General discussion


Has anyone else been blacklisted?

By jdclyde ·
Been going through heck for over a week now.

It seems our corporate e-mail has made it onto the CBL blacklist.

They state the reasons for blacklisting can be:
Being a Relay
Infected with Netsky, Bagle, MyDoom or others.
Or if using NAT'ed addresses, then another system on the network may be sending out the SPAM.

Have taken the following steps.
Blocked SMTP from all system except the e-mail server witht the firewall.
Double checked if mail server was running as a relay.
Server runs Linux, so the above mentioned viruses do not apply.
Have scanned the network and the server for anything that looks suspicious.

All come up clean.
Request removal from list, get removed and put right back on a day later.
After getting blacklisted 4 times this week, I am starting to get upset.

Has anyone else had this problem?
How did you resolve this issue?

Would this blacklisting be illegal for them interfering with the transmission of legitamate business usage that we have paid for?

How do I stay off that list?
Is there a governing authority that this organization can be reported to?
Is there a legal authority they can be reported to?

Or do I just have to sit here and cry in my oatmeal?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Legal Questions

by BFilmFan In reply to Has anyone else been blac ...

No, it isn't illegal. Just like you can tell people to not trepass on your personal property, a company has a right to reject email from your domain.

Are the workstations that are sending mail through the Linux server infected with a virus and this is the source of the issue?

Usually the blacklist lists the reason you were placed on it.

And is it your organization or your ISP that has been placed on the list? Some of the ISPs are well known for being lax on enforcing action on spammers, which might be the source of the whole issue. If you have a contract with the ISP guaranteeing a level of service, then you may well have cause for legal action.

Collapse -

listed by our IP

by jdclyde In reply to Legal Questions

It is the IP address for our outbound traffic that has been listed, not a range.

Our firewall is set to delete all suspicious attachments.

It also has a virus scan on it.

All pc's have Antivirus running and controlled by a central AV server. Symantec Corportate ver 9.

Collapse -

This happened to me with ORBS

by AV . In reply to Has anyone else been blac ...

About 8 years ago before spam was that big of an issue, I received an email from ORBS saying that our mail server was reportedly spamming and someone had complained.

I emailed ORBS back and asked them when we were supposedly doing that and they gave me the dates. It was done over one weekend.

At the time I was running Exchange 5.5 and had a MS proxy server. When I looked at the proxy logs, it showed the username and workstation IP address that was on the internet the entire weekend. It turned out that the user had signed up with a site called Onelist and she requested many different newsletters. They were really just spammers.

I was an open relay spewing spam for one weekend. The Exchange 5.5 relay configuration was confusing and it didn't have the right settings. After hearing from ORBS, I fixed it immediately with the help of a MS knowledgebase article.

After I fixed the relay problem, ORBS remotely tested my server to see if I could still relay and I tested ok so they didn't put me on the list. But, they (or their equivalent) still test my mail server twice a year randomly. A message is left in an undeliverable mail folder that my mail server passed the test every time they do. Not exactly out in the open.

It isn't illegal for them to do, but I think some of them go too far. They should at least allow you some time to investigate or fix what is wrong. They have the ability to test your server remotely to see if you are still an open relay or virus infected. Its wrong for them to just blacklist you without giving you a chance to correct the problem.

You need to email them until you get an answer about what you have to do to get permanently removed from the list. Get a name. Ask them to test your server remotely. They should take you off the list if your server is OK. ORBS worked with me, even though I ended up on the "watched" list with them or their successor forever.

I really think they do a service to the internet community, but they should be more focused on correcting the problem instead of persecution. Alot of legitimate businesses end up there without being able to get off the list or ever put on it to begin with. It just isn't fair.

Good luck with it. It worked out for me and I hope it works out for you.

Collapse -

might not be you causing it

by Jaqui In reply to Has anyone else been blac ...

some apps will submit a private list of blocked addy's to blacklist servers automatically, if someone on your email list is using one of these apps and they blocked you instead of requesting removal, then they are the cause of this.

it could also be a unhappy (ex)employee getting you listed as payback for something they feel wronged about.

Collapse -

It;s common

by Oz_Media In reply to Has anyone else been blac ...

RBL listers re usually very inexperienced people who are out to stop hom ebased spam.

I had a company who's mail was blacklisted because they used GroupWise fr email. GW will accept relayed mail, however it doesn't actually relay it. So whenthey conduct open relay tests it gets blacklisted.

Novell wrote a patch to mask it and save GW users.

For the most part, they are inaacurate and unknowledgable script kiddies that start these things, although they appear to be internet watchdogs, most are just ISP wannabe's or people sick of spam and are trying to control the internet at people's expense.

I would be in contact with them BY PHONE and very upset, explaining that they are stopping your business. Unfortunately this is an Exchnge issue as many companies leave open relays when they configure theri servers.

NOTE: Only companies with REALLY crappy spam filters (Spam Cop and garbage you can get for home at about $30.00 copy) will be using RBL lists as the sole defense mechanism. A proper system will simply add a weihgted value to the RBL test and then weigh it aainst other moe accurate methods, such as a heuristic scan and keyword scan as wel las others, then weigh the total against a predetermined threshold.

So you are stuck between an unreliable and VERY crappy list and oeth Uneliable and VERY crappy Spamsoftware at the recipient.

If it is JUST a few companies that you can't get mail to, call and ask them to add an exception to their filter (or ditch the crap altogether fo real software).

I would then call the kiddies at the RBL sitte and raise blue murder! What the yae doing is okay for Yahoo and DCHUI76R*@$$ but not for businesses.

I scared the living crap out of one RBL lister ORBS, and was NEVER listed again, whether a lawsuit was valid or not, it got some action from him.

Collapse -

I disagree on some points

by Roger99a In reply to It;s common

Some RBL lists are probably run by rookies, or aimed at purposes inconsistant with your particular business goals. No business should ever use Blars, for example, because you have to pay him to get removed. Running random open relay tests is just a bad idea, but accepting relaying messages would seem to invite spammers attention. But trial and error using various lists can give good results and low false positives.
If his server is an open relay then it should be listed. If his systems are sending viruses then they should be listed. If I need his email anyway then I can whitelist him and bypass the filter. Accidents and misconfigurations can happen and now he knows he has a problem to solve. He could have been sending spam forever otherwise. It sounds like this particular DNSBL is honoring his requests and delisting him like they should. I don't see a problem here with the DNSBL. He needs to find them problem, virus, trojan horse, relay or whatever it is.

Collapse -

DNS RBL's are only such a small percentage of it though

by Oz_Media In reply to I disagree on some points

RBL lists, no matter how accurate the CAN be should never be used as a sole spam source. I have studied this very extensively over a 8 month period where I studies tested and evaluated almost all SPAM software on the market I could find 8-10 hrs a day (what a pain that was). ALL, and I mean ALLm, cheap solutions are left to be mainly dependant on RBL lists and are just not reliable for busines use. A FAIR system will use RBL AND some keywording, a DECENT one will also check message body text and the most robust systems have 6 or 7 different types of scan they perform in order to scan SPAM effectively, EVEN then , the lists need to be SPAM vs HAM trained (another benefit of GOOD software).

So I stick to my oringinal comments in that it is most likely due to the recipient having cheesy or low end spam software installed that is simply STOPPING anything found in what could be 20 different RBL checks.

If you want REAL and PROVEN spam protection for business, be well prepared to spend from $1000.00 to $6000.00 in software and hardwae costs (obviously the low end not including new hardware).

THis is something I studied VERY closely for some time befor espending 6 month in serious test envronments and testing near 40 different busines targeted solutions. I actually did write a white paper on it and was asked by several companies,either by phone or email, to evaluate their systems and make recommendations.

RBL lists CANNOT AT ANY TIME be considered an deffective way to stop spam, they simply are ot monitored nor accurate enough.

How does an RBL list understand what YOUR company's acceptable and unacceptable mail is?

Just because a customer has an open relay, I still want them to be able to contact me. I wasn't worried about open relays at my office, GroupWise is a little more secure than most would think.

I took a company getting nearly 1500 spam a day to less than 5 per week between MANY users, four locations and without a SINGLE whitelisted address, yes not ONE. It did take about 4 months training expensive software, sorry but SPAM Assasin, Spam Cop and even the few thousand dollars for GW Guardian wasn't as effective.

What if company B wants to order aproduct from you and because of your system scanning 4 RBL lists it is then blocked and you lose the business, this costs many thousands each year in lost business.

RBL was the first and lowest weihgted score in the system I built. It then was scanned for keywords, then a FULL heuristic scan against a 45000 entry databse, then for address blocks, then against the HAM list, then scanned for viruses and trojans, then the attachments wer eal lscanned, this is before it enters the company's MTA, and long befor it got to the desktop. Yet it all took place in mere seconds and using the company's existing AV software. The footprint was a little under 100MB and it ran on the existing server while raising resource use only a few percent(2-4%).

Another system I tested did similar, ye required a dual processor server running Windows 2003 (for a Novell targeted product that works with GroupWise?).

There's a lot of garbage out there yes, there are lot in fact THOUSAND of incorrectly blacklisted companies, many not even knowing it.

RBL's should be used ONLY as a preliminary scan and always weighted against a threshold that it a result of multiple scans, but NEVER as a final decision for spam, they just aen't reliable enough nor managed well enough, and yes I have spoken personally with many of the list providers regarding their update and management measures, which for the most part are quite pathetic.

Collapse -

OK then....

by Roger99a In reply to DNS RBL's are only such a ...

You obviously have more spam experience than I do. I have to work with what I have, and it could be better. It relies on DNSBL's, keywords and return addresses to tag spam. The DNSBL check is the most effective of the three. I tested several lists and eventually chose less aggressive lists for final use, but the two I use stop 70-85% of spam without one reported false positive in 14 months. Lists that gave a false positive were removed and never used again. For almost no money an admin could set up a sendmail server using any old workstation and add a list check or two and reduce spam to an acceptable level. Not a good choice if the business depends on email to make it's money, but it could work for those that don't, or those that don't have a $10,000 budget for email filtering.
So, what's your favorite Enterprise solution, Oz?

Collapse -

I would say

by Oz_Media In reply to OK then....

Eithet GW Guardian ro GWAVA 9though I believe GWAVA still has much to be desired for MS applications.

GW GUardian has stringent hardware requirements, GWAVA is small but very accurate and customizable to your specificcompany's acceptable and rejectable mail, it has a REALLY REALLY good Ham SPam comparisson system that creates a customized set of heuristic rules. heuristic rules can been seen in most solutions and weights adjusted, however it is VERY VERY hardto accuratesly decide whether a specific rule should be scored 4.5 or 4.473, this is what a good trinaing system will help you achieve by running multiple passes of your own HAM and SPAM mail. You then select any white listed mail or skipped spam and run the pass again, this allows it to automatically adjust it's own heuristic values as needed. Just one or two points in the wrong direction can screw up a lot of mail, so I highly recommend a built in 'training system'.

GWAVA is fairly cheap, just under $1K Canadian.

Others I had looked at barely made it anywhere with me, I had REALLY tight requirements. Sales reps got lot of spam and needed complete removal of a LOT of mail, the president would have walked up and thrown the server out the window (not exaggertion here at all) if he lost a single email to the white list, so it was a VERY sensitive issue. Not to mention his wife and partner in crime was receiving a tonne of porn spam, I really don't know why of course! LOL.

That's why I am so passionate when discussing it, I had to take this more seriously than a complete network rebuild.

I didn't mean to bite your head off but I just get so many people saying "We use spam Cop on 17 RBL's and it's just great!" what about all the blocked mail you had no idea was never processed or passed to the SPAM vault?

When I have spent so much time on this issue, speaking with reps, reading endlessly and testing all these different systems, it becomes quite personal, perhaps I took your comments to heart and shouldn't have, my bad and I apologize.

GWAVA when I first started testing ws still good but had some interface issues with teh Archive Viewer etc. The staff quickly helped me at NO cost, sent me some updatesd files and even extended the upgrade protection by an other year, the support was great, the knowledgebase and forums wer excellent help and full of very friendly people. These are all issue I had to consider as a sole supporter of a reasonably new product at the time. From what I am told, it still works well, they have updated (just a JOE with basic PC knowledge took care of the update) and it still works well.

ONe last point, I was mentioning how it creates SPAM and HAM lists then analyzes them, this can be ongoing and you can assign the task to several departments to ensure accuracy throughout the organization. User just highlight some accptable mail and any nacceptable mail they receive and send it to the HAM or SPAM file with a click of a button. The mail is flagged and stored so the admin has a good set of sample mail to run through the tweaking filter and have it retrain itself if meal starts to slip through, it's really good software!

Sory to drone on with a slaes pitch but I am sold on it and believe in it. As for the length of my message, did ask? Bet it's the last time you do that!

It's getting late so I can't even be bothered to spell check, forgive the hoards of typos and early spaces!

Collapse -

Why not a hardware solution?

by dafe2 In reply to I would say

Related Discussions

Related Forums