Hi Al,

Thanks for your input, I will send you a sample.

Paypal sends campaigns for all their EMEA countries via our platform, so there 
are several sending domains used. Do I need to send a sample for each domain? 

Many thanks,


Message: 11
Date: Thu, 18 May 2017 04:19:54 -0700
From: Al Varnell <alvarn...@mac.com>
To: ClamAV users ML <clamav-users@lists.clamav.net>
Subject: Re: [clamav-users] Mail from Paypal wrongly identified as
        phishing by ClamAv
Message-ID: <c4a9264a-d00c-4a7a-8059-af56c924b...@mac.com>
Content-Type: text/plain; charset="us-ascii"

This can be whitelisted by associating whatever foreign URL is being used 
within these messages with paypal domains, but you need to submit a sample to 
<http://www.clamav.net/reports/fp> so that it can be taken care of.


On Thu, May 18, 2017 at 03:41 AM, outre...@epsilon.com wrote:
> Hello,
> Mail from our client Paypal is being wrongly flagged as phishing by ClamAv.
> We get this type of bounce erros:
> 554 Your email was rejected because it contains the 
> Heuristics.Phishing.Email.SpoofedDomain virus
> Mailing IPs: 142.54.244. [96-110]
> Mailing domains:mail.paypal.at, mail.paypal.nl, mail.paypal.com, 
> mail.paypal.pl Date of issue: 09 May 2017
> Please make the necessary changes to your product ASAP.
> These emails are legitimate, sent to optin customers of Paypal, and 
> authenticate with SPF, DKIM and DMARC.
> Please contact me if you need any additional information.
> Regards,
> Anne-Sophie Marsh, Sr Email Deliverability Manager EMEA
> T   +44 2086143219   M +44 7469352383   Epsilon, 67 Broad Street, Teddington 
> TW11 8QZ, UK  epsilon.com<http://epsilon.com/>
> [http://help.epsilon.com/images/logo.png]
clamav-users mailing list

Help us build a comprehensive ClamAV guide:


Reply via email to