6/7/2003 Getting tighter and tighter on spammers...

[admin]

EDIT: All block lists have been removed becasue they wre just to tight.. We are working on some other ideas..

[admin]

Also a very good site for spam times and filters
http://www.geocities.com/spamresourc...ter-server.htm

Since you guys implemented this spam filter, I am unable to send email to many places, including vortechosting.com. I have recieved 2 different NDRS from two different networks and mail servers:

NDR #1:

Your message did not reach some or all of the intended recipients.

Subject: AtMail question
Sent: 6/7/2003 2:49 PM

The following recipient(s) could not be reached:

support@vortechhosting.com on 6/7/2003 2:49 PM
There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.
<lionfield01.corp.lionfield.net #5.5.0 smtp;553 Yipes Communications spam house banned>


NDR #2:

Your message did not reach some or all of the intended recipients.

Subject: AtMail Question
Sent: 6/7/2003 2:53 PM

The following recipient(s) could not be reached:

'support@vortechhosting.com' on 6/7/2003 2:53 PM
553 Comcast trojan proxy spam network banned



Being that I have a lot of customers on the Comcast and Yipes networks, this could cause a major problem for me. I think you may have tightened the restrictions just a little too much. THis is precisely why we STOPPED using the spamhaus RBL on our mail servers. WAY too many false postivies.

Also, I left a voicemail since I couldn't email through. No need to call back if you can respond via forum. Thanks,

Ben

I still can't mail from any of my external email addresses to my reseller domain due to the SPAM filters. I can't open a trouble ticket because I can't even send a mail to support@vortechhosting.com. This SPAM filter is way too tight. I understand how hard it is to find an effective filter that is not too restrictive, but despite how much I hate spam, I'd rather be sure all my legitimate email is actually getting through. I think most resellers and our clients alike would agree with this. Please let me know if this is being worked on.

Note: I'm am quite positive that all of the mail servers I have tried sending through are not open-relay OR listed by any of the major RBL lists.

[areka]

I'm having problems sending email to @activ8inc.com hosted with you.
When will you stop fighting spammers and let us use email in peace?

[MEELAN]

Here is another SPAM

---------------
Received: (qmail 84930 invoked by uid 399); 7 Jun 2003 20:28:01 -0000
Delivered-To: MYDOMAIN-MYNAME@MY_DOMAIN.com
Received: (qmail 84926 invoked from network); 7 Jun 2003 20:28:01 -0000
Received: from unknown (HELO mail1.hsphere.cc) (195.161.75.195)
by mail1.hsphere.cc with SMTP; 7 Jun 2003 20:28:01 -0000
From: "zobt0r@mail1.hsphere.cc" <zobt0r@mail1.hsphere.cc>
To: Nice day <niceday@mail1.hsphere.cc>
Content-type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Subject: Welcome to my country.
X-UIDL: =+T"!!H_"!obP!!-p)"!
Status: U

Hello!<br><br>You have received a postcard. You can see it <b><a href='http://postcards.rin.ru/postcards/post/humour1.html'>here.</a></b><br><br>For music-lovers: <a href='http://mp3.rin.ru/index_e.html'><b>Free 100 000 mp3-files</b></a><br><br>For extreme-lovers: <a href='http://hobby.rin.ru/index_e.html'><b>All of extreme</b></a><br><br>Only for adults: <a href='http://eros.rin.ru/index_e.html'><b>SEX-TEST</b></a> and <a href='http://wallpapers.rin.ru/index_e.html'><b>WALLPAPERS</b></a><br><br><br>For womens: <a href='http://astro.rin.ru/eng/index.html'><b>ASTROLOGER ON-LINE</b></a><br><br><br>For men: <a href='http://psy.rin.ru/eng/index.html'><b>PSYCHOLOGIST ON-LINE</b></a><br><br><br>And for all: <a href='http://humor.rin.ru/photo_e.html'><b>Surprise!</b></a><br><br>Goodby, Gerry.<br><br><br><br><br><br><br><br><br><br><br> <br><br><br><br><br><br><br><br><br><br><br><br><b r><br><br><br><br><br><br><br><br><br><br><br><br> <br><br><br><br><br><br><br><br><small><p>You can refuse to receive letters. For that just <a href=mailto:unsubscribedel@mail.ru?Subject=Delete> send</a> a letter to unsubscribe14@fromru.com with the subject: DELETE.</p></small>

[Vixen]

Quote:

Originally posted by areka

When will you stop fighting spammers and let us use email in peace?

If we don't fight the spammers you won't be able to email at all.

[admin]

lankan, added.. Thanks

But don't post these here just yet I will be making a forum just for this..

[admin]

Quote:

Originally posted by brutter
Since you guys implemented this spam filter, I am unable to send email to many places, including vortechosting.com. I have recieved 2 different NDRS from two different networks and mail servers:

NDR #1:

Your message did not reach some or all of the intended recipients.

Subject: AtMail question
Sent: 6/7/2003 2:49 PM

The following recipient(s) could not be reached:

support@vortechhosting.com on 6/7/2003 2:49 PM
There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.
<lionfield01.corp.lionfield.net #5.5.0 smtp;553 Yipes Communications spam house banned>


NDR #2:

Your message did not reach some or all of the intended recipients.

Subject: AtMail Question
Sent: 6/7/2003 2:53 PM

The following recipient(s) could not be reached:

'support@vortechhosting.com' on 6/7/2003 2:53 PM
553 Comcast trojan proxy spam network banned



Being that I have a lot of customers on the Comcast and Yipes networks, this could cause a major problem for me. I think you may have tightened the restrictions just a little too much. THis is precisely why we STOPPED using the spamhaus RBL on our mail servers. WAY too many false postivies.

Also, I left a voicemail since I couldn't email through. No need to call back if you can respond via forum. Thanks,

Ben

Thanks I will look in to this ASAP. Is there any way you can give me an IP you were sending from on both of these?

As Yipes and Comcast are both listed for very good reason:

http://www.spamhaus.org/sbl/listings...nothing=Search

http://www.spamhaus.org/sbl/listings...nothing=Search

[admin]

Quote:

Originally posted by brutter
I still can't mail from any of my external email addresses to my reseller domain due to the SPAM filters. I can't open a trouble ticket because I can't even send a mail to support@vortechhosting.com. This SPAM filter is way too tight. I understand how hard it is to find an effective filter that is not too restrictive, but despite how much I hate spam, I'd rather be sure all my legitimate email is actually getting through. I think most resellers and our clients alike would agree with this. Please let me know if this is being worked on.

Note: I'm am quite positive that all of the mail servers I have tried sending through are not open-relay OR listed by any of the major RBL lists.

Can you give me the IP your trying to send from. As both of the ISP's you listed do have some of there IPs blocked.

Sure,

The IP for the first NDR (Yipes Communications) is 66.7.190.125 (or the entire 66.7.190.0/25 block for that matter). The IP for the second was 66.54.228.173 (Comcast).

The reason that I see this being a problem is because Yipes is a major East Coast fiber provider, with a heavy web-hosting company customer base. As such, blocking them is blocking a very large number of shared-hosting and dedicated hosting customers out there.

While I'm sure comcast generates a lot of SPAM, it is also one of, if not the largest cable provider in the nation. This means literally millions of subscribers would not be able to send mail to/from Vortech servers. This will serve for nothing more than jamming my customer support system and probably yours as well.

While I sincerely appreciate the efforts to cut back on SPAM, please do not lose focus on the need for 100% of legitimate mail to successfully reach it's destination. All of my hosting customers are businesses and will not understand what an 'NDR' or a bounced email means. In their eyes, it's simply a problem that isn't theirs (but rather mine) and will want it fixed asap. Additionally, I can't afford for them to miss that 'One' important email because the sender happened to be on a provider that has a few spammers on it. Blocking Open Relays is one thing. Blocking entire ISPs is a whole different ballgame.

Please don't take this as a flame, I'm just a bit concerned about the effects it could have on my customer base come Monday morning. I'm sure you can understand. Please let me know if you need any further information from me regarding this issue.

Is someone working on email 2.0?

A spam proof email system would be worth millions

The Comcast list consists entirely of single IP addresses, and is actually a lot shorter than I'd have thought it would be. I'm not sure exactly what their delisting policy is but an innocent bystander using a tainted IP address should have no trouble getting off the list.

A major provider with nothing larger than a /24 listed does indicate that they're pretty careful in limiting the range of impacted addresses to those which are under the control of known offenders.

This is not to say that false positives aren't anathema, and for that reason we opted against using RBLs that we were less confident about. If there is a pattern of false positives generated either by an RBL or by our configuration, we'll do our best to isolate and nix the problem.

[Brangwyn]

Oi ! gimme my Avatar back

RBL's really are a little hit and miss, but somethings better than nothing, though sometimes I really wonder whether spam filters make that much of a difference.

The resources used in cheking an incoming email vs spamlists, blacklists etc is actually more than it is just to let the server receive the email and let the end user deal with it, catch 22 really.

Mmm, I'll have to replace the avatar with another version of Beastie at the earliest opportunity.

RBLs do make a difference in terms of resources. The way the typical RBL operates is via DNS lookups. The burden of hosting and checking the list is shifted to the DNS servers, be they local or remote.

With a single DNS lookup, the mail server can reply to inbound spam with a simple SMTP 5xx reject and slam the door. The inbound content does not have to be accepted, transferred and written to disk, does not have to be served to its intended recipient via POP3, IMAP or what-have-you, and generally takes up zero resources after it's been rejected and logged. In brief, resources stolen by spam rejected via RBL are a fraction of those used by an accepted message.