Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 969
  • Last Modified:

Mail FROM AOL being blocked when sent to multiple internal recipients

We have a subtenant who uses AOL and tried to send a message to three of our internal users.  He unfortunately got a bounce back.  I had him send me the NDR and original message to an outside account as well as my internal account and surprisingly it was delivered to both.  I had him send to each of original recipients individually and the message went through.

I started looking through my spam filter. I looked at all the Denial of Service and Blacklist rejections recently and compared them to the list of AOL sender IPs and found two hits in the past hour.

205.188.105.146
64.12.78.142

Both are AOL sender IPs and both blacklisted.  I guess my question, is anyone aware that AOL uses specific outbound IPs when there are multiple recipients and a different IP set when it’s a single?  Has anyone else run across blacklisted AOL outbound IPs?

Thanks,
Mike

AOL Outbound Sender IPs
http://postmaster.aol.com/Postmaster.OMRs.php
0
tw525
Asked:
tw525
  • 4
1 Solution
 
Gabriel CliftonCommented:
AOL has been known to blacklist emails when the email is sent to multiple addresses and certain words appear in the subject or body. Most of this started when a bulk of spam came from AOL email addresses. Try sending to the group with test as subject and body.
0
 
tw525Author Commented:
Panther, AOL is very agressive at blocking mail inbound to them.  What I am referring to is mail Outbound from AOL.  AOL's sender IPs are blacklisted and my spam filter is seeing it and rejecting the mail.  So it's an AOL sender unable to get to a recipeint on my end.

Are my DNS blacklist servers too agressive?

I am currently referencing the following:
bl.spamcop.net
dnsbl.sorbs.net
zen.spamhaus.org


I have been seeing SORBS BLing a lot of my mail.  I believe I added them about 6-9 months back when I saw a lot of the fedex package, discover card and other phishing scams not being picked up fast enough on my other BL servers.

I guess I'm just surprised AOL has allowed their sender IPs to be Blacklisted.  I checked again today and noticed 64.12.78.142 has been removed from while 205.188.105.146 is still listed on SORBS and another site called CHOON.

I know there are lists out there like backscatter that unfairly lists sites or hold them hostage on the list unless they pay a fee to be released.  I would not reference a site like this.  Is SORBS unfairly listing AOL addresses or are there issue at play over at AOL that allowed this issue to happen?

Thoughts?
0
 
tw525Author Commented:
Guys, there is no way for me to ask AOL to stop blacklisting their IPs.  I am working under the assumption that perhaps SORBS is being too aggressive.  Did a bit of searching online and through out my own anti-spam records.  SORBS lists a significant number of IPs are aren't listed on other major DNSBLs.  

I have temporarily switched my DNSBLs to the following, based on suggestion and what I have seen throughout my own logs:

cbl.abuseat.org
b.barracudacentral.org (required me to set up a membership, but is completely free)
zen.spamhaus.org

I will report back if these seem to curb the false positives with no significant influx of spam.

Thanks,
Mike
0
 
tw525Author Commented:
So I got little response about this issue, not only on E-E.com, but other avenues as well.  It's possible SORBS is too aggressive.  It might be an inadvertant consequence of the volume of mail AOL produces that their multi recipeint IP gets blacklisted.  However it only seemed to be tagged by SORBS.

End result, I dropped SORBS from my 3rd party DNSBL list.

Found an interesting site which ranks DNSBLs based on volume, but not false positives or missed spam, just volume of spam stopped.  

http://www.sdsc.edu/~jeff/spam/Fighting.html

I then took the heavy hitters and compared it to my own database of spam in my Websense filter to see which are tagging legit spammer IP, which have false positives, and which are missing spam.

Previous third party DNSBL list:
bl.spamcop.net
dnsbl.sorbs.net
zen.spamhaus.org

Current third party DNSBL list:
b.barracudacentral.org (Required free membership signup)
cbl.abuseat.org
zen.spamhaus.org
0
 
tw525Author Commented:
The one respondant didn't understand the question.  I posted my own solution to the issue.
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now