Overcoming MAPS Reverse-Lookup Oppression?

ArghBlarg asks: "Imagine the following scenario: you're the volunteer admin for a small, non-profit site for a few local artists and musicians. You run your web site and SMTP server out of your laundry room, via cable broadband. The broadband provider doesn't mind, as you only get a few hits a day; you keep your system secure and were only rooted once, over 4 years ago (hey, it happens). Your site has never, ever (to your knowledge) relayed spam. On the whole you've been an exemplary netizen. One day, some email you send bounces because your ISP's entire netblock has been placed on the MAPS DUL. True, your server's IP isn't technically static (though it hasn't changed in 12 months); because your domain is embedded within the broadband provider's larger IP block, reverse lookups don't give your domain name, rather that of the provider (with a huge number prefixed as the hostname). Hence you're considered a rogue SMTP node and blocked by MAPS. I've emailed MAPS but they won't agree to whitelist me. I have a proper MX record for my SMTP server, under my domain name. What can I do? Is there any way to make my legitimate domain take precedence in reverse-lookups, so I don't show up as being part of a spam-friendly network?"

"Please don't bother suggesting that I ask my provider to give me a static IP outside the affected block -- they won't, not without upgrading to a MUCH more expensive package which gives me no benefit for a small-traffic server like this.

What have you done to get your domain, running on a pseudo-static IP, out from under the thumb of the spam block lists? While I wholeheartedly support the efforts of the MAPS people and others like them to stamp out the vermin that are spammers, our domain has become collateral damage in the war!"

Talk to your provider....

[Evanrude]

I have had this happen on more than one occasion. I have *5* static IPs on a co-located server. Each time, I contact the ISP and they see to the removal of the netblock(s) that are listed on the MAPS lists.

If your ISP is unwilling to have their own netblocks removed from MAPS lists, then you need to consider a new ISP.

You have a few options

[petard]

1. (You sound like you tried this one) Convince MAPS not to blacklist you. This is unlikely to happen if you're only in the DUL.

2. Convince the people you wish to exchange mail with (who presumably want your mail) to either
a. Stop using MAPS
b. Stop using the DUL
c. Add your server to a local whitelist

Note that gaining control over your reverse DNS listing will not help; DUL is based on netblocks.

3. Get a better ISP. There are options out there that will do what you want, and not all are prohibitively expensive. If you ISP's options are, switch. I've been very happy with speakeasy. They are available to most of the US. If you get one of their very reasonably priced (multiple) static IP packages, you will not be on the DUL. What's better, they will set your reverse DNS to whatever you wish so long as you own the domain in question. Their TOS are also very nice, explicitly permitting you to run your own servers so long as you don't disrupt the network. (They do permit running spam, porn, and irc if it's part of a public irc network, as those tend to disrupt service more often than they don't.) Speakeasy is not the only option... there are other similar ones, but I haven't tried any of them.

4. (As others have said) Use a smarthost for your mail. Receive incoming mail on your own server but configure your outgoing mail to relay through your ISP's gateway. This is trivial with most MTAs. See your documentation for details.

5. Complain to your ISP, and tell them that you're willing to switch if they can't get you onto a netblock that isn't blacklisted. It might work. Their cost to acquire a new customer is relatively high, so they should be interested in accomodating you. Don't just go based on their written policy, though. Talk to a real person, preferably one who would feel the pain of lost revenue.

Re:Relay through ISP

[Fweeky]

Plus you tend to loose things like TLS, and of course being a single node for all mail for an ISP can make them a little slow and unreliable.

The best solution is probably to get your own server on a static IP and smarthost through that; since it's entirely under your control you know it's not going to get some handy config change which breaks your mail, nor is it likely to go away for hours on end while it's broken/fixed/upgraded without warning.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Well DUH...

[Anonymous Coward]

Over 70% of all spam comes from dynamic IP addresses.

So the ISP would lie?

The 'criteria' in question is a dynamic address - since you asked us to do something about spam, and since there is no valid reason why a dynamically assigned address needs to talk directly to our mail server, we do block connections from them.

So the ISP is stupid too? Or can neither you nor the ISP really think of a single reason why a machine might be configured to send email directly?

If the client had correctly configured their mail server (instead of simply making excuses), you wouldn't have noticed a problem."

The client has correctly configured their mail server. It follows the RFCs. It sends email to the destination. They've simply not followed arbitrary rules imposed by the idiot (if you're really to be believed and they really cannot possibly comprehend of a single reason why a machine might want to talk to their mail server directly if they're on a dynamic IP) receiving ISP.

Considering the fact that the first part of that statement is *provably* false (and the second is - at best - debatable), what do you hope to accomplish by crying about it here?

The first part of that statement is provably correct. A dynamic IP address is not in any shape or form a signifier of spam. Anyone who suggests it is is an idiot. I've sent email from dynamic IP addresses before. Are you saying that it was spam?

Or is this a "well, we sometimes get email from dynamic IP addresses that's spam therefore it's legitimate" argument? In which case, why are you bothering to receive SMTP at all? After all, 100% of emailed spam is sent via SMTP!

It's idiots like you that are breaking the Internet. Use systems that identify spam, not systems that are implemented for the sake of it.