dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
9830
share rss forum feed

sblake

join:2001-03-15
Oklahoma City, OK

Has AT&T and/or Yahoo started filtering Spam?

All of a sudden the 75 to 100 spam emails I get daily have stopped. Has AT&T and/or Yahoo started filtering Spam?


McSummation
Mmmm, Zeebas Are Tastee.
Premium,MVM
join:2003-08-13
Fort Worth, TX
kudos:2
Based on the junk I'm seeing, the answer is "no".


Old_Grouch
Don't just sit there silly DO something
Premium
join:2004-05-26
Greenwood, IN
kudos:1
reply to sblake
Maybe --

In This Thread there has been some notice of a similar decline and a speculation that Yahoo is upgrading some of the servers to reduce the spam before it even gets near your account.

I've noted a similar reduction...from hundreds per day to hands full. So, I'm hoping the speculation is right. If it is, they may not have gotten to McSummation See Profile's server yet.
--
At Team Discovery we know how to get more outta that danged 'puter of yours!
If you paid taxes it's a rebate. If you didn't, it's welfare.


McSummation
Mmmm, Zeebas Are Tastee.
Premium,MVM
join:2003-08-13
Fort Worth, TX
kudos:2
After going back and looking at the Junk folder in my Thunderbird, it appears that the amount that came in through my SBC account is less than it used to be. Most now comes through my mcsummation account, which is unfiltered at the ISP.

Now, are the filters that Yahoo seem to be installing any better than the previous ones? I am concerned with ISP filtering because Yahoo's filters kept filtering out things I didn't want filtered. My primary account is at 1&1 and I specifically asked if they filtered and they said, "No, because we can't know what you consider junk and what's not."


icp1
Premium
join:2000-10-13
Saint Louis, MO
reply to sblake
I am still on the old accounts (.swbell) not yahoo, and I see the same thing.

I am seeing only a few-10 per day instead of the 300+ per day I used to get.

GB341

join:2004-12-08
Adrian, MO
reply to sblake
I too, have had a major reduction in spam the last few days. Instead of 50-60 a day I only had 3 today. Don't know why but I'm certainly not complaining.


rmyork

@suddenlink.net
I've seen a drop in SPAM by about 90%. Two real people are reporting that their emails to me are being blocked.

bwclark

join:2004-07-05
Eureka, CA
reply to sblake
Huge reduction in SPAM! I have four email addresses and normally get 100+ SPAM emails....down to less than 10.



montana3087
Say hello to my little friend
Premium
join:2001-05-03
Walnut Creek, CA
Reviews:
·AT&T U-Verse
reply to sblake
Yeah, I have to search through my spam anyway to make sure I didn't miss that important email I was waiting for and have noticed that the last couple of days it has been pretty much spam free. But I'm wondering if legit emails are being filtered too?
--
You know what? I have a ball. Perhaps you'd like to bounce it?


Larus Hale

@sbcglobal.net
reply to sblake
I too have experienced about a 90% reduction in Spam in the past few days, but I'm wondering where we can look to see what is being filtered out to see what legit emails, if any, are being filtered out. Does anyone know?
Larus


KKoch

@swbell.net
reply to sblake
I too have seen a hugh reduction in the spam in my inbox. Which is nice if all the filterd emails were actually spam. Unfortunately, a family member who is not 100% computer literate (80+ years old) sends me emails almost every day. Those emails are addressed to "Undisclosed Recipient". And to spam filters that usually means spam. BUT I don't use any of my ISP's filtering products. I have turned them off just so I can recieve my family members email. But it looks like they are filtering anyway.

I haven't been getting my family members emails in the last week.


ks_av8r
Premium
join:2003-09-17
Newton, KS
reply to rmyork
Just out of curiosity, are they receiving some type of notice that their email is being blocked?


KKoch

@swbell.net
I haven't heard anything....yet.


homenode
Premium
join:2007-11-18
Bullhead City, AZ
reply to sblake
Legitimate messages from non-at&t domains are being blocked by these new filters. The sender may receive a bounce response or not - at&t seems to have stopped sending bounce responses this afternoon.

There are several threads running on this problem here at DSLReports:

»Where did my spam go?
»Email Problems?
»Bellsouth blocking my legit email server

There is also a story at The Register on this:
»www.theregister.co.uk/2008/03/24···filters/

So, if you're with at&t (at&tworldnet, yahoo, sbcglobal, prodigy, pacbell, etc.) you should contact your support and find out if there is anything you can do to get information to non-at&t correspondents. Others are already reporting important business and personal email messages are being lost.

Hope this helps.

Fiscal

join:2007-11-13
Longview, TX
reply to sblake
I'm an sbcglobal.net customer. I too have noticed a great reduction in spam. My practice was to download everything, and items that were marked as [Bulk] went directly to my trash folder. I'd review those items which were normally spam and empty the trash... but the reviewing let me get legitimate messages that were mistakenly marked as spam. I liked this method of handling spam. Three questions:
1) Who is blocking my spam before I see it?
2) Why did they change the way spam is handled?
3) Can we make them go back to the old way so legitimate mail is not blocked?


KKoch

@swbell.net
reply to sblake
Just got off the phone with "Josh" @ATT tech support and he advised me to check the "Leave a copy of message on server" checkbox on my advanced properties menu in my Outlook Express mail account. I'm using Win 98, so it may be slightly different if you are using another MS OS.

Don't know if it's going to work, since I just changed it. But we'll see...

cheers


McSummation
Mmmm, Zeebas Are Tastee.
Premium,MVM
join:2003-08-13
Fort Worth, TX
kudos:2
said by KKoch :

Just got off the phone with "Josh" @ATT tech support and he advised me to check the "Leave a copy of message on server" ...
What the heck is that going to accomplish? If they've filtered it, it's already gone before it gets to your inbox on the server.


homenode
Premium
join:2007-11-18
Bullhead City, AZ

1 recommendation

reply to Fiscal
From what I've been able to find in research on this, at&t is blocking the spam in their pre-filter that is not user accessible. This is also where the virus filtering is done.

at&t changed the filtering to reject mail that is coming directly from SMTP hosts that are in a dynamic IP block. The reason for this is that the majority of spam originates from infected (or "p0wnd") home computers - nearly all of which get a dynamic IP address from their ISP. The bot infection that sends the spam is usually a stand-alone email program that, among other tricks to fool spam filters, attempts to send directly to an MX host (the equivalent of a DNS host for email) that is associated with the target email domain. This bypasses the possibility that the "public" email route for the target of the spam is actually a 3rd. party spam filter, thus ensuring that the mail gets delivered with only local Bayesian filtering - or no filtering - in place. (Bayesian filters, while good, are readily bypassed by the new spam engines.)

So blocking mail from dynamic IP addresses is a very strong tool for stopping the overwhelming tide of bot spam.

Unfortunately, there are many legitimate businesses and individuals that do run small email and web servers from dynamic IP addresses. (I'm one of them.) Often these are club list servers, or user group BBS - the type of thing that can be expected from "advanced amateur" computer users. This new level of filtering also blocks those servers.

It is a fair trade-off for the level of security it provides: legitimate SOHO mail servers make up only a few hundredths of a percent of the dynamic IP addresses out there, so they can either get static (non-changing) IP addresses (usually only US$20-100 per month more from their ISP, in combination with other useful services) or move their mail/BBS servers to a hosted server farm (also only a few dollars more per month).

You can try contacting at&t to ask about disabling the filtering for your account. It is very, VERY unlikely that at&t will do this for you - it defeats the entire purpose of applying the filter across their ENTIRE domain.

More useful would be to send an email to all the folks on your contacts list informing them that you are now protected by at&t's "super filter", and for them to reply to your message; when you get their reply, you will send THEM a reply stating that "You're OK, keep sending me mail". If they DO NOT get a reply from you, then they are BLOCKED, and need to either (a) rebuild their computer to remove a bot infection; (b) get a static IP address or (c) get a new email provider/hosting service that does NOT use a dynamic IP address or hosts known spam sources. Gmail, Yahoo! mail and MSN Live are all alternatives for cheap, WEB-based email services that are not being blocked.

This seems to be the end to a sad, sad tale. Since I live in a caravan ("motor-home" for the Yanks) I am never going to be able to get a static IP address. My alternative is buying hosted services, which I will do for my business and personal servers. I'm expecting this to be fairly expensive, much more so than the current investment I have in hardware and software for managing this via wireless. I've resisted this for years, primarily because I have to give up so much control, but it's time to move on.


Lizz
Premium
join:2002-10-22
Fullerton, CA
Brett,

I've heard that the problem is actually on the Yahoo! servers, not AT&T.

I don't know what they're doing, but today I'm receiving spam in my inbox: 5 so far today. None in the bulk/spam folder.

I do have a plain vanilla Yahoo address, but it rarely received spam in the past, and that still holds true. Doesn't get much legit email either, so it's not a good barometer of what's currently going on.


homenode
Premium
join:2007-11-18
Bullhead City, AZ
Lizz, it appears that the problem is over most of the at&t domains, not just Yahoo!. Also sbcglobal, attworldnet, prodigy, and some of the other RBOCs that are again part of at&t are all reporting this issue.

I've done some research into how they're using the PBL (Policy Block List), which is how this is being implemented. Ordinarily the fact that I use a MTA (mail transfer agent) at DNS2GO would be construed as having an "OK" IP address for mail acceptance, as all the MX (Mail Exchange) records for my domains point to the DNS2GO MTA, which has a set of static IP addresses that it uses. However, the originator address for my mail is from my PC, which is on a private subnet that is translated (NAT) to a dynamic public IP address by my gateway/modem. THIS address show as the original sender of the email, and it is THIS address that is being subject to PBL blocking.

As I mention above, I'm hosed because I can't get a static IP for a wireless modem (or at least not without paying upwards of $1000/mo), so I'm going to have to move my domains into a hosted server environment and give up mobile computing except for web mail. There are a few little bright points of light left, but I doubt that I'm going to be able to afford to continue with this experiment.

For more info on RBL, XBL, PBL, ROKSO and DROP, read the info at The Spamhaus Project:
»www.spamhaus.org/

Spamhaus is considered to be the "gold standard" of blocklists in the world. I use them for my own RBL/XBL/PBL block lists (their ZEN list). I was actually blacklisted by them way back in the early 1990's (I had an open relay - OOPS!) and they were very helpful in getting me fixed up and protected - and off their list for good. They explain how these systems work and what the up and down sides are.


ks_av8r
Premium
join:2003-09-17
Newton, KS
reply to Lizz
I'm experiencing the same, but on an swbell.net address. The bulk folder has caught one legit spam and 6 other obvious spam have made it to the inbox. There were 2 others in the bulk folder that were newsletters that someone in the house had subscribed too. Apparently ATT or Yahoo has backed off somewhat.


Lizz
Premium
join:2002-10-22
Fullerton, CA
reply to homenode
I'm not nearly technical enough to understand all this, but I do know I have a dynamic IP address, and I think that's true of most ATT DSL subscribers, and I don't think mail I send is being blocked, but I can't swear to that.

I can't imagine that my web hosting company is sending email from their support staff via a dynamic IP, but that's only a guess.

Maybe I'm not understanding what you're saying at all. All I can do is hope this mess gets resolved before too much longer!!


homenode
Premium
join:2007-11-18
Bullhead City, AZ
The good news, Lizz, is that your outbound email isn't impacted. Your mail goes to at&t's mail server and is routed for you by them. at&t is sending your mail for you and your address resolves back to their mail server - which is a static IP address and listed as a trusted sender.

Your hosting company is also most likely using a routing host with a static address; however, they may have other sites that route through that host that are considered spam sources, or other companies that use their hosting to re-direct mail and web hits to servers that ARE hosted dynamically. Because of these factors, your hosting company may be lumped together with the "bad apples" and getting their legitimate email blocked. Also, it is possible that some of their hosted web sites are infected with malware agents (this has been a HUGE problem for the past two weeks, hitting even security firms like Symantec and Trend Data) which is causing their IP address list to be blacklisted.

I seriously doubt that this is going to get resolved. The majority of at&t customers are ecstatic at not receiving any spam, and the few that have even noticed that messages are missing are telling their friends to switch over to at&t, or Yahoo! or one of the other RBOC (Regional Bell Operating Companies - the old "baby bells") services. It's only the very, very small number of SOHO businesses like us that are really impacted by this - and we're supposed to "know better" and host ourselves with a "legitimate" hosting company like Rackspace or Network Solutions. Or at&t business hosting.

So, for the foreseeable future, you're going to be losing email from sources that don't meet the new filter criteria. There's nothing we can do about this: I couldn't send you an email on a dare if I wanted to, because I'm blocked by at&t.

Deerfield (my current hosting company, where I've hosted for 15 years) can't do anything for me. They're stuck the same as I am: their servers are OK with at&t, but mail that originates from somewhere OTHER than their servers (like my PC or local server) is blocked anyway, even though it is secure and validated by Deerfield. And, since my domain resolved to a multi-domain co-hosting address (at Deerfield) and NOT to a static address registered to my domain directly via ICAN, I'm considered a "relay" domain and not to be trusted.

So...I'm going to have to abandon Deerfield and move my domains to Network Solutions, pay the $300-400/month per domain and just live with it.


Lizz
Premium
join:2002-10-22
Fullerton, CA
Since you seem to be really knowledgeable about all this, do you think it's likely that my hosting company has their sales staff's email originate from a source separate and apart from their support staff or "automated" mailings?

I received emails from sales@hostsite and an individual@hostsite, but not support@hostsite.

Fiscal

join:2007-11-13
Longview, TX
The ONLY spam I've gotten since 3/21/08 has been a message offering to sell me medications that increase the size of an appendage; the email "From:" address is Kent v@sbcglobal.net> . Apparently, in order to send spam to my sbcglobal.net account you have to at least pretend to send it from sbcglobal.net!

However, I can no longer check mail that the server thinks is spam to see if it has made an error and is not really spam. This happens fairly often.



nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse
reply to Lizz
I've heard that the problem is actually on the Yahoo! servers, not AT&T.
There seem to be two different problems, both occurring at around the same time.

Apparently AT&T has started doing extensive blocking of incoming mail.

At about the same time, Yahoo has started to be very fussy about the authentication of senders for outgoing mail, and now requires that the sender address match the sending yahoo (or att/yahoo) account used for sending.
--
AT&T dsl; Westell 327w modem/router; SuSE 10.1; firefox 2.0.0.12


homenode
Premium
join:2007-11-18
Bullhead City, AZ
reply to Lizz
said by Lizz:

Since you seem to be really knowledgeable about all this, do you think it's likely that my hosting company has their sales staff's email originate from a source separate and apart from their support staff or "automated" mailings?

I received emails from sales@hostsite and an individual@hostsite, but not support@hostsite.
I suggest that you look at the complete headers of the messages and see if they originate from different servers and/or different IP addresses. Viewing complete headers is a different command for each email client, so you'll have to poke around the commands to find it.

All from me for a while: I'm working on some other options before giving up and rehosting at Network Solutions.


Lizz
Premium
join:2002-10-22
Fullerton, CA
Well, I DO know how to find and read email headers, but seeing as I never ever received the email from support@, there's not to much I can do


KKoch

@swbell.net
reply to McSummation
said by McSummation:

What the heck is that going to accomplish? If they've filtered it, it's already gone before it gets to your inbox on the server.
****
Not much... didn't fix anything. Which was what I expected.
The tech's are probably told to ask customers to do that just to give us something to do.


NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:12
Reviews:
·SONIC.NET
·Pacific Bell - SBC
reply to homenode
If AT&T Internet Services (operates MX servers for the nine legacy SBC domains) is blocking dynamic hosts, that is something relatively new. AT&T Worldnet Service has been doing it for some time. Comcast started doing it a couple of months ago, and AOL has been doing it forever.
AOL:
03/30/08 15:21:34 SMTP Verify %User_ID%@aol.com, at mailin-04.mx.aol.com
Contacting 64.12.138.57
554- (RTR:BB)  http://postmaster.info.aol.com/errors/554rtrbb.html
 
HELO example.net
554  Connecting IP: 69.110.xxx.xxx
 
Doesn't want to talk to us
 
Comcast:
03/30/08 15:21:54 SMTP Verify %User_ID%@comcast.net, at mx2.comcast.net
Contacting 76.96.30.116
554 IMTA14.emeryville.ca.mail.comcast.net comcast 69.110.149.81 Maps & Spamhaus  BL003 Blocked for spam. Please see http://www.comcast.net/help/faq/index.jsp?faq=SecurityMail_Policy18627
 
HELO example.net
Doesn't want to talk to us
 
This is going to be the way of email, for as long as spammers are able to get their 'bots installed on user computers.

There are actually three different MX server groups involved, depending upon the email domains: AT&T Worldnet Services (ATTW), AT&T Internet Services (ATTIS), and Yahoo! (YAOO).

ameritech.net (ATTIS)
att.net (ATTW)
bellsouth.net (ATTW)
flash.net (ATTIS)
nvbell.net (ATTIS)
pacbell.net (ATTIS)
prodigy.net (ATTIS)
sbcglobal.net (ATTIS)
snet.net (ATTIS)
swbell.net (ATTIS)
wans.net (ATTIS)
yahoo.com (YAOO)

This only brings AT&T and Yahoo! into line with the way that AOL ran things forever, and Comcast started running things a few months back. And this is really only new to ATTIS and Yahoo! users; ATTW users (att.net and bellsouth.net domains) have already gone through this mess.

There are threads in the AT&T Southeast (former Bellsouth) forum, and the Comcast forum. I think I have seen similar threads WRT Cox, and a couple of others, as well.

This only affects people trying to send into those domains. It should not have any affect on sending from those domains.

Although I run my own MTA, this isn't a problem for me because I am currently using 'smtpauth.sbcglobal.net' as a "SmartHost". I was using 'smtp.att.yahoo.com:465', but a change by Yahoo! has made that solution unworkable.

--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum