Announcement

Collapse
No announcement yet.

Blacklists and e-mail headers

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Blacklists and e-mail headers

    hi,
    I was hoping someone would clarify that the originating IP and any smarthost used are both used by on-server and 3rd party, hosted spam solutions for making a decision on accepting/rejecting e-mail (headers below from domain with problems). In the example below, the smarthost is clean as a whistle, although the IP of the exchange server is on several blacklists.
    I've also noticed the public IP of the exchange server doesn't have a reverse dns associated with it; which i understand is one of the first checks made by the receiving MTA.
    Thanks for looking!


    Received: from <our 3rd party spam provider>
    (our exchange server i.P) with Microsoft SMTP Server id 14.1.218.12; Fri, 13 Jul 2012
    16:24:39 +0100
    Received: from smarthost not on blacklist ([x.x.x.x]) by
    <our 3rd party spam provider> ([x.x.x.x]) with SMTP; Fri, 13 Jul 2012
    16:25:32 WEST
    Received: from owa.companyname.com
    (internet-service-provider.com [IP address on blacklist] by
    smarthost not on blacklist (Postfix smtp) with ESMTPSA id C5468621291 for
    <[email protected]>; Fri, 13 Jul 2012 16:25:26 +0100 (BST)
    Received: from localnameofserver.domain.local ([IPv6]) by
    localnameofserver.domain.local([IPv6]) with mapi; Fri, 13 Jul
    2012 16:25:26 +0100
    From: name <[email protected]>
    To: me <[email protected]>
    Date: Fri, 13 Jul 2012 16:25:25 +0100
    Subject: email blacklist
    Thread-Topic: email blacklist
    Thread-Index: Ac1g8CphoSvrGY/HQvaaObyxyJ4QbgAABOfwAAQpSkAAAL8/wAAAgQOQ
    Message-ID: <[email protected] ameofserver.domain.local>
    References: <[email protected] ameofserver.domain.local>
    <[email protected] ameofserver.domain.local>
    <[email protected] geserver.domain.local>
    In-Reply-To: <[email protected] geserver.domain.local>
    Accept-Language: en-US, en-GB
    Content-Language: en-US
    X-MS-Has-Attach:
    X-MS-TNEF-Correlator:
    acceptlanguage: en-US, en-GB
    x-exclaimer-md-config: c7a47f58-7ce8-4d86-9cdf-52e685560d58
    Content-Type: multipart/alternative;
    boundary="_000_72C8B3CC6E26304A8D10929C02BC0CB02EB 71CF987MASTERSVRopcw_"
    MIME-Version: 1.0
    X-pstn-levels: (S:99.90000/99.90000 CV:99.9000 FC:95.5390 LC:95.5390 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
    X-pstn-dkim: 0 skipped:not-enabled
    X-pstn-settings: 5 (2.0000:2.0000) s cv gt3 gt2 gt1 r p m c
    X-pstn-addresses: from <[email protected]> [db-null]
    Return-Path: [email protected]
    X-MS-Exchange-Organization-AuthSource: myexchangeserver.domain.local
    X-MS-Exchange-Organization-AuthAs: Anonymous
    X-EXCLAIMER-MD-CONFIG: 23960e43-686d-4115-ab28-9e164227de38

  • #2
    Re: Blacklists and e-mail headers

    Surely this is a question to ask the blacklist provider?

    The major filtering services do not look at anything other than where the connection is coming from - so the last hop.

    Looking any further back would almost certainly cause a significant amount of email to be blocked because most consumers will be on a connection that is blacklisted - on what is known as DUL - dial-up lists or dynamic IP lists. A service cannot expect everyone to be sending email from clean IP addresses, either by a static address or only sending email from a web interface like Gmail, Hotmail etc. There are many people using their ISPs email service which will show in the headers as the first hop coming from their own computer and dynamic IP address.

    You haven't said who the filtering service is that is blocking the service, but it should also be pointed out that while one external address might be clean on the public blacklists, many providers will operate their own internal blacklists which you cannot query publicly. Only internal people can remove an address and that would usually take a complaint from one of their customers to do so, not from an external party.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Blacklists and e-mail headers

      hi Simon,
      Many thanks for your reply, and sorry for the delay in getting back to you.

      The IP of the exchange server is listed with Sorbs-DUHL and Spamhaus-Zen.

      I have just contacted them both so will post back with the outcome.

      Good point about the internal operated blocklists - something often overlooked in the service industry!

      Simon

      Comment


      • #4
        Re: Blacklists and e-mail headers

        Both of those lists are dynamic assigned net block lists, therefore you will not get off them.
        What I mean by blacklist provider was really the company using the blacklist, not Spamhaus et al. They just provide the raw information, how it is used is down to the individual mail service. Using that information to scan the entire path is simply asking for significant amounts of email to be blocked.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Re: Blacklists and e-mail headers

          We have requested a static IP from the carrier and this should be with us shortly.
          When you say company, do you mean the service, ie mailmarshal, Postini, GFI etc?
          Thanks for your help on this.

          Comment


          • #6
            Re: Blacklists and e-mail headers

            Whoever is blocking you. That could be a service if something like MessageLabs. If a company is operating the server themselves, then you would contact them, not the software vendor. Blacklists are just that - a list. How the list is used is down to the indvidual implementing their use.

            Simon.
            --
            Simon Butler
            Exchange MVP

            Blog: http://blog.sembee.co.uk/
            More Exchange Content: http://exchange.sembee.info/
            Exchange Resources List: http://exbpa.com/
            In the UK? Hire me: http://www.sembee.co.uk/

            Sembee is a registered trademark, used here with permission.

            Comment


            • #7
              Re: Blacklists and e-mail headers

              Thanks for clarifying that Simon!

              Comment

              Working...
              X