Examining the message headers from an email sent from a tech support person at Atlantic Broadband, whom I contacted on June 1 regarding the problem, to my Gmail account (see Viewing message headers in Gmail), I learned that Atlantic Broadband uses Echo Labs to handle their email. I saw the following in the message headers:
Received: from cluster1.echolabs.net (mail.atlanticbb.net. [38.111.141.32])
by mx.google.com with ESMTP id l144si10145927ybf.89.2016.06.01.19.40.53When I subsequently spoke to another Atlantic Broadband support person
today, he confirmed that Atlantic Broadband uses Echo Labs for
its email service. Echo Labs
Message Security web page provides information on the mail service they
provide to Internet Service Providers (ISPs). That page mentions "ECHO Labs
messaging security utilizes Cloudmark's Authority platform to deliver faster
messaging throughput and less CPU usage as compared to traditional rules-based
anti-spam and anti-virus systems." And examing the email headers further, I
could see that Echo Labs in turn uses an anti-spam service from
Cloudmark. So after
passing from the Echo Labs server, any outgoing email from Atlantic Broadband
customer's that uses smtp.atlanticbb.net for delivery will go to a Cloudmark
server to be checked for malware. That path can be seen from the
X-Scanner-Info line below.
Received: from [10.0.8.1] (HELO MX02.MAIL.ECHOLABS.NET) by echolabs.net (CommuniGate Pro SMTP 6.0.9) with ESMTP id 415982771 for example123450@gmail.com; Wed, 01 Jun 2016 22:40:53 -0400 Received: from cluster1.echolabs.net ([10.10.10.66]) by Echo Labs with SMTP id 8IZ2bcs0bdrnj8IZ2bf9tb; Wed, 01 Jun 2016 22:40:52 -0400 X-Scanner-Info: Cloudmark - http://www.cloudmark.com X-CNFS-Analysis: v=2.1 cv=WYfxEBVX c=1 sm=1 tr=0 a=NvGV9mbruWFLSfo76TNMMw==:117 a=G1GMBpgTPBagPUqfbqNUwA==:17 a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10 a=s5jvgZ67dGcA:10 a=VXbhf58gAAAA:8 a=pD_ry4oyNxEA:10 a=pGLkceISAAAA:8 a=43beU8AwAAAA:8 a=69EAbJreAAAA:8 a=3oc9M9_CAAAA:8 a=KegkHNisgdMX4TEh80EA:9 a=QEXdDO2ut3YA:10 a=ExTwvd2k1RMqEYI5UZEA:9 a=_W_S_7VecoQA:10 a=KlBsRnFCfVuI6N_k6XfU:22 a=6kGIvZw6iX1k4Y-7sg4_:22 a=W4LmDEFVUbkIZlTMwqG-:22 a=JlwNWS_Myq4plbCuGd51:22 a=WQP3B-o2DcFb_-ao3AbR:22 X-CMAE-Score: 0.00 X-Scanned-by: CMAE
According to Michael Hampton's answer to "My website's email is being marked as spam, how do I analyse a X-CNFS-Analysis email header?" at the Pro Webmasters website, The "X-CNFS-Analysis" line also indicates that the message has passed through a CloudMark scan:
The header
X-CNFS-Analysisis added to emails processed by Cloudmark Authority, an email filtering engine, and appliances which use this engine such as Cloudmark Security Platform. In newer versions, it has been renamed toX-Authority-Analysis.
According to Everything You Need to Know About Cloudmark by Brian Godiksen:
Some of the largest users of Cloudmark are ISPs such as Comcast, Time Warner Cable / RoadRunner, Cox, CenturyLink/Embarq, EarthLink, Synacor, and Telus.
Cloudmark also protects mailboxes provided by domain registrars and hosted exchange server providers including GoDaddy and Rackspace. A large number of small businesses use packaged solutions from a registrar like GoDaddy that includes a private domain and associated mailboxes.
That webpage also has a link to the Cloudmark Support Request for Cloudmark Authority page for reporting what you may regard as false positive flagging of email as spam.
In this case, I suspect the problem occurred because spam reaching a user's inbox was being forwarded out to a Gmail and Hotmail account via the Atlantic Broadband smtp.atlanticbb.net server, causing the user's home IP address to get flagged as a source of spam by Cloudmark. Unfortunately, with no bounced email being returned, there was no indication that a problem existed until recipients reported they weren't receiving email. Fortunately, whenever I've had to deal with Atlantic Broadband support personnel, they've been knowledgeable and helpful, but they have to contact Echo Labs to get any block removed, which might have been based on IP address in this case.
Related articles: