Why Are We on E-mail Blacklists?

LogicallyRogue asks: "I run an email server for a small webhosting company. We've crawled all around the email server to make it as secure as possible: tightened Sendmail's security, POP Before SMTP, denying non-authenticated relaying, using SpamCop DNS blacklist, etc. However, with all this in place, every few months, it seems that we have been blacklisted by some ISP somewhere. This month it was AOL. We had no warning, and we don't know why we were blacklisted. All the information we have is a single URL. We visit all the DNS blacklist services we can to be sure we are not on any of them. We send emails to the postmasters inquiring for more information (like perhaps a reason or copy of the email that made the ISP blacklist us) - however, those are usually bounced back because we are blacklisted. We've tried calling the Blacklisting ISP tech support - and usually get the stunned I-have-no-clue-what-you-are-talking-about silence. Have any other Slashdot readers experienced similar problems with blacklisting and the big ISPs?"

I find it ironic.

[Captain+Pedantic]

Here you are complaining that you are being blacklisted, but at the same time you are blacklisting loads of other people.

Instant karma's gonna get you.

Something to consider: Spammer@Home....

[wowbagger]

It sounds like you've done an admirable job securing YOUR system. What about your USERS?

There are far too many morons who run what I call "Spammer@Home" (a play upon Seti@Home) - software that downloads a list of addresses from a spammer, then uses direct-to-MX from the luser's machine to send spam. Thus spammers get around blacklists.

So the luser on your system pisses off the world, and gets your netblock blacklisted. If you catch them, you can terminate them (or at least their account) and maybe get back, but....

Now, I know this is an unpopular suggestion with many SlashTrollBots, but have you considered blocking outbound SMTP from your customers? You can always allow the customers with a real need out (they just have to let you know), but by default block SMTP to anyplace other than your server (or better still, redirect it to your server).

The average user will not notice if they cannot send directly to other servers. If you redirect to your server, programs that do direct-to-MX will still work - you will just have a chance to check the mail (or at least log it). And anybody too 31337 to use your mail server can call you and ask you to change the settings to allow them out.

(Sits back to watch the morons bitch about this...)

Re:Something to consider: Spammer@Home....

[accad]

Having worked for serveral ISPs and hosting providers, I can tell you that this will cause more headache to the sysadmin than you imagine.

If you re-read the original post, you will notice that this is about a hosting provider.

Most hosted websites provide some sort of forum or feedback page or something that requires access to an SMTP server to send back replies or notifications or similar.

On average, I noticed that 85% of hosted sites require SMTP, so blocking ALL and then ALLOWING a subset will be a long tideous job, I don't know if the original author has the time/manpower to do it, but it will not work in a large(ish) environment.

Just my 2c.

Re:Something to consider: Spammer@Home....

[mikey504]

If I read it correctly (dubious as I am still a little groggy this morning) he is not disallowing SMTP traffic, he is only saying that it all has to go through his mail host.

I did something similar here-- all port 25 traffic that originates from behind our firewall must be bound for our mail server. This stops a lot of crappy ad ware and email viruses that pack their own SMTP engine.

I don't see a similar set up for a hosting provider as being unneccessarily restrictive. It might not do anything to keep your customers from spamming from your net block, but at least it would all be routed through your server, greatly increasing the chances you would detect it and stomp the perpetrator's guts out-- or whatever action you feel is appropriate.

Re:Something to consider: Spammer@Home....

[schon]

I did something similar here-- all port 25 traffic that originates from behind our firewall must be bound for our mail server. This stops a lot of crappy ad ware and email viruses that pack their own SMTP engine.

A better solution (ie. one that's less likely to have a customer call your support desk) is to transparently proxy all outbound SMTP traffic to your server.

An extra step would be to do connection throttling, which would limit the damage caused by the "@home" spammer, or customers who set up an open relay.

We implemented this years ago, and it's saved a ton of headaches - the one time that we did have a customer who tried spamming, he managed to deliver to a total of ONE address before we shut him down (my pager goes off when the loadavg on our mail server rises above a set limit.)

Incidental Consolidation

[4of12]

Let me try to understand this.

1. You're a little ISP with O(10**2) customers and they're a big ISP with O(10**6) customers.
2. If they block you, then a greater fraction of your users suffer than of their users.
3. If you block them, then a greater fraction of your users suffer than of their users.
4. And they're in the same line of business?

While far too many people are willing to jump into Grassy Knoll theories at the drop of a hat that are unsubstantiated, and my theory is unsubstantiated, it nevertheless remains true that foot-dragging on resolving this particular issue will serve to help the larger ISP grow larger at the expense of the smaller ISP.