Why Are We on E-mail Blacklists?

LogicallyRogue asks: "I run an email server for a small webhosting company. We've crawled all around the email server to make it as secure as possible: tightened Sendmail's security, POP Before SMTP, denying non-authenticated relaying, using SpamCop DNS blacklist, etc. However, with all this in place, every few months, it seems that we have been blacklisted by some ISP somewhere. This month it was AOL. We had no warning, and we don't know why we were blacklisted. All the information we have is a single URL. We visit all the DNS blacklist services we can to be sure we are not on any of them. We send emails to the postmasters inquiring for more information (like perhaps a reason or copy of the email that made the ISP blacklist us) - however, those are usually bounced back because we are blacklisted. We've tried calling the Blacklisting ISP tech support - and usually get the stunned I-have-no-clue-what-you-are-talking-about silence. Have any other Slashdot readers experienced similar problems with blacklisting and the big ISPs?"

You called the wrong people

[Baloo+Ursidae]

This isn't a customer support issue as much as it is a your-server-is-being-over-anal-and-you-probably-wa nt-to-know-about-it issue. Email postmaster@host, if that doesn't work, submit them to postmaster.rfc-ignorant.org and call their NOC.

AOL fucked up

[reynaert]

From the spam-l list:

> I was shocked since I check my mailserver weekly to make sure it isn't an
> open relay. I checked several of the sites that will run checks against your
> mailserver and I was fine. *UGH* I have to call AOL to find what the problem
> is. After waiting on hold for 30 to 45 minutes, the gentlemen on the other
> end of the phone informed that they were having an "issue" where their server
> were rejecting email from IP's starting with a 6. Going to be a long morning
> for somebody over at AOL....

overzealous spam lists

[PapaZit]

Where I work, we have that problem frequently. Often, it's a result of an overzealous spam list that decides that because the spammer forged headers that make it look like mail passed through one of our machines, mail MUST HAVE come through that machine, so we should be blocked.

Call the ISP and ask which spam filtering or RBL services they use. The first-level drone won't know, but if you explain that you're being blocked and you need this information to fix the problem, you'll probably get transferred or get a call back from someone who -does- know. You'll probably discover that their filtering was overzealous.

Sometimes, you'll run into a knee-jerk admin who unconditionally believes anything the RBL tells them. It's best just to write off this ISP -- you won't convince them that you weren't sending spam. Put a custom "ISP admin is an idiot" bounce message in for that domain so that your users know why the mail didn't get through, then move on.

Of course, this assumes that you're already actively handling open relays and abuse on your end. That's part of the job, and you should check carefully to ensure that your setup is okay before contacting anyone.

Dial-up or residential IP blocks, too

[Finni]

Are you on DSL? My company's mail server is on DSL from the telco, who doesn't actually have 'business-class' versus 'residential class' DSL service.

AOL also requires that your R-DNS matches what you claim your domain name to be. Do you have your PTR records in order? If you're on DSL (or dial-up) that can be difficult or impossible, depending on your provider.

I also question AOL's explanation of 'open relay.' They say that, if someone not on your network can connect to port 25 on your server, then you're an open relay. This entirely ignores POP-before-SMTP, IMAP-before-SMTP, and SMTP AUTH, which is what we use.

They may be better about it than their simple explanation; I only filled out their webform last night, so I don't have my results in yet. My solution was to hard-code the MX record for AOL.com to actually be my ISP's SMTP server, so mail to AOL gets relayed from a more legitimate-seeming source.

AOL Blacklists dynamic IP's

[nemui-chan]

Are you using any sort of IP address that has been flagged by a provider as a dynamic IP address? AOL refuses email from ALL dynamic IP based servers... which kind of sucks for a lot of people that run their own servers.

AOL only looks one hop back

We had a simular problem at the Web Hosting company where I work. Our clients are permitted to setup blanket email forwards to a selected address, that is all email to @ are forwarded without filtering to .. Some of them use AOL accounts, so they end up with SPAM forwarded to them (they asked to get everything so they get EVERYTHING). AOL has a "feature" that permits you to click "this is spam" when you delete it. This generates a SPAM complaint. AOL only looks at the last place that the email was delivered from for these complaints. Enough complaints and that server gets black-listed. So we have our customers getting us listed, even though our servers are NOT open relays, open proxies, require SMTP Auth and that we have a very anti-spam policy as part of our TOS. We have now instituted a policy of not permitting this kind of forwards to AOL accounts. BTW we have re-submitted our servers for testing at http://postmaster.info.aol.com and have been de-listed.

Check for forwarders.

[GiMP]

I've found that a lot of users will use email aliases/forwarders to forward all their email to an AOL inbox. They do this for the convience of reading all their email in a single inbox, since AOL wouldn't setup email aliases/forwards (or do they?) they have the email forwarded to AOL.

Since all of their email is forwarded, this includes the SPAM that they receive. These clients then report the spam... but since it was forwarded from your server, guess who AOL blocks?

AOL has a really bad system for spam. You can reprot spam that is of any vintage, months or years ago.. and they will count it against you; blacklists are automatically applied, there is no human intervention.

I've had clients with exploitable formmail scripts installed, upon receipt of a complaint the formmail scripts were immediately removed; however, not before thousands of emails were sent to AOL accounts. It took over a month before reports stopped getting filed and we stopped getting blacklisted; regardless of the complaints being over a month obsolete.

Re:Happens all the time How to solve AOL blacklist

[ToadMan8]

There is a phone number to call... (let me grab it) 703.265.4670. If you call that number, you talk to some actually intelligent and customer service minded AOL people. They will give you a call ticket number if not solve the issue right on the phone, and will follow through (read: call you back) if they can't solve it right away. Miami University got blocked recently, we solved it in this manner. Hope this helps!

Re:I find it ironic.

[LogicallyROgue]

You really have a good point....

I probably shouldn't complain for your very point. However - when we get complaints that our customers emailboxes are jammed full of 'Viagra' and 'Wanna see my webcam' email messages - you have to do SOMETHING! We've tried SpamAssassin - that didn't get everything. We've tried SpamCop - that doesn't get everything. The combination seems to work fairly well.

Perhaps it's easier for the big guys (ComCast, MSN, AOL, Earthlink) than for us small web hosting shops. We need a free solution that works because we don't have $100,000.00 to drop on a SPAM solution. Because of the 'free spam utilities' that the big guys give away - it's Soooooo much harder for us to compete - or even offer similar solutions...

Have you asked NANAE?

[frankie]

Although Slashdot is usually an excellent place for tech questions, in this particular case there is a better forum: news.admin.net-abuse.email

Post your IP range and the sites blocking you, someone will tell you what the problem is.