rahlquist
Redeye
join:2001-10-30
Villa Rica, GA
| Bellsouth blocking my legit email server
Hey everyone,
Going to try to keep this short. I have run my own domains for 11 years. Usually on large host companies but currently my server is being hosted at a slightly smaller company but its still not on bellsouth/at&t network. My in-laws live in the stix. So they had dialup for a long time and kept changing ISP's. To provide them with some long term email addresses I provided them with email addresses on one of my domains that forwards to their current ISP's email address, this way they didnt have to change email addresses every time they change ISPs until now.
Suddenly bellsouth has started some sort of automated blocking measure agains my server. Despite the fact that my server is not an open relay, nor is it on an RBL they started blocking on 9/1. I follwed their directions on »www.postmaster.bellsouth.net/ for contact and got a canned response back and they unblocked me with stern warning it could happen again. I emailed them and asked for detail as to why they blocked me and never got any. So I let it go, big mistake.
Today I found they have been blocking me since the 9th again. Is there any human I can contact other than going through the stupid procedure where they wont really tell me whats going on? Out of all of their best practice policies the only one I dont do and that I refuse to do is to block all email on RBL lists. Sorry but lots of email admins would agree with me its not a good ideal to only block based on RBL, rather RBL should be a part of the factoring for blockage.
Any thoughts folks?
--
Fed Up With Stupidity?
Patentlystupid.com |
|
FAQFixer
Premium
join:2004-06-28
Powder Springs, GA | You may not be the server spewing spam but another box on that hosting company could be. AT&T normally isn't going block a single IP, so if they block a large block of IPs you will be caught in the net. |
|
rahlquist
Redeye
join:2001-10-30
Villa Rica, GA
| Thansk FAQ, but the server under either IP doesnt show in any RBL I can find. The only possible reason I can find in the logs that they are calling my server an abuser is that I dont block on non FQDN hostnames. From what I can find this is a not common setting, it would require joe average to follow steps similar to »www.rockliffe.com/support/docs/h···0076.asp
»www.eudora.com/techsupport/kb/2580hq.html
Seems a bit much that ATT is expecting this level of settings from users?
--
Fed Up With Stupidity?
Patentlystupid.com |
|
rahlquist
Redeye
join:2001-10-30
Villa Rica, GA
| reply to rahlquist
Just figured I would follow up in case anyone is interested now or in the future. Here was the official response;
Thank you for writing AT&T WorldNet Service.
XXXXX.COM traffic is experiencing these blocks because it's traffic has been exceeding generous thresholds for allowable spam. In fact, 95% and 96% were the percentages of traffic that occurred when blocks were put in place against the IP your traffic arrives from. Please thoroughly search your logs or contact your hosting provider. These percentages are far higher than our thresholds and blocks will continue until the nature of the traffic changes.
Sincerely,
AT&T WorldNet® Service Postmaster
So basically either I start filtering spam as man in the middle for my in laws or bellsouth will ban my server from being able to send to the bellsouth domain at all. Keep in mind that we are talking about filtering incoming email for them from domains not under my control (they get 100-200 a day on those accounts combined). I hate spam as much as the next guy but to me dumping spam as man in the middle is like the mailman reaching into his bag and tossing out random bulk metered letters because it could be an advertisement.
What is even more disturbing is they didnt explain their methodology. I already block invalid domains and bad MX records and bad reverse lookups etc to a tune of more than 30% of my incoming email for the domains a day. So the only way I can guess BS is determining the remaining emails are still spam is by either RBL (still not the most reliable thing in the world) or via some filtering or baysean system.
Interesting enough though couldn't this remove them from their common carrier protection under section 230 of the CDA as a provider as they are now filtering select data.
--
Fed Up With Stupidity?
Patentlystupid.com |
|
NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
 ·Vonage
 ·AT&T Southeast
 ·Cingular Wireless
·AT&T CallVantage
2 edits | reply to rahlquist
It is unclear to me if AT&T is rejecting email that you are forwarding/relaying to their servers because AT&T is currently your in-laws ISP, or if you are also allowing your in-laws to use your SMTP server to send email, and that is the email that is rejected when the intended recipient is an AT&T customer.
If it is the latter, you can have your in-laws use their ISP's SMTP server to send their email, and you are off the hook.
If it is the former, then it sucks when you are caught in the middle, but it is a fairly common practice for an ISP (or any other provider of email services) to put the blame for incoming spam (no matter if it is real spam or a false positive) on the server which actually attempts to deliver to their server (ignoring the apparent original source, which may be spoofed or part of a botnet).
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.
Test your firewall. |
|
joako
Premium
join:2000-09-07
/dev/null | reply to rahlquist
Bellsouth email servers have NEVER been dependable. Maybe in a few years you will have AT&T Yahoo! email which might be better.
--
Am Heimcomputer sitz' ich hier, und programmier' die Zukunft mir |
|
logic1977
Premium
join:2001-02-11
Tucker, GA
| said by joako  :Bellsouth email servers have NEVER been dependable. Maybe in a few years you will have AT&T Yahoo! email which might be better. Everyone says this, but for me personnaly I have never had any issues. I've had service for about 7 years now without any problems with my email that I have noticed. |
|
clindner
join:2001-01-21
Lawrenceville, GA
| reply to rahlquist
Why waste your valuable time?
Set up your folks with gmail accounts, and forward their mail to their gmail addresses, skipping bellsouth entirely.
Also, I do exactly what you do, but my domain email is hosted by google, then forwarded to bellsouth, then to a gmail account. I would take BS out of this loop, except for the fact that I like to use the BS account when I access e-mail via my phone...
Triple filtering, works very well. |
|
NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
·Vonage
·AT&T Southeast
·Cingular Wireless
·AT&T CallVantage
| reply to joako
said by joako :Bellsouth email servers have NEVER been dependable. Maybe in a few years you will have AT&T Yahoo! email which might be better.
I am just curious, did you even bother to pretend to read the original post before making this irrelevant reply?
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.
Test your firewall. |
|
joako
Premium
join:2000-09-07
/dev/null | reply to rahlquist
I read the entire thread thank you very much. |
|
NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
·Vonage
·AT&T Southeast
·Cingular Wireless
·AT&T CallVantage
1 edit | said by joako :I read the entire thread thank you very much. Even though this post is tagged "reply to rahlquist" I am assuming that it was intended for me. If so, thank you for clarifying your position and for giving me a "heads up" on how to interpret your future posts. 
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.
Test your firewall. |
|
rahlquist
Redeye
join:2001-10-30
Villa Rica, GA
| reply to rahlquist
Yeah basically I either filter the email or they will just blacklist me.
Greetings,
Thank you for writing AT&T WorldNet Service.
Perhaps it would be a good idea to filter that mail before it is forwarded to the accounts here.
Sincerely,
AT&T WorldNet® Service Postmaster
--
Fed Up With Stupidity?
Patentlystupid.com |
|
rahlquist
Redeye
join:2001-10-30
Villa Rica, GA
| reply to rahlquist
I tried to email them and I am blocked again. So basically I am now hosting their email(something I feel about as good about as lending family money) because bellsouth cant handle the spamload....
--
Fed Up With Stupidity?
Patentlystupid.com |
|
scottmu
@bellsouth.net
| reply to rahlquist
I work for a webhosting company and we run into this type of problem all of the time.
Basically what it sounds like you are doing is you are accepting mail for your in-laws on your server and the forwarding those messages on to your in-law's bellsouth e-mail address. Basically following the path:
Internet --> somedomain.com --> bellsouth e-mail address
The problem here is that legitimate mail (non-spam) messages follow the exact same path as spam messages here.
A legitimate message is sent from the Internet to somedomain.com to bellsouth.
A spam message is sent from the Internet to somedomain.com to bellsouth.
When Bellsouth (or any mail server following this path) receives these spam messages, they see them as being sent from the server hosting somedomain.com. I can't speak for how Bellsouth handles this, but I would suspect that each time a spam message comes through, it increases the tally against the server hosting somedomain.com. Once this tally hits a certain limit... Bellsouth blocks it.
This is why forwarding mail is becoming such a big problem. Everywhere you look you see people complaining about the amount of spam they receive. I'm not saying that those complaints aren't valid, but because of those complaints, mail servers everywhere are stepping up their anti-spam measures. That's what it appears Bellsouth is doing.
To get by this problem, you should consider having your in-laws check mail accounts directly off of your server, i.e. literally checking those somedomain.com e-mail addresses. Or, your in-laws need to be advertising their @bellsouth.net address and bypassing the forwarding system all together. |
|
rahlquist
Redeye
join:2001-10-30
Villa Rica, GA
| Scott,
You described the situation exactly. Basically it was just to solve mine and my wifes problems with the way they bounced from isp to isp for a while because they lived in the sticks and got slow speeds. It certainly eliminated confusion.
There is danger inherent in BS's assumption that ever header is forged so therefore every spam coming from my box must have originated there. My biggest issue with this and one of the reasons I kept moving web hosts over the last years is I don't care how much spam an isp gets its a cost of doing business and they should not filter forcibly. I understand that sound crappy but until someone devises an whole new email system that secure and cant be spoofed by joe moron in 5 mins its a price we should pay.
I know its just my opinion and very few may agree but arbitrarily deleting email to me is like the a postal work walking their router and tossing out anything bulk rate because it might be an ad.
--
Fed Up With Stupidity?
Patentlystupid.com |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
1 edit | reply to rahlquist
Retracted in favor of a response to a different post in the thread. |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
| reply to rahlquist
said by rahlquist :Just figured I would follow up in case anyone is interested now or in the future. Here was the official response;
Thank you for writing AT&T WorldNet Service.
XXXXX.COM traffic is experiencing these blocks because it's traffic has been exceeding generous thresholds for allowable spam. In fact, 95% and 96% were the percentages of traffic that occurred when blocks were put in place against the IP your traffic arrives from. Please thoroughly search your logs or contact your hosting provider. These percentages are far higher than our thresholds and blocks will continue until the nature of the traffic changes.
Sincerely,
AT&T WorldNet® Service Postmaster Ah. I keep forgetting; the Bellsouth email service has been turned over to AT&T Worldnet, not the old SBC (formerly Prodigy) email service...
So basically either I start filtering spam as man in the middle for my in laws or bellsouth will ban my server from being able to send to the bellsouth domain at all. Keep in mind that we are talking about filtering incoming email for them from domains not under my control (they get 100-200 a day on those accounts combined). I hate spam as much as the next guy but to me dumping spam as man in the middle is like the mailman reaching into his bag and tossing out random bulk metered letters because it could be an advertisement.
What is even more disturbing is they didnt explain their methodology. I already block invalid domains and bad MX records and bad reverse lookups etc to a tune of more than 30% of my incoming email for the domains a day. So the only way I can guess BS is determining the remaining emails are still spam is by either RBL (still not the most reliable thing in the world) or via some filtering or baysean system.
Interesting enough though couldn't this remove them from their common carrier protection under section 230 of the CDA as a provider as they are now filtering select data.
AFAIK, only the ILEC POTS part of the service is listed as a "Common Carrier". DSL, like cable HSI, is not considered a "Common Carrier" by the FTC, or FCC, or whichever U.S. Gov't agency cares about such things.
This practice is not unique to AT&T/Bellsouth. Probably AT&T Worldnet (since these are their servers, as opposed to 'at&t Yahoo! HSI', which uses Yahoo! Mail SMTP servers, and runs there own SMTP servers under the 'prodigy.net' and 'sbc.com' domains, as well).
Other ISPs which block email forwarders include:
•Comcast
•Cox
•Charter
...based on threads in those forums that I have followed.
In your original thread you wrote:
quote:
...I provided (my in-laws) with email addresses on one of my domains that forwards to their current ISP's email address, this way they didnt have to change email addresses every time they change ISPs until now.
Is their current ISP Bellsouth?
Maybe you should seriously consider clindner 's suggestion about setting up the In-Laws with a GMail account.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
| reply to rahlquist
said by rahlquist :There is danger inherent in BS's assumption that ever header is forged... First, I really suspect it is not just Bellsouth, but AT&T Worldnet. And I have already explained that they are not alone. I have already listed other ISPs I know are doing the same thing.
Second, I don't think that they are assuming anything. They are just counting the ratio of spam to ham (good email), and blocking a server when the ratio approaches 1.
I have some email addresses set up as forwarders to my domain gateway mail server, but I am leery about forwarding to my 'pacbell.net' accounts; I don't know if the operators of the 'prodigy.net/sbc.com' mail servers (which are former SBC servers handling email for the nine legacy SBC domains) have similar blocking policies.
I also have a way to handle forwarded spam using SpamCop.net for reporting it. SpamCop has a method where I configure my mail hosts, so the SC parser can detect the trusted path email takes to me. In this way, spam reports go to the actual spam injector, not to the legitimate relay service. I suspect that AT&T Worldnet, and other email services, could allow a user to configure their mail hosts in a similar fashion, if they wanted. I doubt if they will do it, though; it would take some work to establish the algorithms. If they did allow it, the end user would submit a test email through their chain of mail hosts, and the AT&T Worlnet servers would then see their end user's trusted chain of mail hosts.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
rahlquist
Redeye
join:2001-10-30
Villa Rica, GA
| reply to NormanS
said by NormanS :Maybe you should seriously consider clindner 's suggestion about setting up the In-Laws with a GMail account. I did but that doesn't make it any less concerning/irritating. |
|
rahlquist
Redeye
join:2001-10-30
Villa Rica, GA
| reply to NormanS
said by NormanS : First, I really suspect it is not just Bellsouth, but AT&T Worldnet. And I have already explained that they are not alone. I have already listed other ISPs I know are doing the same thing. Prolly right there, its the new hotshot in town making new rules and procedures.
Second, I don't think that they are assuming anything. They are just counting the ratio of spam to ham (good email), and blocking a server when the ratio approaches 1. Actually they are assuming. They are assuming their filtering techniques are accurate and that they are properly labeling items spam and therefore their entire blocking of these emails is based on assumption. Unless they happen to be reading all the emails that my server forwarded to my in-laws. Keep in mind to that one persons spam is another persons ham or bacon (email I want just not right now). I actually get sale ads from companies I want to see!
I didn't mean to start a flame war or a holy war over this, I just wanted it to be clear to any customers who were formerly bellsouth customers that things are changing. If you think your getting the same service, surprise!
Back at the height of the spam empire, and I argue it used to be much worse, I was getting 24,000 spams a week on the email server I ran where I had a pretty good SpamAssassin and MailScanner system setup. Now with no change in my email addresses I am getting around 21,000 emails a week to process and I don't bother with SA anymore. I could set it up, and retrain a baysean filter and all that, but why? For something thats at best 95-98% accurate.
So bottom line (for me anyway) as anyone on any of the big spam filtering apps like SA will tell you. Nothing is 100% accurate, nor will it ever be which is why I refuse to filter anything 'automatically' tagged as spam and I reject bellsouths presumption that whatever their system says is spam definitely is.
If truth be told I think the only way we will ever see the email system as a whole 'fixed' and turned into something with some kind of wholesale tracking blocking etc is if we keep allowing the spam through, and fuss at the ISP's to stop blocking based on guesses and filtering. Make them and the big players all come sit down and make a new email system, one thats not based on antiquated procedures and protocols and make it open so nobody can say they cant inter-operate.
--
Fed Up With Stupidity?
Patentlystupid.com |
|
