernames and passwords.
  • Information about whether other users have responded to similar emails.
  • Actions being taken to prevent further compromised accounts.
  • Provide a copy of the phishing email received by the user for detection purposes.
  • Confirmation that you have read the best practice guidelines for webmail security.

Additional Information

Action Steps

  • Initiate a detailed virus scan on all machines within your network.
  • Isolate and clean any infected machines following best practices.
  • Communicate with the affected user to understand the cause of the compromise and obtain the email they responded to.
  • Ensure that the user's password is changed to a strong one and cannot be easily guessed.
  • Educate the user about not responding to emails requesting usernames and passwords.
  • Investigate if other users have faced similar issues and take appropriate actions.
  • Provide the requested information and email copy to Symantec Support.
  • Review Symantec's best practice guidelines for webmail security.
  • Following these steps should help resolve the issue and prevent similar incidents in the future. It's essential to take prompt action to secure your network and user accounts.