Learn how to troubleshoot issues with the Anti-Spam service for Email Security.cloud.
When you are provisioned with the AntiSpam service, the service is disabled by default. We recommend that you evaluate the tagged spam that you receive using these settings, and how these settings work for your organization's mail flow. When you are confident that the service is only detecting spam email, change to the best practice settings found in the following KB article: https://support.symantec.com/en_US/article.HOWTO101610.html
The email has been blocked based on an entry in your global Blocked Senders in the Symantec.cloud Management portal, or in an individual user's list.
To resolve this issue
This has been blocked because the sender's IP is in the SpamHaus PBL (Policy Block List). This is not a spam list, the IP in question has been deisgnated by the ISP as non-mail sending (these are usually Dynamic IPs).
To resolve this issue
This has been blocked because it matched on spam signatures or heuristics
To resolve this issue
Use an online SPF lookup tool such as SPF Surveyor to review sender’s SPF Record.
For a full validation test comparing the sending IP against the record, you can use a tool such as SPF Policy Tester.
Note: SPF only applies to the envelope from (SMTP Mail FROM).
If the sender is a customer provisioned on Symantec's services, they should have our SPF entry, even if they normally do not route outbound through us. When an email is sent between customers, we look for that reference.
See Implement SPF records in Email Security.cloud.
Use an online DMARC lookup tool or DNS Lookup to review sender’s SPF Record. Use a DMARC tool such as https://dmarcian.com/dmarc-inspector/ to obtain the DMARC policy of a domain. For raw lookup, you need to perform a TXT record DNS lookup on the _dmarc subdomain (ie: _dmarc.yahoo.com).
There are two steps for a DMARC check to pass
For more details about DMARC with the Email Security.cloud service: https://support.symantec.com/en_US/article.HOWTO124382.html