Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why Are We on E-mail Blacklists?

Posted by Cliff on from the no-spam-from-here...honestly! dept.

LogicallyRogue asks: "I run an email server for a small webhosting company. We've crawled all around the email server to make it as secure as possible: tightened Sendmail's security, POP Before SMTP, denying non-authenticated relaying, using SpamCop DNS blacklist, etc. However, with all this in place, every few months, it seems that we have been blacklisted by some ISP somewhere. This month it was AOL. We had no warning, and we don't know why we were blacklisted. All the information we have is a single URL. We visit all the DNS blacklist services we can to be sure we are not on any of them. We send emails to the postmasters inquiring for more information (like perhaps a reason or copy of the email that made the ISP blacklist us) - however, those are usually bounced back because we are blacklisted. We've tried calling the Blacklisting ISP tech support - and usually get the stunned I-have-no-clue-what-you-are-talking-about silence. Have any other Slashdot readers experienced similar problems with blacklisting and the big ISPs?"

19 of 118 comments (clear)

  1. You called the wrong people by Baloo+Ursidae · · Score: 3, Informative

    This isn't a customer support issue as much as it is a your-server-is-being-over-anal-and-you-probably-wa nt-to-know-about-it issue. Email postmaster@host, if that doesn't work, submit them to postmaster.rfc-ignorant.org and call their NOC.

    --
    Help us build a better map!
  2. overzealous spam lists by PapaZit · · Score: 5, Informative

    Where I work, we have that problem frequently. Often, it's a result of an overzealous spam list that decides that because the spammer forged headers that make it look like mail passed through one of our machines, mail MUST HAVE come through that machine, so we should be blocked.

    Call the ISP and ask which spam filtering or RBL services they use. The first-level drone won't know, but if you explain that you're being blocked and you need this information to fix the problem, you'll probably get transferred or get a call back from someone who -does- know. You'll probably discover that their filtering was overzealous.

    Sometimes, you'll run into a knee-jerk admin who unconditionally believes anything the RBL tells them. It's best just to write off this ISP -- you won't convince them that you weren't sending spam. Put a custom "ISP admin is an idiot" bounce message in for that domain so that your users know why the mail didn't get through, then move on.

    Of course, this assumes that you're already actively handling open relays and abuse on your end. That's part of the job, and you should check carefully to ensure that your setup is okay before contacting anyone.

    --
    Forward, retransmit, or republish anything I say here. Just don't misquote me.
  3. RBL's aren't perfect... by PunkeyFunky · · Score: 5, Interesting

    ..and as such, shouldn't be relied upon as a "oh this is definately for rejection". My firm uses an RBL as a plug in to SpamAssassin. Just being in the RBL by itself isn't enough to get rejected, but it bumps up the score a bit. Unfortunately, because RBL's are easy to slave and use, too many people rely on them, when the use is now limited. Limited by the fact that the 'big' spammers are incredibly clever these days. Having said all that, it wouldn't surprise me if AOL started blocking addresses with the '@' symbol... ;) Lee -- 'I love spam. Come get me.'

  4. I find it ironic. by Captain+Pedantic · · Score: 4, Insightful

    Here you are complaining that you are being blacklisted, but at the same time you are blacklisting loads of other people.

    Instant karma's gonna get you.

    --

    None are more hopelessly enslaved than those who falsely believe they are free. Johann Wolfgang von Goethe.
  5. Dial-up or residential IP blocks, too by Finni · · Score: 4, Informative
    Are you on DSL? My company's mail server is on DSL from the telco, who doesn't actually have 'business-class' versus 'residential class' DSL service.

    AOL also requires that your R-DNS matches what you claim your domain name to be. Do you have your PTR records in order? If you're on DSL (or dial-up) that can be difficult or impossible, depending on your provider.

    I also question AOL's explanation of 'open relay.' They say that, if someone not on your network can connect to port 25 on your server, then you're an open relay. This entirely ignores POP-before-SMTP, IMAP-before-SMTP, and SMTP AUTH, which is what we use.

    They may be better about it than their simple explanation; I only filled out their webform last night, so I don't have my results in yet. My solution was to hard-code the MX record for AOL.com to actually be my ISP's SMTP server, so mail to AOL gets relayed from a more legitimate-seeming source.

    1. Re:Dial-up or residential IP blocks, too by slittle · · Score: 5, Funny
      if someone not on your network can connect to port 25 on your server, then you're an open relay
      iptables -I INPUT 1 -J REJECT -p tcp --dport 25

      Wow, they're right! I'm completely spam free now!
      --
      Opportunity knocks. Karma hunts you down.
  6. Something to consider: Spammer@Home.... by wowbagger · · Score: 4, Insightful

    It sounds like you've done an admirable job securing YOUR system. What about your USERS?

    There are far too many morons who run what I call "Spammer@Home" (a play upon Seti@Home) - software that downloads a list of addresses from a spammer, then uses direct-to-MX from the luser's machine to send spam. Thus spammers get around blacklists.

    So the luser on your system pisses off the world, and gets your netblock blacklisted. If you catch them, you can terminate them (or at least their account) and maybe get back, but....

    Now, I know this is an unpopular suggestion with many SlashTrollBots, but have you considered blocking outbound SMTP from your customers? You can always allow the customers with a real need out (they just have to let you know), but by default block SMTP to anyplace other than your server (or better still, redirect it to your server).

    The average user will not notice if they cannot send directly to other servers. If you redirect to your server, programs that do direct-to-MX will still work - you will just have a chance to check the mail (or at least log it). And anybody too 31337 to use your mail server can call you and ask you to change the settings to allow them out.

    (Sits back to watch the morons bitch about this...)

    --
    www.eFax.com are spammers
    1. Re:Something to consider: Spammer@Home.... by accad · · Score: 3, Insightful

      Having worked for serveral ISPs and hosting providers, I can tell you that this will cause more headache to the sysadmin than you imagine.

      If you re-read the original post, you will notice that this is about a hosting provider.

      Most hosted websites provide some sort of forum or feedback page or something that requires access to an SMTP server to send back replies or notifications or similar.

      On average, I noticed that 85% of hosted sites require SMTP, so blocking ALL and then ALLOWING a subset will be a long tideous job, I don't know if the original author has the time/manpower to do it, but it will not work in a large(ish) environment.

      Just my 2c.

    2. Re:Something to consider: Spammer@Home.... by mikey504 · · Score: 3, Insightful

      If I read it correctly (dubious as I am still a little groggy this morning) he is not disallowing SMTP traffic, he is only saying that it all has to go through his mail host.

      I did something similar here-- all port 25 traffic that originates from behind our firewall must be bound for our mail server. This stops a lot of crappy ad ware and email viruses that pack their own SMTP engine.

      I don't see a similar set up for a hosting provider as being unneccessarily restrictive. It might not do anything to keep your customers from spamming from your net block, but at least it would all be routed through your server, greatly increasing the chances you would detect it and stomp the perpetrator's guts out-- or whatever action you feel is appropriate.

  7. openrbl.org is a useful tool by Uncle+Dazza · · Score: 3, Interesting

    This is a real problem. Many blacklists are far to eager to list an IP without real evidence of spamming.

    openrbl.org is useful for looking up your host and trying to figure out what blacklists you are on. But it is still fairly difficult to track down. Our server is listed on three blacklists there even though we have a static IP and have never emitted a single spam address. Sigh.

    The other problem I've found is that when a bounce arrives from another server that says you are blacklisted, you can't email them to find out what list they use!

    Our mail server does not use any blacklists, which is a shame because we get quite a bit of spam. But we are a business and I cannot take the risk of a client email bouncing, especially if they are innocent and the blacklist is wrong.

    What I'd like is a SMTP front end that uses blacklists to determine the likelyhood of the site as a spam source, and delay spam messages for a day or so. The idea being that many mass email programs cannot keep retrying for that long.

  8. AOL Blacklists dynamic IP's by nemui-chan · · Score: 5, Informative

    Are you using any sort of IP address that has been flagged by a provider as a dynamic IP address? AOL refuses email from ALL dynamic IP based servers... which kind of sucks for a lot of people that run their own servers.

  9. Incidental Consolidation by 4of12 · · Score: 4, Insightful

    Let me try to understand this.

    1. You're a little ISP with O(10**2) customers and they're a big ISP with O(10**6) customers.
    2. If they block you, then a greater fraction of your users suffer than of their users.
    3. If you block them, then a greater fraction of your users suffer than of their users.
    4. And they're in the same line of business?

    While far too many people are willing to jump into Grassy Knoll theories at the drop of a hat that are unsubstantiated, and my theory is unsubstantiated, it nevertheless remains true that foot-dragging on resolving this particular issue will serve to help the larger ISP grow larger at the expense of the smaller ISP.

    --
    "Provided by the management for your protection."
  10. In other news . . . by dheltzel · · Score: 5, Funny
    AOL announced today that they have corrected the "issue" with their mail servers rejecting email from IP's starting with 6. Currently email is being rejected from servers with IP's starting with 7. AOL will be publishing a schedule shortly at to when each range of IP's will have it's emails rejected.

    When asked why the company is implementing this policy, Bob Harvey, AOL's Minister of Information, said that they had determined that 70% of the emails coming from those IP's was Spam, and the remaining 30% didn't look very important to him anyway.

  11. Could be a new carreer path by acarr0 · · Score: 3, Interesting

    With all the renewed focus on fighting SPAM it has occurred to me that this could be a good business opportunity. It seems that small business could use someone who could not only help them to nail down mail servers but also someone who has experience with getting issues like being blacklisted resolved. A combination techie and advocate who knew who to call to get issues resolved quickly. Someone who has contacts throughout the industry. Anyone interested?

  12. Onion statshot by jbert · · Score: 4, Funny

    Did this remind anyone else of the onion 'statshot' feature.

    Top-ten reasons: Why are we on e-mail blacklists?

    1 - Poor social skills cause instant dislike in anyone we communicate with

    2 - Cursed by bequest of Nigerian Uncle's Viagra stockpile

    3 - Was unaware that neighbours were advertising us as "live nerd-cam!"

    4 - this is slashdot?????

    5 - profit!

  13. AOL only looks one hop back by Anonymous Coward · · Score: 5, Informative

    We had a simular problem at the Web Hosting company where I work. Our clients are permitted to setup blanket email forwards to a selected address, that is all email to @ are forwarded without filtering to .. Some of them use AOL accounts, so they end up with SPAM forwarded to them (they asked to get everything so they get EVERYTHING). AOL has a "feature" that permits you to click "this is spam" when you delete it. This generates a SPAM complaint. AOL only looks at the last place that the email was delivered from for these complaints. Enough complaints and that server gets black-listed. So we have our customers getting us listed, even though our servers are NOT open relays, open proxies, require SMTP Auth and that we have a very anti-spam policy as part of our TOS. We have now instituted a policy of not permitting this kind of forwards to AOL accounts. BTW we have re-submitted our servers for testing at http://postmaster.info.aol.com and have been de-listed.

  14. New! AOL 8.0 Rejecting Addresses Beginning with 8! by sulli · · Score: 4, Funny
    You haven't got mail!

    So easy to use, no wonder it's #1!

    --

    sulli
    RTFJ.
  15. Re:Happens all the time How to solve AOL blacklist by ToadMan8 · · Score: 5, Informative

    There is a phone number to call... (let me grab it) 703.265.4670. If you call that number, you talk to some actually intelligent and customer service minded AOL people. They will give you a call ticket number if not solve the issue right on the phone, and will follow through (read: call you back) if they can't solve it right away. Miami University got blocked recently, we solved it in this manner. Hope this helps!

    --
    I haven't posted in so long, my sig is out of date.
  16. Have you asked NANAE? by frankie · · Score: 3, Informative
    Although Slashdot is usually an excellent place for tech questions, in this particular case there is a better forum: news.admin.net-abuse.email

    Post your IP range and the sites blocking you, someone will tell you what the problem is.