Our Exchange 2003 Server was on multiple blacklists. How can we prevent this in the future?

We have an Exchange 2003 server that had several users who were sending every message out with a read receipt, delivery receipt and high importance. At least one of the blacklists we requested to be delisted from had these items listed as a potential reason for being added.

I have done my best to verify security on the Exchange 2003 server, but would like to solicit any advice for making sure there are no features or settings active that may be causing problems. One issue that occurred was when we configured an external user to have POP3 access, a flood of SPAM starting coming through a few days later. We have since turned that off and the SPAM has stopped, but I would still like to make sure things are safe and if possible be able to use POP3 access as well without compromising security.

Any advice will be greatly appreciated.

Who is Participating?
There are various ways to limit the chances of being blacklisted.  One of the easiest is to ammend your DNS to include a statement showing where you emails can be sent from using Sender Policy Framework (SPF) eg:

@   TXT   v=spf include:outlook.com ~all

The following site provides a wizard to set this up - http://spfwizard.com/

ANother way is to ensure there is an rDNS entry on you mail IP - some ISPs will check if this is there before accepting mail.
Poly11Author Commented:
I would also like to add that even though we have been removed from most of the blacklists, we are still unable to send email to several well known domains. What is the best approach to fix this issue?
Kent DyerIT Security Analyst SeniorCommented:
Have you updated your RSOP (Resultant Set of Policies) on your domain?

I think I would start there.


Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

**error**  v=spf1
Poly11Author Commented:
I have no idea where to start with this: Have you updated your RSOP (Resultant Set of Policies) on your domain? If you have a link to a resource that would be appreciated.

I have also added the TXT record. Is there a resource available that can guide me through the critical areas to check to make sure things are secure?
If you're able to set up a SPF record, that's a good thing.  Unfortunately, not all hosts support them, and because of that I haven't seen any instance where not having one will get you on a blacklist.  You should definitely have a PTR record for the IP you're sending from.  Some recipients will just check for the existence of one, others will check whether the name matches your MX record.

Some companies have their own lists of IPs that they don't accept email from, usually because the IPs are listed as being dynamic or for home users.  Problem is you don't know if you're on the list until you get blocked (and hopefully receive a NDR).  If you're on a static IP, often you can just request that your IP be de-listed, but this has to be done for each company/domain (e.g. AT&T, Comcast, Earthlink).

Check your domain with a tool such as MX Toolbox http://www.mxtoolbox.com/ to see if any issues are noted.

There are almost always better ways to access your Exchange email than POP3, but if not in your case, then your best best for security is strong passwords, and making sure that you're not allowing unauthenticated relaying via SMTP.  You might also look into using SSL for your POP3 for greater security.
Poly11Author Commented:
Thank you, all has been good so far.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.