I just got a password reset message and a posting reply notification message from the Norton Community and they were both marked as SPAM with the message that the sender may not be valid.

It appears the problem is that the symantec.com domain has an SPF record (Sender Policy Framework) indicating valid IP addresses for email to come from, but the IP address used for the community email is not one of them.  Thus, the email goes to SPAM as sent from an invalid sender.  The SPF record needs to be updated.  In looking at the message header I see:

Received: from smtp.lithium.com (smtp.lithium.com. [208.74.204.5])        by mx.google.com with ESMTP id q10si7803403icv.9.2011.09.18.10.31.36;        Sun, 18 Sep 2011 10:31:37 -0700 (PDT)

Received-SPF: softfail (google.com: domain of transitioning nortoncommunity@symantec.com does not designate 208.74.204.5 as permitted sender) client-ip=208.74.204.5;

Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning nortoncommunity@symantec.com does not designate 208.74.204.5 as permitted sender) smtp.mail=nortoncommunity@symantec.com

Received: from app-c3-5.sj.lithium.com (app-c3-5.sj.lithium.com [10.20.110.40])

The SPF record seems to specify that if the IP address does not match that in the SPF record, a softfail should be generated which means the receiver should receive the message but mark it as suspicious.  A hardfail would just toss the message into the bit bucket.

Not sure if a lot of other people are seeing this but the cause seems clear.

Hi,

I'm sure the staff will see this on Monday. Just a question or two. Is the content valid or could this be a spoof to get you into a place you'd rather not visit? If you haven't deleted the message you might want to save it to see if the staff will want a copy.

Thanks

They are all valid messages.  The notification for your reply just went into SPAM as well.  I have all the messages as I moved them out of SPAM.

---

peterwi wrote:

They are all valid messages.  The notification for your reply just went into SPAM as well.  I have all the messages as I moved them out of SPAM.

---

Hi,

I'm happy you have the messages and I'm not as I don't like being classified as spam

I'm going to wait for the experts to reply

Doing a reverse DNS lookup of the sending IP of 208.74.204.5 it appears the sender is smtp.lithium.com.

(5.204.74.208.in-addr.arpa domain name pointer smtp.lithium.com.)

However, smtp.lithium.com is not a valid sender for the domain symantec.com according to the SPF record.

It seems that lithium.com which seems to run this bulletin board system is sending as symantec.com.

The symantec.com SPF record is:

"v=spf1 include:spf.symantec.com ip4:207.38.45.154 include:spf.messagelabs.com ~all"

It seems this would have to be adjusted to:

"v=spf1 include:spf.symantec.com ip4:207.38.45.154 ip4:208.74.204.5 include:spf.messagelabs.com ~all"

or more generically if there are multiple servers behing smtp.lithium.com

"v=spf1 include:spf.symantec.com ip4:207.38.45.154 a:smtp.lithium.com include:spf.messagelabs.com ~all"

I'll be curious what they do.  Can't let a security issue like this stand. :-)

Hi !

Newbie here. Just a brief note to anyone whom may be having the same problem I was having. I registered for an account here and waited for the email verification link to be sent to my email address. The problem was that it is a Gmail account and the spam folder was hidden. So for like a day I have been requesting new verification links. D'Oh!

When I did manage to find the spam folder in Gmail, I had like 10 messages from Norton Community! When I opened the emails, There is a big red line across the top of the message reading WARNING: This email may not be from who it claims to be from! and the links are all disabled. I hesitated because I have an ongoing problem with phishing. But, I moved the messages to the inbox and the links became live.... So I clicked on the link..and here I am. In the deep blue sea. Just kidding...I think.

I guess there is really nothing that can be done about the verification emails being sent to the spam folder in Gmail..