[clamav-users] Mail from Paypal wrongly identified as phishing by ClamAv
Al Varnell
alvarnell at mac.com
Thu May 18 11:19:54 UTC 2017
This can be whitelisted by associating whatever foreign URL is being used within these messages with paypal domains, but you need to submit a sample to <http://www.clamav.net/reports/fp> so that it can be taken care of.
-Al-
On Thu, May 18, 2017 at 03:41 AM, Outreach at epsilon.com wrote:
>
> Hello,
>
> Mail from our client Paypal is being wrongly flagged as phishing by ClamAv.
>
> We get this type of bounce erros:
> 554 Your email was rejected because it contains the Heuristics.Phishing.Email.SpoofedDomain virus
>
> Mailing IPs: 142.54.244. [96-110]
> Mailing domains:mail.paypal.at, mail.paypal.nl, mail.paypal.com, mail.paypal.pl
> Date of issue: 09 May 2017
>
> Please make the necessary changes to your product ASAP.
>
> These emails are legitimate, sent to optin customers of Paypal, and authenticate with SPF, DKIM and DMARC.
>
>
> Please contact me if you need any additional information.
>
> Regards,
>
> Anne-Sophie Marsh, Sr Email Deliverability Manager EMEA
> T +44 2086143219 M +44 7469352383 Epsilon, 67 Broad Street, Teddington TW11 8QZ, UK epsilon.com<http://epsilon.com/>
> [http://help.epsilon.com/images/logo.png]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3569 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20170518/31d239a6/attachment.bin>
More information about the clamav-users
mailing list