Indianapolis computer service indiana it service and network support         L5 Solutions - Blog      // We make IT easy

    indianapolis computer service



Spam blocklists – what if the lists are wrong

Aug 14th, 2009 | Posted by | Filed under Indianapolis IT support

Today I’ve seen some NDR (non delivery report) email messages bounced back to mail servers from earthlink.net:  #5.5.0 smtp;550 550 Dynamic/zombied/spam IPs blocked. Write blockedbyearthlink@abuse.earthlink.net>.  So at first I didn’t think much of it assuming it was a false positive and I would get with earthlink and have them review the server and they would see it is not an open relay, not sending out spam, not a dynamic ip address, etc… but when I send a message to earthlink form another mail server domain I got another ndr bounce message: #5.5.0 smtp;550 Unknown local part openrelay in <openrelay@abuse.earthlink.net>>
Now this is when I have to think there is something strange going on because no changes have been made to these mail servers recently and have always been secured from the beginning.  So to be sure I checked the cbl and spamhaus blocklists, the mail servers are not listed, I checked the spam database on dnstools and they are also not listed.  I checked to verify they are not seen as an open relay and they are not.
So, my question is what happens if the spam blocklists get it wrong?  I’ve had some experience with sites being listed for a day or so due to some change by the blocklists, but were ultimately removed because the mail servers were in fact secure. The real issue in this case though, is that even when I send to request reconsideration for one mail server to be removed I get blocked even when sending from another mail server.  I even tried sending to openrelay@abuse.earthlink.net from my yahoo account and received an NDR from there as well.
So it seems earthlink.net is having some mail server issues at present.
As usual I thought it best to take a proactive approach to resolve this issue and visited the earthlink website to see if I can submit directly from their site or find out more information about their abuse and open relay block lists.  I do not see any message on their site about known issues under the mail server services support area, but I’m sure there are mail administrators and network admins working hard to resolve the issue.

Today I’ve seen some NDR (non delivery report) email messages bounced back to mail servers from earthlink.net:  #5.5.0 smtp;550 550 Dynamic/zombied/spam IPs blocked. Write blockedbyearthlink@abuse.earthlink.net>.  So at first I didn’t think much of it assuming it was a false positive and I would get with earthlink and have them review the server and they would see it is not an open relay, not sending out spam, not a dynamic ip address, etc… but when I send a message to earthlink form another mail server domain I got another ndr bounce message: #5.5.0 smtp;550 Unknown local part openrelay in <openrelay@abuse.earthlink.net>>

Spmahaus - one of the respected spam blocklists to reduce spam from dynamic ip addresses, known spammers, open relays and other offending mail servers.

Spmahaus - one of the respected spam blocklists to reduce spam from dynamic ip addresses, known spammers, open relays and other offending mail servers.

Now this is when I have to think there is something strange going on because no changes have been made to these mail servers recently and have always been secured from the beginning.  I’ve had complete control over one Exchange mail server from setup and have been administering another of the Exchange mail servers for several years.  So to be sure I checked the cbl and spamhaus blocklists,the mail servers are not listed, I checked the spam database on dnstools and they are also not listed.  I checked to verify they are not seen as an open relay and they are not.  I checked the Exchange mail server settings in ESM.  Nothing has changed.

So, my question is what happens if the spam blocklists get it wrong (the large email providers)?  I’ve had some experience with sites being listed for a day or so due to some change by the blocklists, but were ultimately removed because the mail servers were in fact secure. The real issue in this case though, is that even when I send to request reconsideration for one mail server to be removed I get blocked even when sending from another mail server.  I even tried sending to openrelay@abuse.earthlink.net from my yahoo account and received an NDR from there as well.

So it seems earthlink.net is having some mail server issues at present.

As usual I thought it best to take a proactive approach to resolve this issue and visited the earthlink website to see if I can submit directly from their site or find out more information about their abuse and open relay block lists.  I do not see any message on their site about known issues under the mail server services support area, but I’m sure there are mail administrators and network admins working hard to resolve the issue.

FacebookTwitterLinkedInShare
No comments yet.
You must be logged in to post a comment.