Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Spam

Why Are We on E-mail Blacklists? 118

Posted by Cliff from the no-spam-from-here...honestly! dept.
LogicallyRogue asks: "I run an email server for a small webhosting company. We've crawled all around the email server to make it as secure as possible: tightened Sendmail's security, POP Before SMTP, denying non-authenticated relaying, using SpamCop DNS blacklist, etc. However, with all this in place, every few months, it seems that we have been blacklisted by some ISP somewhere. This month it was AOL. We had no warning, and we don't know why we were blacklisted. All the information we have is a single URL. We visit all the DNS blacklist services we can to be sure we are not on any of them. We send emails to the postmasters inquiring for more information (like perhaps a reason or copy of the email that made the ISP blacklist us) - however, those are usually bounced back because we are blacklisted. We've tried calling the Blacklisting ISP tech support - and usually get the stunned I-have-no-clue-what-you-are-talking-about silence. Have any other Slashdot readers experienced similar problems with blacklisting and the big ISPs?"
This discussion has been archived. No new comments can be posted.

Why Are We on E-mail Blacklists? More

Why Are We on E-mail Blacklists?

Comments Filter:

  • You called the wrong people (Score:4, Informative)

    by Baloo Ursidae ( 29355 ) <dead@address.com> on Thursday June 26, 2003 @06:37AM (#6301104) Journal
    This isn't a customer support issue as much as it is a your-server-is-being-over-anal-and-you-probably-wa nt-to-know-about-it issue. Email postmaster@host, if that doesn't work, submit them to postmaster.rfc-ignorant.org [rfc-ignorant.org] and call their NOC.
    • I run an e-mail server with over 20.000 acounts. This is what happens (and I am not RFC ignorant): My domain (ie: mandic.com.br) is about 10 years old. So it was present on the first spam lists that ever existed. People use it to send spam. That is, they send spam and sign it as foo@mandic.com.br. That happens about every day. My postmaster@mandic.com.br receives about 40MB e-mail every day. I would need 2 persons reading this to get it read. What do I do?
      • One word: SpamAssassin [spamassassin.org].
      • Your post makes no sense.

        If your domain is 10 years old that would normally make it *less* likely to be on any spam lists, because you should theoretically be a known entity.

        However, you are registered with a .br domain to an IP in LACNIC's Class-A block, which seems a bit dodgy.

        Real postmasters are quite easily able to tell the difference between forged addresses and real SMTP relays; so, if you are commonly blacklisted you are probably a spammer. If you just get lots of mail from angry end-users, you
        • You go to a news store here in brazil, buy a spam program, install it, write a spam message and click on run. It sends e-mail to (as they announce) 16.000.000 e-mail signing them all as @mandic.com.br. Why is that so? Because we ARE A KNOWN ENTITY and therefore any RESPECTFUL e-mail provider will NEVER black list our domain. So the spammer uses the fact that we are a known entity in his benefit, and since the 16.000.000 are obviously not real, a great part of it will bounce and get to my postmaster. I
          • Sorry about the late reply; I was off-line for a few days due to illness in the family.

            Are you saying that these emails are sourced from outside your domain, or that your customers are sending them? It's still not clear to me. Who is the ISP of this person that "buys a spam program and clicks on run"?

            If spam emails are bouncing into *your* queues, it sounds like your domain is the source of the spam. (That's the only way the situation you describe could happen to my mailservers.) What are the source
            • These spammer are using the spam program either in their own DSL connections or using open relays. Let me give you an example:

              1 - spammer sends e-mail from IP a.b.c.d with the spam program and signs the e-mail as @mandic.com.br ( is changed by the spam program for every email)
              Note that the IP a.b.c.d (DSL) is blocked on my MX cluster.
              2 - hotmail, for instance (who I cannot block) receives this e-mail and bounces it to? (me :-))

              Is this clearer now?
              • Your step 2 shouldn't happen, though. SMTP mailers don't bounce Email from the spammer machine to a different machine. Open relays are a special case, the mail will be bounced to the relay itself and not to the system that relayed through it. That's why ORs get blacklisted, because they obscure message sources.

                When hotmail rejects a message, it bounces to the IP address that sourced the message. Mailers do not use the human address information.

                Here, look at this mail header info from a spam I intercep
                • Our network that you mentioned as blocked, is not "our" network. They blocked .com.br which is ridiculous. Seriously, they are blocking any e-mail comming from brazil. Do you really think that:
                  - @oracle.com.br
                  - @sun.com.br
                  - @amcham.com.br (american chamber of commerce)

                  are sources of spam?

                  I think you are mistaken about how e-mail works. The bounce goes to the "MAIL FROM:" part of the SMTP connection.

                  Anyways, thanks for the advice.
                  • Blocking .com.br is pretty nasty. Lots of places block taiwan and korea, but I hadn't heard of anyone blocking all commercial sites in brazil before.

                    But this is what I mean about your problems sounding dodgy; in the first message you said YOUR domain was blacklisted, not your parent domain (and I have found the domain you mentioned in at least one blacklist).

                    There are other things in your posts that don't make sense to me.

                    I'll repeat my question: Who is sourcing the spam, and who is their ISP? You ref
                    • "You referred to "their DSL" - are you the service provider to the DSL-based spammer or not?"

                      Nope.

                      "how can a "triple-bounce" happen in a properly configured mailserver?"

                      MAIL FROM: inexistent-1@domain
                      RCPT TO: inexistent-2@domain

                      will make qmail say

                      triple bounce: discarding ...

                      it's properly configured, but still consumes CPU time..

                      Basically, the thing is, people blacklist domains when they should blacklist e-mails, or blacklist ips. Blocking an entire domain is very, very bad practice. What happens is

                    • I reject all mail from unresolvable domains. You can't talk to us if you are not in the global DNS.

                      I don't accept incoming mail with a RFC822 target address that does not specify a valid user in my domain, and I don't accept outgoing mail from IP addresses outside my domain. If I did either of these things, I'd be an open relay.

                      I don't accept outgoing mail with a RFC822 source address that does not specify a valid user in my domain. If I did, my users could spoof their addresses and become spammers.

                      If
                    • That seems like a good practice. I'm gonna adopt it. The only thing is that rejecting an e-mail that is not an existing user should (acording to RFC) generate a bounce.

                      Anyways, I applied that "patch". TKS a LOT!
    • Contacting the postmaster@ does not always meet with success. You omitted your IP address so an informed response is rather unlikely. AOL runs their internal block list you can be listed for reasons like changing your server configuration without notifying them about said changes.

      With 30 Million subscribers AOL receives a deluge of spam and must act to protect the integrity of their systems and subscriber base. As far as I am aware AOL does not subscribe to any outside filters reasons being the lack of
  • AOL does this all the time. Comcast was blacklisted by aol a while back, sending to AOL addresses would bounce. (!) The problem was fixed very quickly, and comcast is a VERY large ISP. Just call again, keep bugging them, and hope for the best.
    • AOL does this all the time. Comcast was blacklisted by aol a while back,

      That's nothing, AOL blocked RoadRunner (and vice-versa) not too long ago. If they're blacklisting parts of their own company, there's no hope for the rest of us.

    • Re:Happens all the time How to solve AOL blacklist (Score:5, Informative)

      by ToadMan8 ( 521480 ) on Thursday June 26, 2003 @01:07PM (#6304094)
      There is a phone number to call... (let me grab it) 703.265.4670. If you call that number, you talk to some actually intelligent and customer service minded AOL people. They will give you a call ticket number if not solve the issue right on the phone, and will follow through (read: call you back) if they can't solve it right away. Miami University got blocked recently, we solved it in this manner. Hope this helps!
  • Usually has to do with overzealous abuse people
    that are heavily overworked accidentally concluding
    that a forged return address is a guilty party.
    The other common cause is running any older versions
    of netscape's shitty email server software. :)
    I have no idea why so many people fork out so much
    money for this single-threaded piece of crap. It's
    like having an open-relay that you close 9 billion
    times, but the latch is broken.
    • Usually has to do with overzealous abuse people that are heavily overworked accidentally concluding that a forged return address is a guilty party.

      Sometims they just get confused between the attacking and defending system.

      I have a program which scans http connects for nimda style probes of my server (given that I don't have a 'live' website, or even a real dns address that points at my box, I know that 95%+ of connects are bogus to begin with, but I filter for obvious attacks anyways).

      At the height of

  • AOL fucked up (Score:2, Informative)

    by reynaert ( 264437 )

    From the spam-l list:

    > I was shocked since I check my mailserver weekly to make sure it isn't an

    > open relay. I checked several of the sites that will run checks against your
    > mailserver and I was fine. *UGH* I have to call AOL to find what the problem
    > is. After waiting on hold for 30 to 45 minutes, the gentlemen on the other
    > end of the phone informed that they were having an "issue" where their server
    > were rejecting email from IP's starting with a 6. Going to be a long morni

    • In other news . . . (Score:5, Funny)

      by dheltzel ( 558802 ) on Thursday June 26, 2003 @09:30AM (#6301870)
      AOL announced today that they have corrected the "issue" with their mail servers rejecting email from IP's starting with 6. Currently email is being rejected from servers with IP's starting with 7. AOL will be publishing a schedule shortly at to when each range of IP's will have it's emails rejected.

      When asked why the company is implementing this policy, Bob Harvey, AOL's Minister of Information, said that they had determined that 70% of the emails coming from those IP's was Spam, and the remaining 30% didn't look very important to him anyway.

    • After waiting on hold for 30 to 45 minutes, the gentlemen on the other > end of the phone informed that they were having an "issue" where their server > were rejecting email from IP's starting with a 6.

      Sounds like someone was being a bit happy with the wildcards. Why not just block *.*.*.*, that will block ALL the spam?

      Just wonddering, but when you say anything starting with a 6, does that mean 6.*.*.*, or 6*.*.*.* ?

  • overzealous spam lists (Score:5, Informative)

    by PapaZit ( 33585 ) on Thursday June 26, 2003 @07:09AM (#6301158)
    Where I work, we have that problem frequently. Often, it's a result of an overzealous spam list that decides that because the spammer forged headers that make it look like mail passed through one of our machines, mail MUST HAVE come through that machine, so we should be blocked.

    Call the ISP and ask which spam filtering or RBL services they use. The first-level drone won't know, but if you explain that you're being blocked and you need this information to fix the problem, you'll probably get transferred or get a call back from someone who -does- know. You'll probably discover that their filtering was overzealous.

    Sometimes, you'll run into a knee-jerk admin who unconditionally believes anything the RBL tells them. It's best just to write off this ISP -- you won't convince them that you weren't sending spam. Put a custom "ISP admin is an idiot" bounce message in for that domain so that your users know why the mail didn't get through, then move on.

    Of course, this assumes that you're already actively handling open relays and abuse on your end. That's part of the job, and you should check carefully to ensure that your setup is okay before contacting anyone.

    • Often, it's a result of an overzealous spam list that decides that because the spammer forged headers that make it look like mail passed through one of our machines, mail MUST HAVE come through that machine, so we should be blocked

      Slighty off-topic, but still... this reminds me of one of my pet peeves. One or two of my older email addresses have been used in forged headers (To: field, namely) to make it appear that I, not some anonymous dickwad spammer, sent the spam. Consequently, not only do I get bou

      • All the more reason for verification that an e-mail actually did originate from the address specified. I think half the solution is in this proposal [ietf.org], but I think the other half is validation of the sending address as follows:

        1. The sending server would generate a CONTENT KEY based on the contents of a specific message, including the subject, date, from, to, and CC fields, as well as the body. The algorithm to generate this key would be public in nature.
        2. A PRIVATE KEY would be used in conjunction with t
      • The unfortunate thing about this From field spoofing is that it hits hardest those who have produced most. I have built a dozen medium load sites and foolishly put my email in the metadata of the pages (which was a good thing at first since some people did contact me through it with legitimate reasons to contact me). Now anyone who visits those sites has my email on a page in their local cache and the viri find it and mail out more viri as if from me. Success is its own punishment I guess.
      • I think what we *may* see come about first is that SMTP servers will start rejecting e-mail if the sender's IP address doesn't match the IP address that's in the domain's MX records. So if a spammer wants to spoof their e-mail address as yadda@yadda.org, they need to also hack the DNS record so that their machine's IP is listed as one of the MX addresses for the yadda.org domain.

        This would at least cut down on the domain spoofing that currently goes on - and - puts the preference of whether to accept spoo
        • The problem with this plan is that a lot of larger sites SEND with one set of machines and RECEIVE with another. We (a medium-sized private university) have 3 inbound-only machines, 3 outbound-only machines, and 6 IMAP servers.

          Some big companies go as far as "the inbound mail subnet" and "the outbound mail subnet".
          • Yep, as I was working on our systems today - that thought also occured to me (that there are often seperate systems for send vs receive).

            Since the MX record is used for inbound mail... it would be kind of silly to hijack them to authenticate outbound mail for a domain

            1) Require that the IP address of the server that is sending the mail match an IP address of a record in that domain's DNS (e.g. you'd have to create A records for all of your outbound mail servers). Easy, fits within today's DNS without m
          • OK, so add MX records for your outbound mail servers / network.

  • RBL's aren't perfect... (Score:5, Interesting)

    by PunkeyFunky ( 522484 ) on Thursday June 26, 2003 @07:21AM (#6301178)
    ..and as such, shouldn't be relied upon as a "oh this is definately for rejection". My firm uses an RBL as a plug in to SpamAssassin. Just being in the RBL by itself isn't enough to get rejected, but it bumps up the score a bit. Unfortunately, because RBL's are easy to slave and use, too many people rely on them, when the use is now limited. Limited by the fact that the 'big' spammers are incredibly clever these days. Having said all that, it wouldn't surprise me if AOL started blocking addresses with the '@' symbol... ;) Lee -- 'I love spam. Come get me.'
    • Having said all that, it wouldn't surprise me if AOL started blocking addresses with the '@' symbol... ;) Lee -- 'I love spam. Come get me.'

      Dosen't affect me.

      -- {bd-home-comp.no-ip.org, maine.rr.com, users.sf.net}!bdonlan
      • > > it wouldn't surprise me if AOL started blocking addresses with
        > > the '@' symbol... ;) Lee -- 'I love spam. Come get me.'
        > Dosen't affect me.

        Oooh, you have an old-fashioned bangpath address?
    • Definitely not perfect so you need to plan for false positives. Sendmail can specify recipient addresses as spamfriends so their mail isn't blocked by RBLs. We make postmaster a spamfriend so it can receive mail from blocked IPs, and we promptly whitelist any nonspam senders. SPEWS, Osirusoft and DSBL are very effective, but I definitely would not use them without a whitelisting mechanism.
  • This is too bad. Some people would say that blacklistings are necessary because they help keep the spamming down. And the spamming need to be kept down because most peoples inboxes would be too filled with spam to be useable. But when big companies like AOL starts blocking mail servers out of the blue, it kinda defeats the purpose.

  • I find it ironic. (Score:5, Insightful)

    by Captain Pedantic ( 531610 ) on Thursday June 26, 2003 @07:45AM (#6301261) Homepage
    Here you are complaining that you are being blacklisted, but at the same time you are blacklisting loads of other people.

    Instant karma's gonna get you.
    • You really have a good point....

      I probably shouldn't complain for your very point. However - when we get complaints that our customers emailboxes are jammed full of 'Viagra' and 'Wanna see my webcam' email messages - you have to do SOMETHING! We've tried SpamAssassin - that didn't get everything. We've tried SpamCop - that doesn't get everything. The combination seems to work fairly well.

      Perhaps it's easier for the big guys (ComCast, MSN, AOL, Earthlink) than for us small web hosting shops. We need a

  • Dial-up or residential IP blocks, too (Score:5, Informative)

    by Finni ( 23475 ) on Thursday June 26, 2003 @07:46AM (#6301264)
    Are you on DSL? My company's mail server is on DSL from the telco, who doesn't actually have 'business-class' versus 'residential class' DSL service.

    AOL also requires that your R-DNS matches what you claim your domain name to be. Do you have your PTR records in order? If you're on DSL (or dial-up) that can be difficult or impossible, depending on your provider.

    I also question AOL's explanation of 'open relay.' They say that, if someone not on your network can connect to port 25 on your server, then you're an open relay. This entirely ignores POP-before-SMTP, IMAP-before-SMTP, and SMTP AUTH, which is what we use.

    They may be better about it than their simple explanation; I only filled out their webform last night, so I don't have my results in yet. My solution was to hard-code the MX record for AOL.com to actually be my ISP's SMTP server, so mail to AOL gets relayed from a more legitimate-seeming source.

    • Re:Dial-up or residential IP blocks, too (Score:5, Funny)

      by slittle ( 4150 ) on Thursday June 26, 2003 @09:33AM (#6301897) Homepage
      if someone not on your network can connect to port 25 on your server, then you're an open relay
      iptables -I INPUT 1 -J REJECT -p tcp --dport 25

      Wow, they're right! I'm completely spam free now!
    • AOL also requires that your R-DNS matches what you claim your domain name to be.

      This is a violation of RFC 2821.

      They say that, if someone not on your network can connect to port 25 on your server, then you're an open relay.

      I highly doubt that - if so, it would eliminate ALL ISPs who use the same server for inbound as for outbound mail. Which is 90% of small ISPs.

      Do you have any links to back up your claims? I find it incredibly hard to believe that techs that are capable of keeping a network the si
      • This is a violation of RFC 2821.

        Then they should be listed on rfc-ignorant. Their page [aol.com] says

        * AOL's mail servers may reject connections from IP addresses which have no reverse-DNS (PTR record assigned).

        So, not that they have to match, although I thought I'd read that elsewhere, but that they MAY reject if there is NO rDNS.

        Second point

        Sorry - slightly mis-worded. Link [aol.com] from the link on the original post.

        Quote:

        The second way to test your server is to telnet to the IP address in question on por

        • So, not that they have to match, although I thought I'd read that elsewhere, but that they MAY reject if there is NO rDNS.

          OK, still in violation, but not as bad as you claimed..

          telnet to the IP address in question on port 25 from a different Internet Service Provider and manually initiate an SMTP transaction. If you can send mail from yourself from the different ISP, your server is an open relay.

          I don't see what the problem is with this - if you can do that, then you are an open relay.
          • I may have misread their page, or they may have clarified the point. I thought that, when I read their page yesterday, it said 'connection to port 25 from another network is bad.' Ignoring, as you said, those who do inbound SMTP and outbound SMTP on the same server, or perform some variety of authentication. Now that I've re-read it, it doesn't match my memory.

            The big things that tripped us up was the IP block list. We're supposedly 'dynamic' although we're not. The ISP doesn't differentiate their IP bloc

        • > AOL's mail servers may reject connections from IP addresses
          > which have no reverse-DNS

          That's to keep out the Asian crap. Try this some time: select
          ten pieces of Asian spam (the stuff with ideographic characters
          in the subject line) at random. Look at the headers, and pick
          out the IP address of the MTA that your ISP's mailserver received
          the message from. Try to traceroute these addresses, with reverse
          DNS lookups at every hop.

          It's nothing if not consistent. You can watch the domain names
          go west t
    • "I also question AOL's explanation of 'open relay.' They say that, if someone not on your network can connect to port 25 on your server, then you're an open relay."

      This is totally untrue. If that were the case, they'd be blocking every site that used a single server for incoming and outgoing mail (thus requiring port 25 be open to anyone). They most certainly do not do this.
    • They say that, if someone not on your network can connect to port 25 on your server, then you're an open relay.

      Uhhm, I have another theory.

      If people outside of my domain can connect to port 25 on my mail server, they are able to deliver mail to my domain, regardless of if they can relay or not.

      There. How's that? :-)

  • Something to consider: Spammer@Home.... (Score:5, Insightful)

    by wowbagger ( 69688 ) * on Thursday June 26, 2003 @08:10AM (#6301375) Homepage Journal
    It sounds like you've done an admirable job securing YOUR system. What about your USERS?

    There are far too many morons who run what I call "Spammer@Home" (a play upon Seti@Home) - software that downloads a list of addresses from a spammer, then uses direct-to-MX from the luser's machine to send spam. Thus spammers get around blacklists.

    So the luser on your system pisses off the world, and gets your netblock blacklisted. If you catch them, you can terminate them (or at least their account) and maybe get back, but....

    Now, I know this is an unpopular suggestion with many SlashTrollBots, but have you considered blocking outbound SMTP from your customers? You can always allow the customers with a real need out (they just have to let you know), but by default block SMTP to anyplace other than your server (or better still, redirect it to your server).

    The average user will not notice if they cannot send directly to other servers. If you redirect to your server, programs that do direct-to-MX will still work - you will just have a chance to check the mail (or at least log it). And anybody too 31337 to use your mail server can call you and ask you to change the settings to allow them out.

    (Sits back to watch the morons bitch about this...)
    • Having worked for serveral ISPs and hosting providers, I can tell you that this will cause more headache to the sysadmin than you imagine.

      If you re-read the original post, you will notice that this is about a hosting provider.

      Most hosted websites provide some sort of forum or feedback page or something that requires access to an SMTP server to send back replies or notifications or similar.

      On average, I noticed that 85% of hosted sites require SMTP, so blocking ALL and then ALLOWING a subset will be a lo

      • Re:Something to consider: Spammer@Home.... (Score:4, Insightful)

        by mikey504 ( 464225 ) on Thursday June 26, 2003 @10:20AM (#6302405)
        If I read it correctly (dubious as I am still a little groggy this morning) he is not disallowing SMTP traffic, he is only saying that it all has to go through his mail host.

        I did something similar here-- all port 25 traffic that originates from behind our firewall must be bound for our mail server. This stops a lot of crappy ad ware and email viruses that pack their own SMTP engine.

        I don't see a similar set up for a hosting provider as being unneccessarily restrictive. It might not do anything to keep your customers from spamming from your net block, but at least it would all be routed through your server, greatly increasing the chances you would detect it and stomp the perpetrator's guts out-- or whatever action you feel is appropriate.

        • I did something similar here-- all port 25 traffic that originates from behind our firewall must be bound for our mail server. This stops a lot of crappy ad ware and email viruses that pack their own SMTP engine.

          A better solution (ie. one that's less likely to have a customer call your support desk) is to transparently proxy all outbound SMTP traffic to your server.

          An extra step would be to do connection throttling, which would limit the damage caused by the "@home" spammer, or customers who set up an op
          • Yes, but the transparent proxying is also a huge problem to the security consious as if your SMTP server is ever compromised, all e-mail is at risk, some people prefer to use other SMTP servers to mitigate that risk.

            So if you do this, make sure you inform your customers, not keep quite about it. Otherwise it's a good way to piss off the ones you want on your network, security concious informed users... fortunatly for you they exist. Informed users... wow.
        • If you do this (redirect port 25 to your mailserver) and use some kind of e-mail filter there (Razor, maybe, combined with Bayesian filter, or whatever makes your clock tick) rejecting what seems to be spam then... voila... nobody will spam from your netblock again and you are free from blacklists!!!
          Been there, done that. Some guy running a mailing list will call you saying all the list's email are being rejected, you adjust the filters and go for another cup of Brazilian coffee.
        • Cox Cable just started blocking outbound port 25 in my area and there are quite a few problems with it. The worst is that they have arbitrarily decided that 5 MB is the maximum message size for email.

          That would be fair if it only applied to mail being delivered to them (after all, it's their disk space) but it's unacceptible for a required SMTP relay. Many of my users subscribe to Cox for home connections and have valid reasons to send email that is quite a bit larger. The result is that their broadband
        • I don't see a similar set up for a hosting provider as being unneccessarily restrictive.

          Unless that hosting provider has customers who want to use services like mine [vfemail.net]. Two advantages for the user are not having to worry about your current provider virus scanning/spam tagging your email, and you have a consistant email address no matter who your provider is.

          So while I agree with your solution from an isp point of view, keep in mind that if you aren't providing the same services independant companies are

      • The bigger problem is when ISP's block port 25 to my servers. As you mentioned - we're a hosting provider and not an ISP.

        Our customers rely upon us for SMTP/POP3. When ISP's kill outbound 25 - it makes it difficult....... ......however, when MSN decides that they will ONLY allow HTTP traffic on their network, and block ALL POP3/SMTP traffic - that makes it impossible to compete doesn't it?
        • Our customers rely upon us for SMTP/POP3. When ISP's kill outbound 25 - it makes it difficult....... ......however, when MSN decides that they will ONLY allow HTTP traffic on their network, and block ALL POP3/SMTP traffic - that makes it impossible to compete doesn't it?

          What do you mean? Do you mean that you'll be hindered if you are no longer able to connect to a dialup user's port 25? Why on earth would you need to do that?

          Or do you mean that you're trying to run an smtp server on an MSN account? T
    • Cox cable does this in my area -- no port 25 connections to anything except their own SMTP servers.

      Doesn't really have any negative impact on me and helps them control spam, so I'm happy with it.

    • O.k. I'll bite...This won't work for me and I think it won't work for a lot of people.

      I have two accounts, one is yahoo DSL and the other is a hosting company for my email and web page (interland.com). Both require pop-before-smtp before allowing outgoing email. Exim is not easy to setup to do outgoing pop-before-smtp (o.k. I spent a whole weekend unsuccesfully working on it, no one on the exim-support mailing list had figured it out (or if they had they weren't saying)). My only solution was to send mail
      • Your DSL provider requires POP-before-SMTP? That's pretty pathetic, considering that they run the network, and thus should already know which netblocks they should relay mail for...
      • Does either of your providers use SMTPS (SMTP over SSL - port 465)? This would solve the authentiction problem quite handily.

        Do either of them use SMTP-AUTH?

        If not, then perhaps rather than not paying attention to posts on Slashdot (had you BEEN paying attention you would have seen that I explicitly stated that the ISP should allow port 25 through IF THE CUSTOMER ASKS FOR IT) your time would be better spent trying to get your mail providers to adopt more recent means of preventing abuse.
    • I work on an ISP that hosts a very old domain (mandic.com.br). Several Brazilian spam programs send spam with our domains as a recipient. They do not use my servers, they are not my users, but still we get black-listed. What's the point on securing my users then?

      • They do not use my servers, they are not my users, but still we get black-listed. What's the point on securing my users then?

        "Hmm. I've severed an artery. Oh well, I was going to die someday anyway, what's the point of trying to stop the bleeding now?"

        True, you are suffering because of something not your fault, and that sucks. However, most GOOD blacklists will look at where the REAL sender is, not the faked headers - those blacklists won't list you because of these faked emails, but WILL list you if you

        • The only problem is most provider don't use GOOD blacklists. I had a problem with 2m (ie: mmm.com and 3m.com) for instance, I called their support and had to listen to the "technical contact" yelling at me because they were receiving spam with recipients from my domains. Same happend with lycos.com, footlocker.com and many other medium to big providers.
  • Have any other Slashdot readers experienced similar problems with blacklisting and the big ISPs?
    way more than average, i presume... ;)

  • openrbl.org is a useful tool (Score:3, Interesting)

    by Uncle Dazza ( 51170 ) on Thursday June 26, 2003 @08:23AM (#6301455)
    This is a real problem. Many blacklists are far to eager to list an IP without real evidence of spamming.

    openrbl.org is useful for looking up your host and trying to figure out what blacklists you are on. But it is still fairly difficult to track down. Our server is listed on three blacklists there even though we have a static IP and have never emitted a single spam address. Sigh.

    The other problem I've found is that when a bounce arrives from another server that says you are blacklisted, you can't email them to find out what list they use!

    Our mail server does not use any blacklists, which is a shame because we get quite a bit of spam. But we are a business and I cannot take the risk of a client email bouncing, especially if they are innocent and the blacklist is wrong.

    What I'd like is a SMTP front end that uses blacklists to determine the likelyhood of the site as a spam source, and delay spam messages for a day or so. The idea being that many mass email programs cannot keep retrying for that long.
    • Our mail server does not use any blacklists, which is a shame because we get quite a bit of spam. But we are a business and I cannot take the risk of a client email bouncing, especially if they are innocent and the blacklist is wrong.

      Why not use SpamAssassin [spamassassin.org]? I have the same situation here at work, and using SpamAssassin works like a champ. I use that along with Anomy [anomy.net]. SpamAssassin scans and scores the mail as being possible spam.

      I currently specify a score of 6+ as spam. Then that mail gets sent th

  • AOL Blacklists dynamic IP's (Score:5, Informative)

    by nemui-chan ( 550759 ) on Thursday June 26, 2003 @09:04AM (#6301694) Homepage
    Are you using any sort of IP address that has been flagged by a provider as a dynamic IP address? AOL refuses email from ALL dynamic IP based servers... which kind of sucks for a lot of people that run their own servers.
    • Anyone running their own personal mail server or a small buisness (less than ~100 email accounts on a DSL or even fractional T1s) should use their ISPs (or with prior permission) another "smart" mailserver to send out mail (Relay) for them

      • ...should use their ISPs (or with prior permission) another "smart" mailserver to send out mail (Relay) for them

        Maybe I'm wearing a tinfoil hat, but I don't like the idea of my business or personal email going through my ISP's mail servers. Sure, there is no expectation of privacy in unencrypted email. Sure, Carnivore will sniff at it regardless. Its just that the fewer log files that record my activity, the happier I feel.

        And, SPEWS has blacklisted my ISP. So, my ISP's SMTP server is just as blacklist

      • Anyone running their own personal mail server or a small buisness (less than ~100 email accounts on a DSL or even fractional T1s) should use their ISPs

        Why?

        No seriously... Why? Why should I use my ISP's mail server rather than running my own? So when one of their weekly server configuration screwups occurs, I can miss important messages? In my experience, actualy connectivity outages occur FAR less often, and for much shorter periods, than "Oh dear, server X has gone down, I guess we should mention i
    • That's fine, but what are you running a server for if you're on a dynamic IP? That's painful from a logistical standpoint.

  • Incidental Consolidation (Score:5, Insightful)

    by 4of12 ( 97621 ) on Thursday June 26, 2003 @09:23AM (#6301828) Homepage Journal

    Let me try to understand this.

    1. You're a little ISP with O(10**2) customers and they're a big ISP with O(10**6) customers.
    2. If they block you, then a greater fraction of your users suffer than of their users.
    3. If you block them, then a greater fraction of your users suffer than of their users.
    4. And they're in the same line of business?

    While far too many people are willing to jump into Grassy Knoll theories at the drop of a hat that are unsubstantiated, and my theory is unsubstantiated, it nevertheless remains true that foot-dragging on resolving this particular issue will serve to help the larger ISP grow larger at the expense of the smaller ISP.

  • Could be a new carreer path (Score:3, Interesting)

    by acarr0 ( 652849 ) on Thursday June 26, 2003 @09:46AM (#6301976)
    With all the renewed focus on fighting SPAM it has occurred to me that this could be a good business opportunity. It seems that small business could use someone who could not only help them to nail down mail servers but also someone who has experience with getting issues like being blacklisted resolved. A combination techie and advocate who knew who to call to get issues resolved quickly. Someone who has contacts throughout the industry. Anyone interested?

  • Onion statshot (Score:5, Funny)

    by jbert ( 5149 ) on Thursday June 26, 2003 @09:54AM (#6302037)
    Did this remind anyone else of the onion [theonion.com] 'statshot' feature.

    Top-ten reasons: Why are we on e-mail blacklists?

    1 - Poor social skills cause instant dislike in anyone we communicate with

    2 - Cursed by bequest of Nigerian Uncle's Viagra stockpile

    3 - Was unaware that neighbours were advertising us as "live nerd-cam!"

    4 - this is slashdot?????

    5 - profit!

  • AOL only looks one hop back (Score:5, Informative)

    by Anonymous Coward on Thursday June 26, 2003 @10:44AM (#6302633)
    We had a simular problem at the Web Hosting company where I work. Our clients are permitted to setup blanket email forwards to a selected address, that is all email to @ are forwarded without filtering to .. Some of them use AOL accounts, so they end up with SPAM forwarded to them (they asked to get everything so they get EVERYTHING). AOL has a "feature" that permits you to click "this is spam" when you delete it. This generates a SPAM complaint. AOL only looks at the last place that the email was delivered from for these complaints. Enough complaints and that server gets black-listed. So we have our customers getting us listed, even though our servers are NOT open relays, open proxies, require SMTP Auth and that we have a very anti-spam policy as part of our TOS. We have now instituted a policy of not permitting this kind of forwards to AOL accounts. BTW we have re-submitted our servers for testing at http://postmaster.info.aol.com and have been de-listed.
  • Big ISPs can use the current backlash against spam to further their goals to push small providers out of the market. How? They simply blacklist small ISPs.

    When small a ISP's customers get their mail bounced, they immediately complain. Since the ISP can't do anything about it, they will lose customers who can't email their friends who use AOL.
  • ...and we ended up on it also. Had to make a call to their hostmaster in VA, and 120 seconds later it was fixed. I was repeatedly assured that the issue was in no way related to anything particular on my end... they just screwed up while implementing something yesterday morning.

    - SBB

  • Check for forwarders. (Score:3, Informative)

    by GiMP ( 10923 ) on Thursday June 26, 2003 @12:26PM (#6303714)
    I've found that a lot of users will use email aliases/forwarders to forward all their email to an AOL inbox. They do this for the convience of reading all their email in a single inbox, since AOL wouldn't setup email aliases/forwards (or do they?) they have the email forwarded to AOL.

    Since all of their email is forwarded, this includes the SPAM that they receive. These clients then report the spam... but since it was forwarded from your server, guess who AOL blocks?

    AOL has a really bad system for spam. You can reprot spam that is of any vintage, months or years ago.. and they will count it against you; blacklists are automatically applied, there is no human intervention.

    I've had clients with exploitable formmail scripts installed, upon receipt of a complaint the formmail scripts were immediately removed; however, not before thousands of emails were sent to AOL accounts. It took over a month before reports stopped getting filed and we stopped getting blacklisted; regardless of the complaints being over a month obsolete.
  • Recently we switched a large set of servers to another netblock (yeah, I know sucks). We discovered after that the previous netblock owner had gotten themselves on a bunch of black-lists. Maybe that has something to do with it.
  • it is possible that a spammer is sending spam with @yourdomain.ext and some phony name. I'm not sure this is dns hijacking, but it is in a sense identity theft. At this stage of the game, your email address is slowly becoming your 'second phone number'. With the current push to make phone numbers transferrable between cell phone companies, how long will it be before people want to move between states and have the same thing or email addresses.

  • Have you asked NANAE? (Score:4, Informative)

    by frankie ( 91710 ) on Thursday June 26, 2003 @05:01PM (#6306317) Journal
    Although Slashdot is usually an excellent place for tech questions, in this particular case there is a better forum: news.admin.net-abuse.email

    Post your IP range and the sites blocking you, someone will tell you what the problem is.

  • Last saturday, I discovered that the Class C that our mailservers at work are was blacklisted by earthlink for "Dynamic IPs or Open Relays". This class c happened to contain our Dialpool (only 30 IPs, we are a very small ISP). On monday I emailed them explianing that none of our mail servers were open relays, and the whole class c wasn't dialup (helpfuly providing or dialup IP range). They emailed me back 2 hours later explaing that the class c was blacklisted as dialup, and that they had corrected the prob
  • I live in Virginia, about 30 minutes from Dulles (where AOL is based). For $25, I'll go beat the crap out of their email admin.
    • *a smile begin's to creep over Rogue's face...*

      "No! Bad Rogue, don't think such thoughts"

      *...the thought of an email admin begging to un-blacklist me....*

      "Evil Rogue! Don't be evil!"

      *...the klickity-klackity sounds of being permanantly removed from AOL's blacklis...*

      Music to my ears!!!

      Logically,
      --rogue

Slashdot Top Deals

For God's sake, stop researching for a while and begin to think!

Close