Symantec adds email server IP address to blacklist without any proof - how to fight them?

Question

Recently noticed that email server IP address 88.119.185.129 is added to Symantec email blacklist. This IP is clean, not listed at any blacklists. The email server is not open relay, all emails are signed by strong DKIM, also using PRVS, and no spam e-mails. IP has valid PTR (reverse DNS) and SPF records. No suspicious activity - it's clean machine. Have tried several times to ask to remove from Symantec email blacklist at IP Address Investigation Request page - and they removed it - but after 1 day - IP was added again. I heard lots of people complains about this Symantec blacklist.. How to fight them? It is impossible to send emails to several domains now.

Answer 1

Short answer: Your server is sending spam.

Long answer: Someone somewhere flags a message that he/she received as spam. Most probably an indirect outgoing message - maybe a forwarding adress.

Answer 2

I had the same situation with a new IP address we received after a server upgrade. We definitely didn't send and spam or bulk mails and our server was no open relay. (I operate currently 6 mail servers for different clients, I do that for more than 20 years and never had such a problem before.)
The problem is, that Microsoft's mail services like hotmail.com use this list, and nearly all mails sent by a server with an IP address on the list of Symantec is classified as spam.
Our clients complained that our mails were now classified as spam and regularly marked them as not-spam. It did not help. We tried that for 3 weeks. Frequently, I requested to remove our IP at https://ipremoval.sms.symantec.com/ , it did not help.
I contacted Microsoft and they said, all is fine with our IP address and there is nothing further they can do.
I wasn't able to reach anyone at Symantec.

Now I contacted our provider and asked for another IP.
I got another IP addresses in the same address range, but it had the same problem. We even did not send out ANY mails using that addresses, but always a few hours after our request to remove the address, it was listed by Symantec again.
Our provider confirmed that there are sometimes problems with certain addresses and they also have no contacts at Symantec.
Finally we got another IP address from our provider in another IP range and now all works fine.

So if you are certain, that your server is no open relay and e.g. you get a good score here: https://www.mail-tester.com/, I would recommend to get another IP address from your provider in another address range.