Troubleshooting and Support
Non-Delivery Reports (NDR) and the Spam Score URL
Non-delivery reports (NDRs) are usually the first indication of a mail system issue that a sender of an e-mail message will receive. There are many different reasons why a message might not be delivered to the recipient.
NDRs prove useful if a sender tries to send an email to our platform, fails and receives a notification from OSS or Exchange about the failure. Generally speaking, the NDR contains the following information:
- whether it is a transient failure (and so the delivery will be retried) or a permanent failure (and so the delivery will not be retried),
- the address where it was not possible to deliver the message to
- a failure code (starting with either “5” signifying a permanent failure or “4” signifying a transient failure)
- the reason for failure
- the so called original message (this is basically part of the original message header)
NDRs generated by OSS include a Spam score URL next to the failure description, if the delivery was not possible because the spam filter judged the message to be spam. Clicking on this URL, the sender may review which tests were run by OSS, and so can get further information on the reason for failure. Please note, that the information contained under the given URL is not permanently stored i.e. these links expire after which this information can only be retrieved from the OSS logs.
There is no such URL, if the rejection happens because of the fact that the sender is blacklisted, but the NDR contains the reason for failure.
Understanding the email header
In an e-mail, the body (content text) is always preceded by header lines that identify particular routing information of the message, including the sender, recipient, date and subject. Some header fields are mandatory, such as the FROM, TO and DATE fields. Others are optional, but very commonly used, such as SUBJECT and CC. Other headers include the sending time stamps and the receiving time stamps of all mail transfer agents that have received and sent the message. Please keep in mind that email headers should always be read from bottom to top.
How to get the email header
In Outlook, you can get the header of an email by opening the mail in a new window, and then clicking on the small Arrow on the Tags section, the Properties window will open. In the lower section of this window, you’ll find the header. It is advisable to copy-paste it into a separate document (or any text file) in order to better see it.
Note that you can open the same window by opening the mail into a new window, then clicking on File / Properties.
To get the header in OWA, highlight the message in question, then click on the small arrow next to the Reply button, and choose View message details. You will find the header in a new window called Message details.
Please note that all email clients provide information on how to retrieve the header. If the end-user uses some other means to access their email, please review the relevant information on this subject in the User Guide of the given product.
How to interpret the header information
The first step to understand the header information is to render it into a human readable format. There are several web-based tools for this, our recommendation is to use the Message Header Analyzer of Microsoft. After copy-pasting the raw header into the input field, the tool creates a systematic table, which is a lot easier to read than the raw text itself.
The Header Analyzer gives us a summary of the email header with the Subject, Message ID, Creation time (and the delivery time), sender and recipient address.
In the Received headers table, you can see the servers that transferred the email during the delivery process. Notice that the tool calculates the delay times too.
OSS related fields
In the Other headers table, you can get information about the filtering activity of OSS. The fields begin with the tag “X-Spam-“.
Field |
Meaning |
X-Spam-Flag |
Valid values can be YES or NO. |
X-Spam-Score |
This is the total score given by OSS (and analyzed both by OSS and Exchange). |
X-Spam-Level |
OSS inserts asterisks (*) according to the total score: 0 means no asterisks, 8 means 8 asterisks. |
X-Spam-Status |
Here you can see the score given by OSS, and the tests and checks that has contributed to producing this total score. |
The X-MS-Exchange-Organization-SCL field contains the score that the Exchange servers analyse. This is a rounded score of what OSS has assigned to the message. All negative OSS scores are rounded up to 0. E.g. if OSS gives a score of 3.8 to a message, Exchange will round it up to 4. This could cause that OSS might not consider the message as spammy, but if the default SCL settings are in effect for the given user, Exchange will deliver the email to the Junk folder of the user (default SCL: scores 4 and above mean that the message is spammy).
Spoofed Emails
There is one other field worth mentioning in the header: the Return-Path. Here you will find an email address, ideally the same as the sender address. However, spammers often times forge (spoof) sender addresses, and so this field contains the real sender address. If you suspect that the given message was not sent by the person whose email address is in the Sender field, please check this field to make sure, and if it's really a spoofed address, Blacklist the IP of the sender. (SPF records do not work, if the Return-Path field is set, more about this here.)
Whitelisted
If the sender has been whitelisted in the recipient organization, the header will look the following way:
Notice the X-Spam-Status field, where the score equals X, meaning that no tests were run, and so no score was applied.
What can You do?
If your user encounters an issue regarding messaging in general, or more strictly speaking, spams, there are numerous ways to resolve that issue. We are more than happy to help you with finding a fix, after having done the basic steps of troubleshooting (as follows) and gathering the necessary information for us to open an investigation and give you a resolution ASAP. The following chapters contain all that are worth noting.
In case of too much SPAM
If a recipient receives too much spam, you may try resolving the issue by doing the following:
- check the spams for common features. If all or most spams come from one single IP address for example, you may want to black list that IP address for the organization.
- if you experience that there is a massive attack of spams on several / all users, please report to our support immediately.
In case of rejected emails
If a sender that tries to send your user an email and receives an NDR, there are numerous ways to help the sender in getting their messages through to our platform. First of all, check the NDR they received. There has to be a reasons listed in it, or there should be the Spam score URL. Please, open the URL, and based on the short explanations next to each score, try to understand and fix the issue. For example, fixing a bad SPF record is something that can only be done on the sender’s side. We might be able to give you an idea on how to fix it, but essentially, it is the sender (or their messaging provider) that can resolve the issue.
In case of emails that has not arrived but you know that they should have
If your user is convinced that they should have received an email from a sender, but for some reason the email never arrived, you might try the following:
- as a first step, have the user check in their Junk folder.
- ask the sender whether they have received an NDR from us. Check what the stated reason is for the failed delivery, and try to resolve it.
- if you cannot resolve the issue, please kindly send an email to our support taking in consideration what is stated in the following section.
Sending to the Support
How to send to support
If you’ve followed all our recommendations, and still encounter an issue related to spam, we are more than happy to assist you in finding a resolution. In order to give you as quick a solution as possible, we need to receive all the information necessary for an investigation.
In case of rejected emails, we need:
- NDR
- exact time of sending
- sender email address
- recipient(s) email address
In case of receiving a lot of spam, we need:
- the received spam messages in .msg format (but at least the headers of them)
- exact time of delivery
- is it an unusual amount of messages (i.e. if your user has received 1-2 spams a week so far, and suddenly they received 20 a day, that information is an important starting point for an investigation)
- sender address
- recipient address
- how many of the users are affected (1 user or a whole company perhaps?)
The more information you’re able to gather from your users, the better and quicker resolution we are able to provide.
What not to send to support
As much as we are obliged to help our partners and their end-users the best way we can, there are certain scenarios that might seem to be issues but can only be resolved on the client side. Therefore we are kindly asking you not to send to the support:
- if a spam email arrived into the user’s Junk folder. That’s the expected behaviour of spam filtering system.
- if you receive too many newsletters. These might be spam for one person, but valuable for others who subscribed on them for a purpose, therefore we cannot globally blacklist the senders of these messages. The filtering has to take place on the client side. Please try to unsubscribe from such emails or put the sender address (or IP) on the company’s blacklist.
- if the sender is located on our platform, and their message is rejected by a 3rd party provider’s email service. We can only help you in cases, where the recipient user is on the platform that we operate. Each provider uses different filtering tools with different settings that can only be modified by the provider itself. Therefore, we can fix issues only related to our own platform.
Best practices
There are some general rules that might be worth keeping in mind in relation with spam and unsolicited message filtering.
- Common email addresses like info@..., marketing@ or sales@... are more prone to receive a higher amount of spam than others, because spammers tend to use dictionaries to make automated guesses at common usernames at a given domain. Please be aware of this fact and e.g. try to use more specific email addresses.
- Do not put your email address on web pages in a format that can be directly copied or recognized by email address gathering bots. Spammers use bots and algorithms to find such email addresses and then abuse them.
- Do not put your email address into a public post on a forum or other website accessible for anybody.
- Subscribe to lists and newsletters as few as possible. The entities behind such lists tend to sell email address lists amongst each other, and after a little while, you might end up receiving a lot of unwanted newsletters.
- Set your auto-reply up only for internal users. If you reply to a spam (even if it’s only an auto-reply), then the spammers know that your email address is active, and they will send you even more spam.
- Refrain from signing up for any offers that require an email address, unless you trust the website. There are also websites which will intentionally try to impersonate a safe site in order to trick you into giving them information. This information can include passwords, your email address, credit card information, or many other types of sensitive information. These are known as phishing sites. If a site asks you to give your email address, make sure that the site is valid (e.g. by checking its certificate).
- Avoid downloading images embedded in an email from not reliable sources. Also avoid to click on any links in an unsolicited email even if it states it is an unsubscribe link. In both cases spammers will acknowledge your email address as an active one, and they will send you even more spam, similarly to auto-reply case.
- When you forward mail to a large number of people, weed out any addresses that are inappropriate, and put all addresses in the BCC field to hide them from the other recipients.
No Comments