Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




3 posts

Wannabe Geek


Topic # 120859 16-Jun-2013 14:50
Send private message

It looks like SShot has been IDed as a source of spam. 

5.1.0 - Unknown address error 550-'Connections from the host mx194.callplus.net.nz (202.180.66.194), originating from SenderBase Network Owner ID: 1565790, are being rejected due to a low SenderBase Reputation Score. See http://www.senderbase.org for more information or contact your IT support team.'

Has anyone else encountered the same issue? I am getting fed up having emailed rejected.

H.

Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
2284 posts

Uber Geek
+1 received by user: 375

Trusted
Subscriber

  Reply # 837641 16-Jun-2013 15:21
Send private message

Not hard to do when 10s of thousands of users email goes via their ironports. They actually do an amazing job but even still occasionally someone manages to find a new way to get past them. Just takes someone with a compromised email account and another person with a will.

Best to notify someone at SS via the usual channels, there are ways to deal with this.

The 550 error is a little odd though, that normally means just that.

639 posts

Ultimate Geek
+1 received by user: 79

Trusted

  Reply # 837643 16-Jun-2013 15:23
Send private message

550 simply means permanent failure. The people employing senderbase have chosen to permanently fail emails coming from that IP, rather than sending a 400-series temporary deferral.
As insane says, it's easy for even legitimate email senders to land on blacklists, if their customers are able to send volumes of spam without being stopped - it's almost guaranteed to be accidental and the result of a compromise system (or systems).




 
 
 
 


1002 posts

Uber Geek
+1 received by user: 58

Trusted
Slingshot

  Reply # 838495 18-Jun-2013 09:13
One person supports this post
Send private message

Hi guys

We are aware of this issue and are working on a resolution.

This can happen if a customer's email address is compromised and spam is sent from their email address. Another good example why you should have a secure password and check for malware!

Cheers
Ben




1249 posts

Uber Geek
+1 received by user: 256

Subscriber

  Reply # 847653 1-Jul-2013 11:52
Send private message

Slingshot is back on the vodafone / clear blacklist as it is on spamhaus again. client emailing from slingshot to clear is getting bounced.

Why is slingshot using mx1.callplus? as its mailing ip addresses etc? I would expect the reverse IP to show as slingshot.





nunz

3042 posts

Uber Geek
+1 received by user: 467

Trusted
Subscriber

  Reply # 847662 1-Jul-2013 12:05
Send private message

nunz: Slingshot is back on the vodafone / clear blacklist as it is on spamhaus again. client emailing from slingshot to clear is getting bounced.

Why is slingshot using mx1.callplus? as its mailing ip addresses etc? I would expect the reverse IP to show as slingshot.



Callplus owns Slingshot.

1002 posts

Uber Geek
+1 received by user: 58

Trusted
Slingshot

  Reply # 847683 1-Jul-2013 13:16
Send private message

Yes - Callplus is the parent company of Slingshot. However, this is being looked at on a Corporate level to ensure the IP's and proxy servers are unblocked at the earliest. We do apologise for the inconvenience caused in the meantime.

Slingshot Support




14442 posts

Uber Geek
+1 received by user: 1893


  Reply # 847709 1-Jul-2013 13:54
Send private message

I have had similar problems with other ISP's getting blacklisted recently. ISP's really need to put this sort of problem on their network status pages, if they are going to provide free email accounts to their customers. I see this problem isn't displayed on theirs.

639 posts

Ultimate Geek
+1 received by user: 79

Trusted

  Reply # 847779 1-Jul-2013 16:43
Send private message

Being listed by a third party blacklist is not a network status problem.

At least one blacklist I can think of (backscatterer) is almost a given for major email service providers as 'backscatter' is also a requirement of RFC.

If an ISP gets onto a major blacklist or gets blacklisted by a major MSP (Yahoo, etc) then it might merit a mention, but given how this is entirely out of the ISPs hands, the terms under which it should be publicised by that ISP are a bit different...

Blacklisting is a tough one to manage, but if the service provider aggressively pursues the maintenance of their email sending reputation by addressing compromised machines / customers without delay and with appropriate severity, they can usually get themselves removed from blacklists fairly quickly. On the other hand if the offender(s) are left to run riot for too long before they're stopped in their tracks, blacklist operators will be appropriately slow in their responses and all other customers suffer.

As in all things, you get what you pay for, and should vote with your feet if the service provider is getting in the way.




14442 posts

Uber Geek
+1 received by user: 1893


  Reply # 847792 1-Jul-2013 16:59
Send private message

BlakJak: Being listed by a third party blacklist is not a network status problem.

At least one blacklist I can think of (backscatterer) is almost a given for major email service providers as 'backscatter' is also a requirement of RFC.

If an ISP gets onto a major blacklist or gets blacklisted by a major MSP (Yahoo, etc) then it might merit a mention, but given how this is entirely out of the ISPs hands, the terms under which it should be publicised by that ISP are a bit different...

Blacklisting is a tough one to manage, but if the service provider aggressively pursues the maintenance of their email sending reputation by addressing compromised machines / customers without delay and with appropriate severity, they can usually get themselves removed from blacklists fairly quickly. On the other hand if the offender(s) are left to run riot for too long before they're stopped in their tracks, blacklist operators will be appropriately slow in their responses and all other customers suffer.

As in all things, you get what you pay for, and should vote with your feet if the service provider is getting in the way.


I have seen a smaller ISP list the problems with blacklistings before on their status page. I don't agree it is out of the ISPs hands, as they can monitor their users and IPs they own, to make sure they aren't abusing the system nor sending spam. Plus only the ISP can resolve the problem to get the blacklisting removed. It may not be easy or cheap to do, but it is possible to continuously monitor. Without RBLs there would be a heck of a lot more spam. I hardly get any now, due to RBLs. Not sure how much monitoring is actually done by ISPs.
http://mxtoolbox.com is a good site for ISPs to monitor their IPs. ISPs probably should tell their customers not to use their email for business, and maybe have it in their terms, if they aren't proactive in keeping off RBLs, or if they have no way to easily prevent other customers spamming via malware. Also remember that sending spam is illegal in NZ, especially if it can be identified to come from a local IP address.

639 posts

Ultimate Geek
+1 received by user: 79

Trusted

  Reply # 847813 1-Jul-2013 17:34
Send private message

mattwnz:
BlakJak: Being listed by a third party blacklist is not a network status problem.

At least one blacklist I can think of (backscatterer) is almost a given for major email service providers as 'backscatter' is also a requirement of RFC.

If an ISP gets onto a major blacklist or gets blacklisted by a major MSP (Yahoo, etc) then it might merit a mention, but given how this is entirely out of the ISPs hands, the terms under which it should be publicised by that ISP are a bit different...

Blacklisting is a tough one to manage, but if the service provider aggressively pursues the maintenance of their email sending reputation by addressing compromised machines / customers without delay and with appropriate severity, they can usually get themselves removed from blacklists fairly quickly. On the other hand if the offender(s) are left to run riot for too long before they're stopped in their tracks, blacklist operators will be appropriately slow in their responses and all other customers suffer.

As in all things, you get what you pay for, and should vote with your feet if the service provider is getting in the way.


I have seen a smaller ISP list the problems with blacklistings before on their status page. I don't agree it is out of the ISPs hands, as they can monitor their users and IPs they own, to make sure they aren't abusing the system nor sending spam.


You're asking an ISP to effectively 'look at' every email their customers send?
How do they know the difference between a legitimate email and a spam email, until someone complains? (by which time it may be too late?) 
Some ESPs may provide visibility on this - the one I work for does - but no ISP i've worked for (at least 3) has actually monitored their users email.  It's possible to monitor the reputation of your own IP's, of course, but that's reactionary - by the time you're aware of the issue, the damage is already done.



Plus only the ISP can resolve the problem to get the blacklisting removed. It may not be easy or cheap to do, but it is possible to continuously monitor. Without RBLs there would be a heck of a lot more spam. I hardly get any now, due to RBLs. Not sure how much monitoring is actually done by ISPs.


The ISP can address the reason they got blacklisted. Maybe.  You I think have the mistaken impression that all RBL operators are reasonable.  Some are actually quite unreasonable and hard to deal with.
Yes RBL's block a lot of spam, and any ISP worth its salt will be monitoring the bigger, more reliable RBLs - but this again is something that may bother reputable operators so infrequently that putting a lot of resource into doing so is not seen as cost effective.  What you instead should reasonably expect, is that ISPs will act immediately on any report of being blacklisted, in order to remove root-cause and be able to justify submitting for removal from those blacklists. See below.


http://mxtoolbox.com is a good site for ISPs to monitor their IPs.


Seconded. This is an excellent site and I highly recommend it.


ISPs probably should tell their customers not to use their email for business, and maybe have it in their terms,


Um.. what? I think i'll overlook the fact here that you've basically advocated not carrying out business via email, and a complete return to pre-internet-historic times.


if they aren't proactive in keeping off RBLs, or if they have no way to easily prevent other customers spamming via malware.


Most ISPs including every one in NZ i've ever dealt with, will have Terms and Conditions that require their customers to behave reasonably and will give the ISP the right to terminate service, most certainly where NZ law is broken...


Also remember that sending spam is illegal in NZ, especially if it can be identified to come from a local IP address.


... Yes the Unsolicited Electronic Messages Act.  However it's only enforcable in NZ.
The reality is that NZ's IP addresses are universally regarded as some of the cleanest, by reputation, in the world (see http://www.caida.org/research/policy/country-level-ip-reputation/) and the reality is that NZ ISPs are generally very good at dealing with spammers in their midst promptly.  With that in mind, my earlier point stands; If your ISP get on a blacklist and don't get off it promptly; if they're not keeping up the appearance of being able to readily enforce a reasonable T&C and/or NZ Law that prevents them from harbouring spammers, evaluate the possible reasons why... and vote with your feet.  And I say 'keeping up the appearance' because ultimately, you have to be able to convince the operator of the RBL that you're doing the right thing before they'll remove you from their blacklist. In many cases the spammer can be nixed within only moments of being reported to the ISP (note that the report needs to include sufficient information to conclusively identify them - their IP address at minimum. Knowing you're blacklisted is one thing, knowing the reason in sufficient detail to address root-cause is another). That is often the hardest part, no matter how effective you are at dealing with your users - you have to get the information that lets you fix it, then fix it, then tell the blacklist operator you've fixed it, and hope they move quickly...

Also, note that you needn't be locked into using your ISPs SMTP relays. If you have a static IP address you can look at running your own mail delivery server (effectively then bypassing your ISPs reputation and moving to your own.  (This can be problematic if your IP address sits within a range that some players may decide they shouldn't receive email problem (some blacklist operators insist that end-users shouldn't be doing direct SMTP) but is an option).  You can also buy email service with SMTP from a third party.  You can also select an SMTP service provider that does antivirus and antispam filtering on outbound mail, as a further reputation-protection mechanism, noting that unless you're doing direct delivery, your ability to send email is going to be tied to the actions of anyone else using the same service provider.

Disclaimer: I work for an email security provider, but all opinions here are my own.






14442 posts

Uber Geek
+1 received by user: 1893


  Reply # 847829 1-Jul-2013 17:58
Send private message

>>>>You're asking an ISP to effectively 'look at' every email their customers send?

No, but patterns of high volumes that show when a customer is compromised by malware. ISPs may 'react to a probelm when it surfaces, but whats the difference between reacting, and looking where the problem is occuring, rather than continuously monitoring for problems to begin with. It is the old 'ambulance at the bottom of the cliff scenario'


>>>>>Um.. what? I think i'll overlook the fact here that you've basically advocated not carrying out business via email, and a complete return to pre-internet-historic times.


I as talking about using a proper paid email provider if you run a business, and not the free email service that your ISP provides. eg not sending via the ISPs smtp server IP, which is what is getting blacklisted. A paid business provider shouldn't be affected in the same way, as they aren't likely to have the quantity of residential customers who are more likely to have compromised systems. They should also have more resources if it is a paid service to continuously monitor things, and possibly a far smaller customer base sharing the IP reducing the risk, depending on the provider used.


>>>>... Yes the Unsolicited Electronic Messages Act. However it's only enforcable in NZ.

My point in mentioning that, is that it gives an ISP a good reason to cut services to a user who has malware installed and is sending out spam. I presume ISPs do give them warnings to rectify as it is, but how many would cut them off straightaway, until they fixed it.


>>>The ISP can address the reason they got blacklisted. Maybe. You I think have the mistaken impression that all RBL operators are reasonable. Some are actually quite unreasonable and hard to deal with.

Yes I was meaning the more reputable ones only. Although that maybe open to interpretation. Many should have automated removal systems anyway.

639 posts

Ultimate Geek
+1 received by user: 79

Trusted

  Reply # 847856 1-Jul-2013 18:51
Send private message

mattwnz: >>>>You're asking an ISP to effectively 'look at' every email their customers send?

No, but patterns of high volumes that show when a customer is compromised by malware. ISPs may 'react to a probelm when it surfaces, but whats the difference between reacting, and looking where the problem is occuring, rather than continuously monitoring for problems to begin with. It is the old 'ambulance at the bottom of the cliff scenario'



Sadly, Email is not a money-spinner for ISP's and as a result they don't tend to resource it very well - at least in my experience. SMTP service is not a profit-maker. Email services provided as part of an internet access arrangement are almost incidental, with a growing number of people moving their email to 'the cloud' and untying themselves from their ISP provided services.
(SMTP relay may be an exception to that, but again it's not a profit-centre...)


>>>>>Um.. what? I think i'll overlook the fact here that you've basically advocated not carrying out business via email, and a complete return to pre-internet-historic times.


I as talking about using a proper paid email provider if you run a business, and not the free email service that your ISP provides. eg not sending via the ISPs smtp server IP, which is what is getting blacklisted. A paid business provider shouldn't be affected in the same way, as they aren't likely to have the quantity of residential customers who are more likely to have compromised systems. They should also have more resources if it is a paid service to continuously monitor things, and possibly a far smaller customer base sharing the IP reducing the risk, depending on the provider used.

And as soon as the ISP offers internet connectivity and email services to business, the idea is shot in the foot. You're now discussing maintaining diferent infrastructure for business customers and residential customers?
I'm sure my ESP appreciates you advocating that businesses should engage them rather than relying on their ISP - but don't forget that ISPs are operating the service anyway, and often offer other services to support their business customers.
Part of my 'vote with your feet' comment earlier was along these lines, though - if your ISP can't provide you reliable service, you have the option of selecting a dedicated ESP without necessarily changing your internet company.


>>>>... Yes the Unsolicited Electronic Messages Act. However it's only enforcable in NZ.

My point in mentioning that, is that it gives an ISP a good reason to cut services to a user who has malware installed and is sending out spam. I presume ISPs do give them warnings to rectify as it is, but how many would cut them off straightaway, until they fixed it.

The old story... it's hard to download patches to fix your stuff, if your internet has been suspended. :-)
Some ISPs have built up walled-gardens where they can 'trap' machines that're known to be compromised, putting them inside a firewalled domain where connectivity is severely limited until they demonstrate their machines are secure.  But there's work in this, and if it's not making them money....


>>>The ISP can address the reason they got blacklisted. Maybe. You I think have the mistaken impression that all RBL operators are reasonable. Some are actually quite unreasonable and hard to deal with.

Yes I was meaning the more reputable ones only. Although that maybe open to interpretation. Many should have automated removal systems anyway.


Automated systems are often not able to accurately determine if appropriate remedial action has been taken.
Yes plenty of them out there are driven by automation, but it's fair to raise the flag that not all RBLs are created equal.




1249 posts

Uber Geek
+1 received by user: 256

Subscriber

  Reply # 847951 1-Jul-2013 22:18
Send private message

I agree blacklists are a helpful tool in the fight against spam - however - NZ ISPs blacklisting other ISPs on the basis of an entry in a blacklist is just idiotic. The number of time I have run into this s more than I care to mention.

In  NZ there are a limited number of "larger" or reputable ISPs. Having the ISPs agree to put each others SMTP servers into a Whitelist is not only sensible but it is helpful to the Nz economy as a whole.

It does no one any favours , neither the sender or the refuser, to bounce an entire ISPs email on the basis of a black list. Sure, feel free to bounce IP addresses but not the commonly used and widely published public SMTP servers of known ISPS.

To any ISP reading this, guys / gals - your customers are trying to do business. You have encouraged them strongly, sometimes through the use of port 25 blocking (not mentioning any names here xtra) to use your SMTP servers as their smart host even when running their own servers. At least have the professionalism and courtesy to white list registered ISPs  so you don't mess with the economy. Having your client / business fail to receive timely email means they lose money, if they lose money you are less likely to get paid and more likley to have a frustrated customer screaming at you and leaving. It makes good business sense.

I am not suggesting putting every ISP in the world in your white list but in a little, tech savy country like Nz at least trust the major ISPs.

My list of trusted SMPT servers (not because they are secure or well run - or in any way endorsed by me but because they are the major ISPs would be)


Vodafone - smtp1.vodafone.net.nz
Clear - smtp.clear.net.nz
Paradise - smtp.paradise.net.nz
Xtra - smtp.xtra.co.nz, send.xtra.co.nz
Callpluss -  smtp.callplus.net.nz
Slingshot - mx1.callplus.net.nz
Maxnet -  smtp.maxnet.co.nz
Snap - smtp.snap.net.nz
Digiweb - smtpauth.digiweb.net.nz
Orcon - mail.orcon.co.nz
Actrix mail.actrix.co.nz
Woosh - smtp.woosh.co.nz
ihug - smtp.ihug.co.nz
WorldNet - smtp.world-net.co.nz
WorldxChange - smtp.xnet.co.nz
quicksilver - smtp.qsi.net.nz
iconz - smtp.iconz.co.nz


others to consider - although they are not major ISPs could include the likes of
Scorch
Netspeed
Farmside
Amuri Net
Wireless Web
etc - and other major RBI providers


PS - Is there a list of ISPs and mail settings somewhere? It would make a good wiki entry somewhere.





nunz

14442 posts

Uber Geek
+1 received by user: 1893


  Reply # 847956 1-Jul-2013 22:28
Send private message

nunz: 

To any ISP reading this, guys / gals - your customers are trying to do business.  



On a thread where I reported blacklisting of another ISP on several RBLs, the ISP and other people that replied implied that businesses should use a proper email service rather than the free service that an ISP gives them. Also it is the IPs that get blacklisted, rather than the server addresses. So would be difficult for ISPs to manage this and keep it upto date.
I would agree with using a proper email provider, because it costs less than the price of a coffee a week to get your own email address with domain and email hosting, and if a business can't afford that, for what is an important and essential service, they probably don't have much of a business.

1249 posts

Uber Geek
+1 received by user: 256

Subscriber

  Reply # 847966 1-Jul-2013 22:44
Send private message

mattwnz:
nunz: 

To any ISP reading this, guys / gals - your customers are trying to do business.  



On a thread where I reported blacklisting of another ISP on several RBLs, the ISP and other people that replied implied that businesses should use a proper email service rather than the free service that an ISP gives them. 
I would agree, because it costs less than the price of a coffee a week to get your own email address with domain, and if a business can't afford that, for what is an important and essential service, they probably don't have much of a business.


As I said, not everyone sending through an ISPs smtp server is an @<put_isp_name_here> email address. 

As I previously said, ISP's have actively forced encouraged business users to send mail via their mail servers / use their mail servers as a smart host. Small to medium businesses dont have enough time to go messing around with the rigid requirements of running their own DNS enabled SMTP server, keep up to date with security, monitor black lists, patch servers, set up RARPs, security certs, mail records for identification, SPF records, spam bouncing policies etc, etc, etc. That's why they pay an ISP to let them have a full range of services including using the ISPs SMTP server as a smart host.

digiweb as an example, is an ISP that doesn't provide connectivity to the internet but specialises in providing mail and hosting services. It is something they do extremely well, spend tons of money on getting right, and have excellent technical staff who deal full time with security and hosting - however they have endded up being black listed by NZ isps as the ISPs listened to little known black lists or ( in the case of yahoo / xtra for example) are just ornory enough to black list other organisations bacause they havent fulfilled some arcane internal beaurecratic process. To use digiweb is not cheap / free - it is a business level service - and is an excellent example agaist your argument above.

ISP mail services are not free - they are part and parcel of what we pay an ISP to provide - if you dont believe me try leaving xtra and maintaining your mail address. They will charge you - they see it as a paid service.

further more your argument above implies that non-business users who use an ISP email system should be prone to blacklisting between Nz ISPs. sorry - but I wont buy that. My email to my granny is just as important and timely to me as business mail is to a business. I choose to use an @NZ_ISP_Email address to give my internal to NZ emails a better chance of ariving - if that wasnt the case I would use a .za, or .cz or similarly unliked email domain. But I dont cause I want my emails to my granny to be more trusted and have a better chance of arriving.

personally a .ro address would be great.    he@ro   would des cribe me perfectly <grin>





nunz

 1 | 2
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.