On 28/05/09 9:35 AM, "Matt" <lm7...@gmail.com> wrote:
> Is there a reason the Barracuda blacklist is not in the official checks by
> Spamassassin yet? I keep thinking sometime "sa-update -D" will add it but
> have yet to see it.
I would like to add some perspective to potential use of the BRBL.
Three weeks ago, I began requesting de-listings of any IP (active or
suspended) on Certified that was listed on the Barracuda BRBL. When I
started on April 29 there were 431 such IPs, as of today there are 22, of
those there are 5 repeat listings.
Of interest is the verbiage Barracuda sends to listees, stating repeatedly
that the IP is on a compromised host. I suspect this is incorrect as these
IPs never had listings on other DNSBLs dealing with such issues, like the
CBL. They also assert the mail is not CANSPAM compliant¹. This would imply
either using the Lashback DNSBL or similar service if such exists, or manual
parsing of the payload. None of the listed IPs showed up on the Lashback
list.
I don¹t know what to make of this.
One aspect of note is their heavy reference during the delisting process to
their pay-for-play whitelist, Emailreg.org (I signed up one of my domains
at the service to see how it worked). They suggest that registration therein
will help to avoid inadvertent¹ listings, but that does raise the question
how a listing due to compromise or lack of CANSPAM compliance could ever be
inadvertent.
I certainly do not think we should ever suggest or recommend to clients to
make use of the Emailreg.org service, it works on a per domain basis and
this could become very expensive for large senders at $20/each. Also, it is
not clear if domains and sub-domains are treated as equivalents.
-----------------------------------------------------------------
Thank you for contacting Barracuda Networks regarding your issue. Your
issue is important to us. We have assigned a confirmation number:
BBR21243333460-MUNGED to this case.
We apologize for any inconvenience that this may have caused you. Since
this is is your first request for this IP, the reputation of this IP address
will be temporarily upgraded from "poor" for 48 hours *or* until we complete
our investigation. When our investigation is complete, you will receive a
decision via email. It may take up to 1 hour for the changes in the
Barracuda Reputation System to propagate to all the Barracuda Spam Firewalls
in the world.
There are a number of reasons your IP address may have been listed as
"poor", including:
1. The email server at this IP address contains a virus and has been sending
out spam
2. The email server at this IP address may be configured incorrectly
3. The PC at this IP address may be infected with a virus or botnet software
program
4. An individual in the organization at this IP address may have a PC
infected with a virus or botnet program
5. This IP address may be a dynamic IP address which was previously utilized
by a known spammer
6. The marketing department of a company at this IP address may be sending
out bulk emails that do not comply with the CAN-SPAM Act
7. This IP address may have a insecure wireless network attached to it which
could allow unknown users to use it's network connection to send out bulk
email
8. In some rare cases, your recipients' Barracuda Spam Firewall may be
misconfigured
--
Neil Schwartzman
Director, Accreditation Security & Standards
Certified | Safelist
Return Path Inc.
0142002038
The opinions contained herein are my personal stance and may not reflect the
viewpoint of Return Path Inc.
