Solved

Mail FROM AOL being blocked when sent to multiple internal recipients

Posted on 2013-01-18
5
883 Views
Last Modified: 2013-02-04
We have a subtenant who uses AOL and tried to send a message to three of our internal users.  He unfortunately got a bounce back.  I had him send me the NDR and original message to an outside account as well as my internal account and surprisingly it was delivered to both.  I had him send to each of original recipients individually and the message went through.

I started looking through my spam filter. I looked at all the Denial of Service and Blacklist rejections recently and compared them to the list of AOL sender IPs and found two hits in the past hour.

205.188.105.146
64.12.78.142

Both are AOL sender IPs and both blacklisted.  I guess my question, is anyone aware that AOL uses specific outbound IPs when there are multiple recipients and a different IP set when it’s a single?  Has anyone else run across blacklisted AOL outbound IPs?

Thanks,
Mike

AOL Outbound Sender IPs
http://postmaster.aol.com/Postmaster.OMRs.php
0
Comment
Question by:tw525
  • 4
5 Comments
 
LVL 13

Expert Comment

by:Gabriel Clifton
ID: 38795027
AOL has been known to blacklist emails when the email is sent to multiple addresses and certain words appear in the subject or body. Most of this started when a bulk of spam came from AOL email addresses. Try sending to the group with test as subject and body.
0
 
LVL 1

Author Comment

by:tw525
ID: 38826861
Panther, AOL is very agressive at blocking mail inbound to them.  What I am referring to is mail Outbound from AOL.  AOL's sender IPs are blacklisted and my spam filter is seeing it and rejecting the mail.  So it's an AOL sender unable to get to a recipeint on my end.

Are my DNS blacklist servers too agressive?

I am currently referencing the following:
bl.spamcop.net
dnsbl.sorbs.net
zen.spamhaus.org


I have been seeing SORBS BLing a lot of my mail.  I believe I added them about 6-9 months back when I saw a lot of the fedex package, discover card and other phishing scams not being picked up fast enough on my other BL servers.

I guess I'm just surprised AOL has allowed their sender IPs to be Blacklisted.  I checked again today and noticed 64.12.78.142 has been removed from while 205.188.105.146 is still listed on SORBS and another site called CHOON.

I know there are lists out there like backscatter that unfairly lists sites or hold them hostage on the list unless they pay a fee to be released.  I would not reference a site like this.  Is SORBS unfairly listing AOL addresses or are there issue at play over at AOL that allowed this issue to happen?

Thoughts?
0
 
LVL 1

Author Comment

by:tw525
ID: 38828923
Guys, there is no way for me to ask AOL to stop blacklisting their IPs.  I am working under the assumption that perhaps SORBS is being too aggressive.  Did a bit of searching online and through out my own anti-spam records.  SORBS lists a significant number of IPs are aren't listed on other major DNSBLs.  

I have temporarily switched my DNSBLs to the following, based on suggestion and what I have seen throughout my own logs:

cbl.abuseat.org
b.barracudacentral.org (required me to set up a membership, but is completely free)
zen.spamhaus.org

I will report back if these seem to curb the false positives with no significant influx of spam.

Thanks,
Mike
0
 
LVL 1

Accepted Solution

by:
tw525 earned 0 total points
ID: 38835348
So I got little response about this issue, not only on E-E.com, but other avenues as well.  It's possible SORBS is too aggressive.  It might be an inadvertant consequence of the volume of mail AOL produces that their multi recipeint IP gets blacklisted.  However it only seemed to be tagged by SORBS.

End result, I dropped SORBS from my 3rd party DNSBL list.

Found an interesting site which ranks DNSBLs based on volume, but not false positives or missed spam, just volume of spam stopped.  

http://www.sdsc.edu/~jeff/spam/Fighting.html

I then took the heavy hitters and compared it to my own database of spam in my Websense filter to see which are tagging legit spammer IP, which have false positives, and which are missing spam.

Previous third party DNSBL list:
bl.spamcop.net
dnsbl.sorbs.net
zen.spamhaus.org

Current third party DNSBL list:
b.barracudacentral.org (Required free membership signup)
cbl.abuseat.org
zen.spamhaus.org
0
 
LVL 1

Author Closing Comment

by:tw525
ID: 38850425
The one respondant didn't understand the question.  I posted my own solution to the issue.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

MS outlook is a premier email client that enable you to send and receive the e-mails with various file formats of attachments such as document files, media file, and many others formats. There is some scenario occurs when a receiver of an e-mail mes…
Import PST to Exchange using Power Shell new-mailboximportrequest command, you can simply import the PST file into Exchange mailbox or archived. To know How to import PST into Exchange  2013 read the complete article.
Familiarize people with the process of utilizing SQL Server views from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Access…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now