Hello,

We run an online retail company that sends out many automated messages from our online server (at a datacentre) which is listed within our SPF records and DMARC etc.

We also have our own Exchange server on site at our offices on a dedicated fibre connection.

Our internal order processing server also sends out confirmation emails using the same IP but is not accessible externally on any ports.

Recently our office Exchange server IP was blacklisted on the Spamhaus CSS list, and we can see not reason for it.

Our Exchange server has not been changed recently in any way and none of the local machines seem to be having any issues with viruses or anything like that.

What would get us listed on the CSS list exactly? What can we do to mitigate this in future?

it does say this on the spamhaus website:

"CSS listings are based on a wide range of inputs and are always the result of multiple events and heuristics."

But if there have been multiple events, we have no record of them in any logs or any sign of other issues???

What can we do?

---