I understand that. I would never ask them to jeopardize their operation by revealing critical information like that. However, I feel we should be able to cooperate and track down the cause of the listing. This is the first blacklisting we've experienced in 11 years of operation, which I credit to similar policies of restriction of bulk mailing, customer education, and constant, diligent monitoring. We also share very high spam block rates, so leakage is at a bare minimum.
You are certainly correct in that we need to separate our mail flow for list services from the shared mail services, which is something we have been planning to do along with several other major changes when time permits, but I seriously doubt that caused the problem. The few-and-far-between list services we allow customers to use have confirmed and verified recipients who are their customers, not harvested or purchased addresses, so it is highly unlikely for a spamtrap address to be among those. However, it is always possible that a falsified address, that happened to be a spamtrap address, was used to request information or join a newsletter. I agree with you and think the cause is most likely bounce back from or out-of-office replies to forging spam, but I would certainly like to verify that, and figure out a way to avoid the problem in the future. Darin. ----- Original Message ----- From: Matt To: [email protected] Sent: Tuesday, January 23, 2007 8:05 PM Subject: Re: [IMail Forum] CBL removal Darin, If they shared their spamtraps, or any information that could help to identify them, it would pretty much make that spamtrap useless because it could be easily polluted. I doubt that they will help. I'm sure they get dozens of such requests each day and wouldn't have the time even if they were willing. I have a strict policy of not allowing bulk-mail from my hosted mail service. I allow 250 messages per day per address, and I don't allow them to game the system by doing 250 on one and then switching to another and doing 250 there. While we am certainly not a large E-mail host (we mostly provide E-mail gateway spam blocking), we have never been blacklisted by any source that I am aware of, i.e. AOL, Comcast, Hotmail, and various RBL's. I credit it to both our very high spam block rates and also our policies of restricting hosted E-mail to non-automated, non-bulk communications. We do provide list services for those that need bulk mail, though we do not service mailings that are primarily advertising (must be primarily informative), and we have this sent from unique IP's in order to separate it from hosted E-mail. You might want to consider splitting this traffic apart. Sandy has indicated that IMail can do this by binding a domain to an IP that is on a seperate NIC. I haven't tried this, so I can't vouch for it, but if it works, that would be a pretty good solution. NIC's are much cheaper than new servers and software, and you won't have issues with CBL and others if in fact it is your user's bulk-mail that is the cause. If your users are the cause, and they are hitting spam traps, then this means that without a doubt, they are either harvesting addresses or purchasing addresses (which were harvested). I would generally think that autoresponders are the more likely cause. Matt Darin Cox wrote: We only send notices for banned attachments to the recipient, not sender, so that shouldn't be it. As for other possible email to a spamtrap, we have one customer who sends out a few thousand emails a week to their customers, and a few that send up to a hundred or so messages on an infrequent basis, but in general we have discouraged email marketing among our customer base, except to their actual customers. And by customers I mean that they actually do business with, not simply opt-in. Good point about leakage from dictionary attacks and autoresponders. I've asked them what they can reveal about any messages received in their spamtraps so we can track down the root cause. BTW, they have dropped a permanent whitelist for IMail customers now with IMail 2006.1 available. However, they will extend the relist exemption for longer than the standard 3 days to give mail admins time to upgrade. Darin. ----- Original Message ----- From: Matt To: [email protected] Sent: Tuesday, January 23, 2007 6:22 PM Subject: Re: [IMail Forum] CBL removal Darin, The only way to get on their list is to have your server send a message to their spam traps AND to have a symptom that is reminiscent of a zombie (DUL IP space, IP in the reverse DNS entry, different HELO names on multiple samples, and others). My guess is that it could be due to backscatter from sending banned executable attachment notices to forged senders or users with autoresponders replying to leaked spam. Matt Darin Cox wrote: Right. Unfortunately due to webmail issues, we have to wait for 2006.2 before we can use the upgrade we purchase Nov 2005. CBL told us they just whitelisted us for 3 days. I thought they had a list to exempt IMail servers? Darin. ----- Original Message ----- From: John T (Lists) To: [email protected] Sent: Tuesday, January 23, 2007 5:48 PM Subject: RE: [IMail Forum] CBL removal In Imail 2006.1 and above, you can configure what name is used during the HELO. John T eServices For You "Life is a succession of lessons which must be lived to be understood." Ralph Waldo Emerson (1802-1882) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Tuesday, January 23, 2007 1:35 PM To: [email protected] Subject: Re: [IMail Forum] CBL removal I just confirmed that we're off. Hopefully we were added to the list of IMail servers that they exempt so it does not happen again. Darin. ----- Original Message ----- From: Matt To: [email protected] Sent: Tuesday, January 23, 2007 4:21 PM Subject: Re: [IMail Forum] CBL removal Their removal tool always worked when I tried it. I'm sure there is a little delay, but not longer than maybe 3 hours. The only time they will not automatically delist is if the same IP has been repeatedly delisted and relisted. Matt Darin Cox wrote: Anyone know how long it takes CBL to respond to delist requests, or if there's a way to expedite it? We got listed last night due to the IMail hostname issue. I'm amazed at the number of large providers, e.g. Time Warner and MSN/Hotmail, that block on a single blacklist. Not a good practice. Though I probably shouldn't be too surprised given the issues with MSN/Hotmail, and the spam problems experienced typically by Time Warner users. Darin. ----- Original Message ----- From: Matt To: [email protected] Sent: Tuesday, January 16, 2007 10:01 AM Subject: Re: [IMail Forum] OT: SSL Cert's If you are a Wild West Domains (GoDaddy) reseller, I believe that you can turn off such things. I recently changed over to them because I wanted my customers to self-bill and their prices can't be beat. I turned off everything except for domains in the interface, and that keeps it from cross-selling non-domain items during the process. It may be that one of the check boxes during checkout might enable the messages that push such things. It would be alarming if they were actually pushing things for GoDaddy when I am a Wild West Domains reseller, and it would be odd for them to push services as a part of my reselling that I don't offer. Matt Darin Cox wrote: We get them where we are the registrant. About once a month. Darin. ----- Original Message ----- From: Heimir Eidskrem To: [email protected] Sent: Tuesday, January 16, 2007 9:45 AM Subject: Re: [IMail Forum] OT: SSL Cert's We have probably 50+ domains where are the registrant and I can not recall receiving any emails like that. But its good to know they do pursue our customers. Thanks, Darin Cox wrote: Are you the registrant, or is your customer? If your customer is the registrant, you can bet that they are receiving emails from GoDaddy advertising hosting services. You may have been lucky and not had any jump ship yet. Darin. ----- Original Message ----- From: Heimir Eidskrem To: [email protected] Sent: Tuesday, January 16, 2007 9:18 AM Subject: Re: [IMail Forum] OT: SSL Cert's We have tons of godaddy domains that we own and control for our customers. Never had one problem with godaddy solicitation and no bad reports either. Please explain what kind of problems you ran into. Matrosity Tech Support wrote: We'll be moving away from godaddy due to their solicitation of customers. Probably use tucows as a registrant since they don't host websites. Bill Foresman MatrosityHosting.com 850.656.2644 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Tuesday, January 16, 2007 8:41 AM To: [email protected] Subject: Re: [IMail Forum] OT: SSL Cert's Well.. $10-$13.95/yr. That's quite a deal. We have not had any trouble at all with the GoDaddy intermediate cert, and it is a one-time installation, but it sounds like RapidSSL is cheaper, turns them around just as fast, and has the advantage of the root cert so no need to install the intermediate cert. Darin. ----- Original Message ----- From: Matt To: [email protected] Sent: Tuesday, January 16, 2007 8:32 AM Subject: Re: [IMail Forum] OT: SSL Cert's Anthony, RapidSSL is owned by GeoTrust and uses their root so it is recognized with every browser that GeoTrust is. GoDaddy's certs do not have the same browser coverage as GeoTrust/RapidSSL, and it therefore they aren't as good as they look. To boot, a place called ServerTastic has unbelievable prices on the certs. Just buy your credits from them: http://www.servertastic.com/store/product.asp?numRecordPosition=1&P_ID=222 Domains that aren't flagged by their anti-fraud measures (things like "bank" or "finance" in the domain name) take about 3 minutes from start to finish if you have everything in front of you. Matt Anthony Polselli wrote: Someone here mentioned RapidSSL.com for SSL cert's, they are a lot cheaper then Verisign. But in searching the net, godaddy.com has one for $19.99 per year, and another for $89.99 per year. Has anyone used RapidSSL or GoDaddy and had good luck? Any problems with using them? What do others use? Thanks, Anthony Polselli Matrix Information Systems, Inc. Phone: (858) 202-0300
