Re: blacklist.mailrelay.att.net
Le 12/12/2010 19:23, Giampaolo Tomassoni a écrit : I just got blocked by the ATT's blacklist (in contacting ab...@att.com, besides...), but I'm pretty sure my MX is not an open relay or other kind of nifty thing. $ host tomassoni.biz tomassoni.biz has address 62.149.201.242 tomassoni.biz has address 62.149.220.102 $ host 62.149.201.242 242.201.149.62.in-addr.arpa domain name pointer host242-201-149-62.serverdedicati.aruba.it. $ host 62.149.220.102 102.220.149.62.in-addr.arpa domain name pointer host102-220-149-62.serverdedicati.aruba.it. So both IPs use generic hostnames, which are a sign of half configured servers. Unfortunately the RDNS is not under my control. Which is a fact I share with a lot of people worldwide... think as the receiving side. when I see spam out of joe.spam.example, I blocklist spam.example (and possibly every IP and domain related to them). If I see spam coming from host1-2-364.serverdedicati.aruba.it, what will I blacklist? On 13.12.10 11:14, Giampaolo Tomassoni wrote: I personally (and many serious blocklists) would block the single spamming address. I would not call what's att doing a spam blocking. I'd rather call that policy blocking which means you need to have DNS records that clearly say the IPs are not dynamically assigned. The policy we don't accept (unauthenticated) mail from dynamic hosts is quite common and logical. You may easily see that Aruba.it is a co-location provider, so you may easily understand that different hosts from the same address bunch are probably handled by different organizations, with different means and purposes. To me, it is counter-productive to block the whole bunch. ask aruba.it to configure reverse records properly. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. BSE = Mad Cow Desease ... BSA = Mad Software Producents Desease
Re: blacklist.mailrelay.att.net
On 12/13/10 2:14 AM, Giampaolo Tomassoni wrote: Le 12/12/2010 19:23, Giampaolo Tomassoni a écrit : How does it work? I just got blocked by the ATT's blacklist (in contacting ab...@att.com, besides...), but I'm pretty sure my MX is not an open relay or other kind of nifty thing. Maybe ATT blocks whole address bunches from which some hosts are spamming? Because this could explain me why: my MX is co-located... $ host tomassoni.biz tomassoni.biz has address 62.149.201.242 tomassoni.biz has address 62.149.220.102 tomassoni.biz mail is handled by 10 c0.edlui.it. $ host c0.edlui.it c0.edlui.it has address 62.149.220.102 c0.edlui.it has address 62.149.201.242 $ host 62.149.201.242 242.201.149.62.in-addr.arpa domain name pointer host242-201-149-62.serverdedicati.aruba.it. $ host 62.149.220.102 102.220.149.62.in-addr.arpa domain name pointer host102-220-149-62.serverdedicati.aruba.it. So both IPs use generic hostnames, which are a sign of half configured servers. Unfortunately the RDNS is not under my control. Which is a fact I share with a lot of people worldwide... think as the receiving side. when I see spam out of joe.spam.example, I blocklist spam.example (and possibly every IP and domain related to them). If I see spam coming from host1-2-364.serverdedicati.aruba.it, what will I blacklist? I personally (and many serious blocklists) would block the single spamming address. You may easily see that Aruba.it is a co-location provider, so you may easily understand that different hosts from the same address bunch are probably handled by different organizations, with different means and purposes. To me, it is counter-productive to block the whole bunch. Giampaolo I would strongly encourage your ISP to clean up their act by adding an excursion detection system, that watches for bursty outbound traffic patterns, like a sudden spike in outbound SMTP or HTTP connections to a wide spread of addresses. -Philip
RE: blacklist.mailrelay.att.net
I would strongly encourage your ISP to clean up their act by adding an excursion detection system, that watches for bursty outbound traffic patterns, like a sudden spike in outbound SMTP or HTTP connections to a wide spread of addresses. Is Aruba.it so poorly reputed? g -Philip
Re: blacklist.mailrelay.att.net
On 12/14/10 11:31 AM, Giampaolo Tomassoni wrote: I would strongly encourage your ISP to clean up their act by adding an excursion detection system, that watches for bursty outbound traffic patterns, like a sudden spike in outbound SMTP or HTTP connections to a wide spread of addresses. Is Aruba.it so poorly reputed? g I can't speak for their reputation, but when an entire ISP's CIDR blocks get blacklisted (like we did with iWeb.ca) it's usually because they aren't very responsive in dealing with issues when they occur and not proactive about trying to prevent them. -Philip
RE: blacklist.mailrelay.att.net
Le 12/12/2010 19:23, Giampaolo Tomassoni a écrit : How does it work? I just got blocked by the ATT's blacklist (in contacting ab...@att.com, besides...), but I'm pretty sure my MX is not an open relay or other kind of nifty thing. Maybe ATT blocks whole address bunches from which some hosts are spamming? Because this could explain me why: my MX is co-located... $ host tomassoni.biz tomassoni.biz has address 62.149.201.242 tomassoni.biz has address 62.149.220.102 tomassoni.biz mail is handled by 10 c0.edlui.it. $ host c0.edlui.it c0.edlui.it has address 62.149.220.102 c0.edlui.it has address 62.149.201.242 $ host 62.149.201.242 242.201.149.62.in-addr.arpa domain name pointer host242-201-149-62.serverdedicati.aruba.it. $ host 62.149.220.102 102.220.149.62.in-addr.arpa domain name pointer host102-220-149-62.serverdedicati.aruba.it. So both IPs use generic hostnames, which are a sign of half configured servers. Unfortunately the RDNS is not under my control. Which is a fact I share with a lot of people worldwide... think as the receiving side. when I see spam out of joe.spam.example, I blocklist spam.example (and possibly every IP and domain related to them). If I see spam coming from host1-2-364.serverdedicati.aruba.it, what will I blacklist? I personally (and many serious blocklists) would block the single spamming address. You may easily see that Aruba.it is a co-location provider, so you may easily understand that different hosts from the same address bunch are probably handled by different organizations, with different means and purposes. To me, it is counter-productive to block the whole bunch. Giampaolo
blacklist.mailrelay.att.net
How does it work? I just got blocked by the ATT's blacklist (in contacting ab...@att.com, besides...), but I'm pretty sure my MX is not an open relay or other kind of nifty thing. Maybe ATT blocks whole address bunches from which some hosts are spamming? Because this could explain me why: my MX is co-located... Thanks, Giampaolo
Re: blacklist.mailrelay.att.net
Le 12/12/2010 19:23, Giampaolo Tomassoni a écrit : How does it work? I just got blocked by the ATT's blacklist (in contacting ab...@att.com, besides...), but I'm pretty sure my MX is not an open relay or other kind of nifty thing. Maybe ATT blocks whole address bunches from which some hosts are spamming? Because this could explain me why: my MX is co-located... $ host tomassoni.biz tomassoni.biz has address 62.149.201.242 tomassoni.biz has address 62.149.220.102 tomassoni.biz mail is handled by 10 c0.edlui.it. $ host c0.edlui.it c0.edlui.it has address 62.149.220.102 c0.edlui.it has address 62.149.201.242 $ host 62.149.201.242 242.201.149.62.in-addr.arpa domain name pointer host242-201-149-62.serverdedicati.aruba.it. $ host 62.149.220.102 102.220.149.62.in-addr.arpa domain name pointer host102-220-149-62.serverdedicati.aruba.it. So both IPs use generic hostnames, which are a sign of half configured servers. think as the receiving side. when I see spam out of joe.spam.example, I blocklist spam.example (and possibly every IP and domain related to them). If I see spam coming from host1-2-364.serverdedicati.aruba.it, what will I blacklist?