On Tue, 28 Sep 2010, Hung Phan wrote:

We are a school district which sends out legitimate messages about school information to parents but last week, we were tagged by spamrats as spammer. An important message did not reach all the subscribers because the local ISP which hosts many of our parents' emails, subscribes to spamrats as one of the anti-spam source.

I don't know anything about Spamrats, but one of the ways this happens is that some users are deciding to mark Email as spam when they no longer want to receive it, instead of unsubscribing. So it may even be a user of this very ISP which has done this.

What I recommend doing is finding out if this ISP has some kind of a feedback loop, where you can get notification of spam reports instead of them being acted upon. Spamrats might also have such a loop.

Unfortunately, to keep delivery alive to everyone, you've got to be on everyone'se feedback loop, and some people have fairly stringent requirements (e.g. Yahoo requires DKIM or SPF).

For more info, see http://www.spamhaus.org/faq/answers.lasso?section=ISP%20Spam%20Issues

Geoff.

Hung Phan wrote:

What measures can we take to prevent us from being tagged as spammer again? All our lists are always set to not allow non-members post. Is it even worth $102 annually to be on whitelisted.org? I believe whitelisted.org will drop us immediately out of the whitelist as soon as we somehow trigger the spamrats again.

I would never give a dime to whitelisted.org. My IP was recently listed in UCEPROTECT-Level2, not because of anything having to do with its SWIPed block of 256 IPs, but because of something having to do with an IP in the upstream provider's block of 16,384 IPs.

I could have gotten removed from UCEPROTECT-Level2 by paying whitelist.org to be whitelisted, but this whole notion of guilt by association with massive IP blocks which contain thousands of addresses which I have nothing to do with other than using the same co-location provider, and paying to be removed smells like extortion to me.

What spamrats list were you on? If you have a static IP, properly configured with full circle DNS, you should never be on their RATS-Dyna or RATS-NoPtr lists, and no clueful ISP should use their RATS-Spam list except perhaps as a component of a score.

If your list mail is sent in the same way as your post, it takes a rather circuitous route, at least one aspect of which is suspicious. It goes from host-198-236-7-11.canby.k12.or.us to python.org via Google and Postini. This may be OK, but what IP is actually blacklisted?

The suspicious thing is that your outgoing server, host-198-236-7-11.canby.k12.or.us, IP 198.236.7.11, appears to identify itself by its internal network address 10.30.177.26 rather than its actual name or IP. Could it be this IP that was listed? In any case, your internal network address should not be used in this context.

-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan