Solved

explanation of spam prevention and blacklists

Posted on 2010-08-17
11
1,146 Views
Last Modified: 2013-11-30
Can someone explain a few things about spam prevention, blacklists and exchange RBLs...


Basically, as I understood it, if you are running an exchange server then it is of primary importance that you keep your public IP(s) off of blacklists - otherwise when your sending email from your org, your IP will be flagged as blacklisted and the receiving server will not (in some instances) accept the transmission - thats fair enough.

However, I have come across situations on several occasions now, whereby emails are being blocked from some of the organizations my company manages (we are IT services provider) - even though we are using pop email!

For example, Company A that we look after, they are using pop email provided by BT Internet - they have BT email addresses which are aliased to say info@companya.co.uk

so outlook is set up with pop and smtp servers for bt - all mail is sent through bt smtp servers.

BUT, they are being blocked from sending to a particular address, say info@external.com - they are getting a message back to the effect that the mailbox doesnt exist - I know it does, because if I telnet from my location to the external addresses mx servers, I can successfully send an email to the address.

If I telnet from Company As office, I can connect, give from address, fine. But when I type in the recipients email (the contact at the external company) I get an error saying mail cannot be sent because the IP (company As public IP (which is dynamic because they're only using pop email)) is blacklisted.

I checked company As IP address on mxtoolbox.com and it is indeed blacklisted - by SORbs and all three of the UCL Protects. Message on Sorbs is:
[MU] Dynamic/Generic IP/rDNS address, use your ISPs mail server or get rDNS set to indicate static assignment.

So I read from this that the IP is blacklisted because its on a dynamic IP block - and mail shouldnt be sent from there - also fine.

So my question (after all that) is:
If we are sending email via BTs smtp servers (which we are) why is Company A's public IP being flagged as blacklisted - when the mail isnt coming directly from there??

And what can be done about this?

Just to highlight this some more, I know another very large corporation, who uses the same blacklisting techniques, and I cant send them email from my office - because we are also on dynamic IP (even though we use pop mail) - when I look my ip range up on mxtoolbox, it says its blacklisted like 28,000 ips in my subnet for whatever reason, so does that mean this company are possibly missing communications from such a large area because of spam prevention conditions...???
0
Comment
Question by:davids355
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 5

Expert Comment

by:danubian
ID: 33453285
Though I'm not an expert on spam prevention and blacklists, these are my lines:
Using dynamic IPs you may get rejected e-mails when trying to sent to some sites because many e-mail servers do a reverse DNS lookup to check the validity of the sender. Your reverse lookup will not correspond to the sending domain name (ISP Controls this) and message will be rejected.
Or they might even block whole ranges of ip addresses because they're known to be reserved or because previous "owner" of the address was a spammer or had an infected machine on it and the address got blacklisted.
And btw - POP is a protocol for receiving mails. Is not relevant to the discussion. just sending protocol.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 33453372
The other factor is if it is a DYNAMIC IP then you dont know who was using it before. It may have been assigned to somebody else last week and they were indeed sending out spam email.
As danubian says, POP3 does not enter the equation at all as it is purely for getting email not sending it.
0
 

Author Comment

by:davids355
ID: 33453412
Hi Guys thanks for the responses so far.

Sorry for the confusion - when I say pop email, I meant that we were using a hosted email solution (pop/smtp) as apose to on-site exchange.

I uinderstand what you are both saying about dynamic IP addresses - I know if your running exchange, you need to change the RDNS for your IP - so dns checks match up with your servers FQDN, I also understand the nature of dynamic IPs means that you could get an ip that has previously been mis-used.

HOWEVER, the point I am trying to make is that when We send an email from the company, it is being sent VIA BTs SMTP servers - surely their IP would be checked (and obviously they would have RDNS set up correctly). I dont understand why the companies IP is even being checked when they are not sending the email directly...??
0
 
LVL 27

Accepted Solution

by:
shauncroucher earned 500 total points
ID: 33453933
Actually, sometimes the BT email servers do get blacklisted.

Best thing to do is as follows:

1) Make sure you are actually sending using the BT server. To do this, send yourself an email to web based email like googlemail, or yahoo or whatever. Look at the internet headers and check the last public IP in the list that connects to the receiving server. It should be a BT server.

2) If you are using BT, check their IP in blacklists at mxtoolbox.com

Shaun
0
 
LVL 5

Expert Comment

by:danubian
ID: 33454225
There are not only IP blacklists, but also DNS blacklists.
If your server got blacklisted by DNS then this explains why your mails are rejected by some servers.
0
Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

 

Author Comment

by:davids355
ID: 33454765
shauncroucher Thanks for the advice.

I sent an email to Googlemail, checked the headers - thelast sending IP was BTs SMTP server - and your right, when I checked on mxtoolbox, it was blacklisted!!

Quite interestingly though, when I tryed sending to the external address again, the email got through! I am guessing that email gets sent from 1 of several of BTs smtp servers, and if it happens to be sent from the one thats blacklisted, it wont get through right?

Well anyway, that has answered the question so thanks!

The only issue now is sorting the problem, but I guess thats up to BT? Do you think/know if they resolve these problems themselves?
0
 

Author Comment

by:davids355
ID: 33454793
Also, on a half unrelated subject, it still doesnt solve another issue I had - A different external address, I tried sending to from my work email - from two diffrent emails in fact, and that did get bounced back on both atempts with the following NDR:

Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.


--------------------------------------------------------------------------------
Sent by Microsoft Exchange Server 2007

Diagnostic information for administrators:

Generating server: xxx.dom

marketing-uk@xxxxxxxx.com
#550 5.7.1 RESOLVER.RST.AuthRequired; authentication required ##

Now the addresses I sent from are definately NOT on blacklists - one is 1and1 - I checked their IP, and the other is my personal server which isnt on a blacklist either.

I asked the external company and they seem sure there is no problem their end - and in fact I successfully sent an email to a different address on the same domain.
Is it possible that they have stricter spam prevention rules for different addresses...???

I really want to get to the bottom of that one as well, but I dont want to mess around too much because I dont want to annoy the company in question!
0
 
LVL 4

Expert Comment

by:Joediggity2
ID: 33455098
That message sounds like your email server requires authentication  and when you went to send you were not authenticated. There could be some password synchronization problems (changed you password on another computer and didn't re-login to the computer you are on).
0
 
LVL 27

Expert Comment

by:shauncroucher
ID: 33456651
It is an ongoing battle with smarthost providers like ISPs (including BT), where their own servers get blacklisted. It is a pretty hard battle for the ISP's to keep their circuits clean of SPAM hence the problem.

If email is critical, I'd consider getting a fixed IP and being in control of your own destiny, or at least as a backup method of sending via DNS, instead of relying on a third party smart provider.

Shaun
0
 

Author Comment

by:davids355
ID: 33457102
Shahn, it's not even a smarthost, we're just using pop/smtp direct from client pcs. In an ideal world i'd be using exchange, but this company doesn't have the budget for it. Anyway, thanks for all the help!!
0
 
LVL 27

Expert Comment

by:shauncroucher
ID: 33463560
I use smarthost in loose terms. In Microsoft lingo you are using a smartshot because you are sending all your mail to a BT server. In real terms you are using an SMTP relay server provided by BT.

The same is true whether exchange is used or not, if you have a fixed IP you can use a free SMTP server app on the local PC's to send out using your own IP and then you don't rely on BT.

Shaun
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

Suggested Solutions

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This video discusses moving either the default database or any database to a new volume.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now