X-BESS-REASON-EXTRA: TRUEDOMAIN(SPAMSITE)->blocked

Description: This article will go over blocked email from Barracuda. The header error states that the recipient or sender is blocked (#550 permanent failure for one or more recipients ).

Today a help-desk ticket came in stating that the client could not send to a customer. They sent the below bounce back from their on-prem Exchange server.

Diagnostic information for administrators:

Generating server: SERVER.XXX.local

ehron.banks@hiltoncentercity.com
mx1403.ess.rzc.cudaops.com #550 permanent failure for one or more recipients (USER@CUSTOMER.com:blocked) ##

When I logged into Barracuda I reviewed the blocked e-mail and saw the following error:

The above message X-BESS-REASON-EXTRA: shows the customers domain pointing to a known spam site. Barracuda will not only scan the e-mail for malicious links but also domains website.

Going to the website and inspecting the source I found the following:

The website has a hidden field pointing to known SPAM and malicious sites. It looks like every time a user visits the website these domains will also get a hit.

To fix this we contacted the website’s IT team and let them know that it looks like their website had been compromised.

 

 

Leave a Comment