Outbound spam filtering with DSPAM

Forums › 2degrees (including Slingshot, Orcon, Flip, Stuff Fibre, MyRepublic, 2talk and Vocus) › Outbound spam filtering with DSPAM

xurizaemon

153 posts

Master Geek

#85918 28-Jun-2011 09:31

A couple of customers use Orcon and have had issues with mails getting delivered. Both times they've noticed that Orcon has flagged their mails as spam using DSPAM, and suggested that this may be the cause.

This raised a few questions for me, and I'd love to get some informed answers from the Orcon tech team.

1. What benefits are there for Orcon customers in having some emails be marked as spam without notification?

2. Does outbound spam flagging provide any meaningful data to remote systems?

Presumably if any remote system trusted another host's spam assessment, every spambot would add headers flagging mails as NOT SPAM before sending it. I don't see why any mail host would believe the labels applied by a remote system (unless it was specifically told to trust that system).

3. If the idea is to protect the Orcon network reputation by reducing spam, why even deliver emails which are flagged as spam?

4. Wouldn't it make more sense to notify customers that their IP had sent emails which appeared to be spam, either by refusing to send the messages, or by quarantining / flagging and delivering a notification to the account holder or sender?

5. If nothing else, wouldn't it help to engage the X-DSPAM-factors header for outbound mail? That way customers who are flagged as spam can learn that the issue is with their ADSL IP address being blacklisted, or their email containing suspicious keywords, or whatever.

I do understand that protecting the ISPs reputation is important, and that there may be situations or reasons I'm unaware of.

I also realise that there may be other reasons for mail not being delivered, even which are unrelated to the DSPAM headers Orcon adds sometimes.

I hope to learn why this current situation exists, and to ask whether it's the best possible arrangement for Orcon customers.

I'd also like to know which (if any) ISPs add spam detection headers to outbound messages. Is it common practice?

Thanks!

xurizaemon

153 posts

Master Geek

#486740 28-Jun-2011 09:38

Because it was funny at the time ...

When we enquired with Orcon's support desk, the replies from Orcon support team were flagged as spam by DSPAM.

Also, http://www.geekzone.co.nz/forums.asp?forumid=82&topicid=71743 - similar topic here.

Backblaze

Backblaze Unlimited Backup. World’s easiest cloud backup. Get peace of mind knowing your files are backed up securely in the cloud (affiliate link).

Kyanar

3877 posts

Uber Geek

Trusted

Subscriber

#486763 28-Jun-2011 10:26

For what it's worth, it doesn't help anyway - Orcon's outbound MX is flagged as a spam source by Hotmail.

xurizaemon

153 posts

Master Geek

#486792 28-Jun-2011 11:25

That is actually what I saw as well - loadbalancer1 being rejected by hotmail as spammy - when I tried to duplicate the issue my mail was accepted via mx7. Thanks for confirming.

muppet

2388 posts

Uber Geek

Trusted

#486794 28-Jun-2011 11:29

This has to be a misconfig on their part.

nate

6469 posts

Uber Geek

Moderator

Trusted

Lifetime subscriber

#486828 28-Jun-2011 12:27

xurizaemon: I'd also like to know which (if any) ISPs add spam detection headers to outbound messages. Is it common practice?

Not sure if it's common practice, but one of our hosting providers does it. Very frustrating when alert emails are marked as spam even before they reach the receiver.

We ended up putting in our own secure MTA to get around this.

xurizaemon

153 posts

Master Geek

#487330 29-Jun-2011 10:59

Orcon responded (via Twitter, where @freitasm had mentioned this thread).

They have said that they will post something soon.

DBP

1 post

Wannabe Geek

#488182 1-Jul-2011 10:24

This move/mistake by Orcon is drivng me mad!

We have heaps of members, customers and volunteers who use Hotmail addresses (including me) and I can't email any of them. Sometimes I can sneak an email through by stripping it in Notepad first, but often this doesn't work. It doesn't seem to matter whether the email is a forward, reply or an original, with the content also not making a difference.

Hopefully someone from Orcon reads this feedback and so many complaints, as the problem is very serious for our organisation.

Cheers,

Dave

Ragnor

8085 posts

Uber Geek

Trusted

#488283 1-Jul-2011 15:06

Had a similar problem with vodafone, ISP's don't seem to care much about managing their email service much these days.

Better off using Google Apps or Microsoft BPOS/365 where possible.

ptinson

677 posts

Ultimate Geek

Trusted

#490855 7-Jul-2011 23:29

Sorry for the very late reply, I spoke to Quentin and promised an update here. Completely my fault for not doing one sooner.

We have been working on this issue, and we are continuing to pay quite some attention to the mail platform.

As I have information that can be shared I will update this discussion.

Regards

Paul

meat popsicle

xurizaemon

153 posts

Master Geek

#492452 12-Jul-2011 14:03

Thanks Paul. I do hope someone at Orcon will be able to answer the questions in my first post.

It's been a while since I posted them ... To me they look like pretty straightforward and simple queries. I tried to be as succinct as I could!

If some of them are unanswerable, even a reply saying "I can't answer this question because the SIS forbade me to discuss their email monitoring server." would be more useful than nothing at all.

Maybe you could have someone answer just the easy ones?

ptinson

677 posts

Ultimate Geek

Trusted

#493078 13-Jul-2011 21:04

I have snipped this a bit to 'try' and keep it short. Short like a novel...
If i cant answer it because i don't know i will say so, if i plain cant answer it it will be clear.

xurizaemon:

This raised a few questions for me, and I'd love to get some informed answers from the Orcon tech team.

1. What benefits are there for Orcon customers in having some emails be marked as spam without notification?

I am not sure i fully understand your question here. Are you asking why would we mark something as spam X-DSPAM-Result:Spam but not inset a [SPAM] tag in the subject? Or is this something else you are asking?
Also customers can set what they want to happen with mail identified as Spam, and in some cases this may not behave how you would think.

2. Does outbound spam flagging provide any meaningful data to remote systems?

No, unless you have an agreement with that external provider.

3. If the idea is to protect the Orcon network reputation by reducing spam, why even deliver emails which are flagged as spam?

In the effort to reduce Spam you can safely assume that many providers drop a very large amount of inbound email as Spam, from previous positions i know we dropped a significant amount of Spam. I am not sure i can say what significant == but some light googlepedia searching will give you reasonable answers.

However we also try to strike a balance where by the customer can decide what they want to have delivered, some people want the Spam, just marked as such and placed somewhere for later review.
Others just bin it.

4. Wouldn't it make more sense to notify customers that their IP had sent emails which appeared to be spam, either by refusing to send the messages, or by quarantining / flagging and delivering a notification to the account holder or sender?

In effect we do this, although not as elegantly as we would like to, we do this with the worst offenders.
Infected machines are also only one vector for Spam to enter a network like ours so although it might seem a better way it would not be the only way, and it adds complexity to an already complex system.

5. If nothing else, wouldn't it help to engage the X-DSPAM-factors header for outbound mail? That way customers who are flagged as spam can learn that the issue is with their ADSL IP address being blacklisted, or their email containing suspicious keywords, or whatever.

I personally dont think the average customer would have any clue what X-DSPAM-factors is telling them, sure some would but the majority would not.
I think what you may be suggesting is a rating inserted into the message that is easy enough to understand?

Where I have used this in the past it can lead to increased calls to the helpdesk with people asking 'Why are you putting stuff in my email' etc or even more interesting, trying very hard to get the best score - being the highest...

Huh, I was able to put some words around all of those...
No idea if it answers the questions you really had but there you go.

Paul

meat popsicle

xurizaemon

153 posts

Master Geek

#493214 14-Jul-2011 08:58

ptinson:
xurizaemon:
1. What benefits are there for Orcon customers in having some emails be marked as spam without notification?

I am not sure i fully understand your question here. Are you asking why would we mark something as spam X-DSPAM-Result:Spam but not inset a [SPAM] tag in the subject? Or is this something else you are asking?

Also customers can set what they want to happen with mail identified as Spam, and in some cases this may not behave how you would think.

Apologies, I didn't make it entirely clear that I was referring to your practice of marking *outbound* mail using DSPAM.

So: Assume I'm your customer, and I send a postcard to a friend. When I visit her house, I find that the person I paid to deliver my message has written *SPAM* on it in red ink first. I feel like it's rude to do this without giving the sender notification of some kind (but better would be not to do it).

2. Does outbound spam flagging provide any meaningful data to remote systems?

No, unless you have an agreement with that external provider.

Hmm. So I wonder why Orcon would be going to the overhead of DSPAMing outbound mail, if none is blocked (so there is no improvement in your reputation) and there is no advantage in doing so (unless there is a second part to your answer? " ... and we have arrangements with A, B and C.")

3. If the idea is to protect the Orcon network reputation by reducing spam, why even deliver emails which are flagged as spam?

In the effort to reduce Spam you can safely assume that many providers drop a very large amount of inbound email as Spam, from previous positions i know we dropped a significant amount of Spam. I am not sure i can say what significant == but some light googlepedia searching will give you reasonable answers.

However we also try to strike a balance where by the customer can decide what they want to have delivered, some people want the Spam, just marked as such and placed somewhere for later review.
Others just bin it.

Again, I confused things by not being 100% specific that I was referring to outbound mail only. I understand the reasons for inbound spam filtering. Are you able to answer the above question with respect to outbound mail?

3. If the idea (of flagging outbound mail using DSPAM) is to protect the Orcon network reputation by reducing spam (outbound from Orcon's network), why even deliver emails which are flagged as spam (and have been sent by Orcon customers to external networks)?

4. Wouldn't it make more sense to notify customers that their IP had sent emails which appeared to be spam, either by refusing to send the messages, or by quarantining / flagging and delivering a notification to the account holder or sender?

In effect we do this, although not as elegantly as we would like to, we do this with the worst offenders.
Infected machines are also only one vector for Spam to enter a network like ours so although it might seem a better way it would not be the only way, and it adds complexity to an already complex system.

For two customers with "small business" email usage profiles, I have had them contact me because they found that some emails were not reaching their customers. When I investigated I found that they were sending via Orcon (SMTP is part of your service package) and that you were marking their mails as spam without notification.

If only the worst offenders are notified, then it seems like the current situation favours those people who actually send spam (they at least get alerted to the situation) while others have their mail disappear into thin air (or junk folders). That doesn't seem like the best arrangement.

To reduce complexity, perhaps Orcon might consider not running DSPAM on outbound mail, as the benefits may be nil (q2 above) and the cost appears to be high (DSPAM marks >50% of legit mail as spam based on my unscientific assessments).

5. If nothing else, wouldn't it help to engage the X-DSPAM-factors header for outbound mail? That way customers who are flagged as spam can learn that the issue is with their ADSL IP address being blacklisted, or their email containing suspicious keywords, or whatever.

I personally dont think the average customer would have any clue what X-DSPAM-factors is telling them, sure some would but the majority would not.

I think what you may be suggesting is a rating inserted into the message that is easy enough to understand?

From past experience, response time on Orcon support tickets regarding email is best measured in weeks, and many tickets simply seem to go unhandled. Turning on X-DSPAM-factors would allow me to be very specific with the first contact: Hey, loadbalancer1 is blacklisted for Hotmail. Otherwise we have to sit through a couple of cycles with a support "tech" posting back canned replies which don't relate to the issue described.

No, not a dumbed down rating. If you insist on marking messages your customers send as spam, you owe it to your customers to give them the information they need to avoid this treatment. Otherwise your SMTP service, paid for by your customers, is nothing but a gamble.

Technical people may understand the nature of technology and that some messages might not make it. The "average customer" you refer to trusts email the same way they trust the phone, power and postal services.

Where I have used this in the past it can lead to increased calls to the helpdesk with people asking 'Why are you putting stuff in my email' etc or even more interesting, trying very hard to get the best score - being the highest...

You're already putting stuff in their email. I'm suggesting you either stop putting it in the outbound email, or give your customers meaningful information to help them avoid it getting put there.

Huh, I was able to put some words around all of those...
No idea if it answers the questions you really had but there you go.

I really appreciate your replies, and apologise for not being more specific about the outbound nature of this issue when I first asked.

Currently DSPAM marks about 50% of one customer's legitimate email as spam. When we route mail through a provider like Gmail, we see much more correct behaviour (SPF checks honoured and the like). Your DSPAM marks your own support ticket emails as spam. I believe this suggests a poor DSPAM config, but at least it can be disabled or ignored on inbound mail. Outbound DSPAM is not helping!