Blocked By Earthlink
According to earthlink our newsletter "may be re-added in the future should the server be discovered to again be open for relay". Just one big problem with that statement, we have never been an open relay!
We use mailman for our StarryMessenger.net newsletter and send it out from starrymessenger@starryskies.net (Google Apps hosted). No one is allowed to post to the list and we also set it up so that our own posts are moderated to insure no spam ever gets through to the list. http://support.earthlink.net/articles/email/email-blocked-by-earthlink.phpsa... the block may occur for several reasons: EarthLink has received numerous complaints about the server that handles your email. The IP address of your email server is dynamic (changes daily) Your IP address has been listed as spam by industry references. Your rDNS (Reverse DNS) is not up-to-date and accurate. Your rDNS is the hostname associated with the IP address of your email server and should look similar to “mail.example.com”.
That doesn't say anything about open relays, but the email below does, and of course we never heard about any of these so called "several complaints." The other 3 items listed don't apply, ie not a dynamic IP, rdns is setup and we have never been on a DNSBL.
We migrated the server to a VPS from speakeasy and added DKIM a couple of months ago, but other than that it has been the same exim4 and mailman setup for years. And of course we keep the software updated and upgrade the distribution software.
Later the earthlink page says to include the bounce message, and just how are we supposed to do that with mailing list software that is designed to handle these bounces?
This isn't even a discussion list where it would be more likely for this sort of thing to be flagged as an open relay. A quick search on google for earthlink feedback loop brings up pages not hosted by earthlink. So does anyone have suggestions how to get this mess straight to avoid these problems in the future?
A bit of our exim log: 2011-06-18 06:36:43 1QXnsP-0000sh-LC ** ****@earthlink.net R=dnslookup T=remote_smtp: SMTP error from remote mail server after MAIL FROM:< starrymessenger-bounces@starrymessenger.net> SIZE=22095: host mx4.earthlink.net [209.86.93.229]: 550 IP 68.68.99.81 is blocked by EarthLink. Go to earthlink.net/block for details.
The auto reply to our request to be unlocked:
Hello starrymessenger@starryskies.net,
We have removed the block on mail originating from 68.68.99.81, please allow 2-24 hours for normal email traffic to resume. Please understand that IPs previously removed from the EarthLink Correct Connect database may be re-added in the future should the server be discovered to again be open for relay.
Regards,
-- Earthlink Abuse Department blockedbyearthlink@abuse.earthlink.net http://www.earthlink.net/about/policies/use.faces
Thanks, Chuck
On 6/19/2011 1:18 PM, Chuck Peters wrote:
The Exim log entry should suffice, but given how brain dead earthlink sometimes seems, it may not. If you need an actual DSN, you can be sure that the list's Bounce processing -> bounce_notify_owner_on_disable is Yes and wait for an earthlink member to have delivery disabled, at which time the owner will receive a copy of the DSN with the disabled notice.
I've been blocked by earthlink. At one point, I was sending my personal mail from a machine with a fixed IP and full circle DNS, but with a 'generic' FQDN like netblock-68-183-193-239.value.net, and earthlink blocked me. I changed the name and had the rDNS PTR changed to msapiro.net, and they eventually unblocked me. I'm not sure if earthlink has blocked me on other occasions or not, but I have also been blocked without justification by Comcast and Microsoft (Hotmail and MSN).
Earthlink, like many other ISPs, will not actually tell you why you were blocked because they think it gives away their secret spam fighting algorithms. The only thing you can do is be sure your mail server follows best practices as outlined in Section 2.1 of RFC 1912 <http://tools.ietf.org/html/rfc1912>. Also see <http://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS>.
Publishing SPF records may help, particularly with Microsoft.
If you are repeatedly blocked by an ISP, it is sometimes effective to have your list member who is their customer do the complaining. Some ISPs are more willing to actually listen to their paying customer than to someone they write off as a spammer. To do this effectively, you may need to help your user with drafting complaints and interpreting responses, but it can get the ISPs attention.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Chuck Peters writes:
I have confirmed that the server at the IP you list is not currently open to relay by me. However, it's possible in theory that the host (which seems to be registered to you according to whois) has been cracked by somebody and is intermittently open to relay.
You do understand that Mailman has nothing to do with being an open relay, right? "Open relay" means that your smtpd (Exim) will accept mail from anywhere and send it anywhere. OTOH, it seems quite likely that as you say your server has never been an open relay and it's Earthlink that doesn't know (and probably doesn't care) what it is talking about.
Note that AFAIK Earthlink is 100% within its rights to refuse mail from anybody for any reason.[1] Your only real recourse is to convince their stakeholders (especially, as Mark suggests, your subscribers who are their paying customers) that their ISP is making delivery of *their* mail unreliable (e.g., IP-based blocks means that Earthlink doesn't know or care if it's from their mothers :-), and deliberately making it difficult for you to ensure reliable delivery of mail they have requested from you.
We migrated the server to a VPS from speakeasy and added DKIM a couple of
Uh, did you know this?
steve@uwakimon ~ $ host speakeasy.com speakeasy.com has address 207.217.125.50 speakeasy.com mail is handled by 5 mx01-dom.earthlink.net. speakeasy.com mail is handled by 5 mx00-dom.earthlink.net.
A complaint to the Federal Trade Commission about predatory practices may be in order. <0.5 wink />
The IP presumably changed, and therefore you may have been screwed by poor management of a former user of the IP at the VPS, or perhaps the IP was allocated by the VPS's ISP. Ie, *that IP* could easily have been an open relay in March (or whenever), and you simply inherited the Earthlink block.
For obvious reasons, ISPs tend to be pretty tight with that kind of information when allocating IPs to new customers.
As Mark says, you can manually set copies of the bounces to go to owner. This is arguably a flaw in Mailman. In theory it should be possible to analyze the mail and send a copy to the list owner for many "administrative" bounces. In particular a 550 response as in your bounce message is an administrative bounce. I don't know how expensive, either in programmer effort at write-time or CPU cycles at runtime, this would be though, or what percent of administrative bounces could be practically caught.
Footnotes: [1] I happen to agree with that as social policy/law, but that's beside the point unless you want to discuss with me.
On 6/20/11 1:01 AM, Stephen J. Turnbull at stephen@xemacs.org wrote:
Speakeasy the ISP is speakeasy.net. Speakeasy.com is an unrelated software vendor. While I assume the OP is talking about Speakeasy.net, I do not see VPS mentioned as one of the services they offer (note that I am a very satisfied Speakeast.net DSL customer).
-- Larry Stone lstone19@stonejongleux.com http://www.stonejongleux.com/
On 6/19/2011 1:18 PM, Chuck Peters wrote:
The Exim log entry should suffice, but given how brain dead earthlink sometimes seems, it may not. If you need an actual DSN, you can be sure that the list's Bounce processing -> bounce_notify_owner_on_disable is Yes and wait for an earthlink member to have delivery disabled, at which time the owner will receive a copy of the DSN with the disabled notice.
I've been blocked by earthlink. At one point, I was sending my personal mail from a machine with a fixed IP and full circle DNS, but with a 'generic' FQDN like netblock-68-183-193-239.value.net, and earthlink blocked me. I changed the name and had the rDNS PTR changed to msapiro.net, and they eventually unblocked me. I'm not sure if earthlink has blocked me on other occasions or not, but I have also been blocked without justification by Comcast and Microsoft (Hotmail and MSN).
Earthlink, like many other ISPs, will not actually tell you why you were blocked because they think it gives away their secret spam fighting algorithms. The only thing you can do is be sure your mail server follows best practices as outlined in Section 2.1 of RFC 1912 <http://tools.ietf.org/html/rfc1912>. Also see <http://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS>.
Publishing SPF records may help, particularly with Microsoft.
If you are repeatedly blocked by an ISP, it is sometimes effective to have your list member who is their customer do the complaining. Some ISPs are more willing to actually listen to their paying customer than to someone they write off as a spammer. To do this effectively, you may need to help your user with drafting complaints and interpreting responses, but it can get the ISPs attention.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Chuck Peters writes:
I have confirmed that the server at the IP you list is not currently open to relay by me. However, it's possible in theory that the host (which seems to be registered to you according to whois) has been cracked by somebody and is intermittently open to relay.
You do understand that Mailman has nothing to do with being an open relay, right? "Open relay" means that your smtpd (Exim) will accept mail from anywhere and send it anywhere. OTOH, it seems quite likely that as you say your server has never been an open relay and it's Earthlink that doesn't know (and probably doesn't care) what it is talking about.
Note that AFAIK Earthlink is 100% within its rights to refuse mail from anybody for any reason.[1] Your only real recourse is to convince their stakeholders (especially, as Mark suggests, your subscribers who are their paying customers) that their ISP is making delivery of *their* mail unreliable (e.g., IP-based blocks means that Earthlink doesn't know or care if it's from their mothers :-), and deliberately making it difficult for you to ensure reliable delivery of mail they have requested from you.
We migrated the server to a VPS from speakeasy and added DKIM a couple of
Uh, did you know this?
steve@uwakimon ~ $ host speakeasy.com speakeasy.com has address 207.217.125.50 speakeasy.com mail is handled by 5 mx01-dom.earthlink.net. speakeasy.com mail is handled by 5 mx00-dom.earthlink.net.
A complaint to the Federal Trade Commission about predatory practices may be in order. <0.5 wink />
The IP presumably changed, and therefore you may have been screwed by poor management of a former user of the IP at the VPS, or perhaps the IP was allocated by the VPS's ISP. Ie, *that IP* could easily have been an open relay in March (or whenever), and you simply inherited the Earthlink block.
For obvious reasons, ISPs tend to be pretty tight with that kind of information when allocating IPs to new customers.
As Mark says, you can manually set copies of the bounces to go to owner. This is arguably a flaw in Mailman. In theory it should be possible to analyze the mail and send a copy to the list owner for many "administrative" bounces. In particular a 550 response as in your bounce message is an administrative bounce. I don't know how expensive, either in programmer effort at write-time or CPU cycles at runtime, this would be though, or what percent of administrative bounces could be practically caught.
Footnotes: [1] I happen to agree with that as social policy/law, but that's beside the point unless you want to discuss with me.
On 6/20/11 1:01 AM, Stephen J. Turnbull at stephen@xemacs.org wrote:
Speakeasy the ISP is speakeasy.net. Speakeasy.com is an unrelated software vendor. While I assume the OP is talking about Speakeasy.net, I do not see VPS mentioned as one of the services they offer (note that I am a very satisfied Speakeast.net DSL customer).
-- Larry Stone lstone19@stonejongleux.com http://www.stonejongleux.com/
participants (4)
-
Chuck Peters -
Larry Stone -
Mark Sapiro -
Stephen J. Turnbull