homenode
Premium
join:2007-11-18
Bullhead City, AZ
1 edit | reply to Lizz
Re: Email Problems?
This *appears* to be a multi-layered SPAM filter at at&t that is a bit "overzealous".
I have three domains, all hosted at dns2go. Starting in the afternoon on 20 March, mail to at&t domains (sbcglobal.com, pacbell.com, etc.) started getting rejected with the following message:
553 5.3.0 flpi188,DNSBL:521 ATTRBL To request removal of, 63.149.6.188, send the complete error message in an E-mail to removeme@sbc.sbcglobal.net
Interestingly, each seperate mail ID in my domains was able to send up to two consecutive messages before receiving this block. And, if I waited about 2 hours, I could again send up to two messages per ID before the blocking returned.
By Friday afternoon (21 March) the message had changed to:
553 5.3.0 nlpi021,DNSBL:521 63.149.6.188 _is_blocked.__For_information_see:»www.att.net/bls_rbl/
Now, under normal circumstances, I'd just do an open relay check on my MRA and then contact at&t to be removed. This time, however, because of the big hacking wave that hit major secure routers and web hosts last week, the "individualized" response got me worried. I contacted Deerfield support (parent of dns2go), and they dug into the problem. It appears that at&t was doing this to their entire /24 block: any mail from domains that resolved to one of Deerfield's IP addresses (the addresses are actually leased from QWEST out of their Dallas router) was getting this treatment at random. Deerfield filed the appropriate paperwork with at&t to release the blocks on their addresses Friday afternoon. However, because of the Easter holiday, it appears that this will not complete until next week.
One other item of interest from Deerfield tech support: this has been going on sporadically for over a month, and appears to be focused on mail that originates from dynamic IP address blocks. That is: if you are mailing from a domain that does not resolve to a registered static IP block, you may be black listed at any time.
To be frank, I can't say that I blame at&t that much. It is really, REALLY, REALLY hard to block SPAM. I've been self-hosting my mail servers for nearly 20 years now, and even I've had to subscribe to a 3rd. party spam block service - I just couldn't keep up with "sticking my finger in the holes in the dike". And, given the volume of SPAM that at&t has to handle, there isn't much else they could have done to inform senders what the problem is - OK, a press release would have been good form - but the info in the message header is enough for most administrators to get on the right track.
On the other hand, it COULD be a "legitimate" attack inside at&t's firewall. Worse, it could be a marketing ploy to drive Joe User's into getting an at&t/Yahoo! email account ("you can only email your friends if you're with US!"). Or force people to drop POP/SMTP mail in favor of strictly controlled WEB-based clients - at major "secure" providers like Yahoo! or Google. Too early to tell on this one: the jury's still out.
I'll post more info as I get it. Anyone responding, please note if you're using POP/SMTP from a local client or WEB-based mail only, and if you're mailing from a "major" domain or your "own" domain - oh, and if you have a static or dynamic IP. No names or numbers, just to get some idea of where this is focused...
Thanks in advance!
Brett
--
Brett Brennan
VP/CITO
Homenode Group Inc. |
|
Lizz
Premium
join:2002-10-22
Fullerton, CA
| I've had the same email address since 2000: xxx@pacbell.net
I check my mail in Yahoo web mail prior to retrieving it with my POP3 client.
So far no errors on outgoing, but I know for a fact one legitimate email was blocked twice on the sender's end (I don't think they got an error message).
Of course, there may be more legit email being blocked that I don't know about. |
|
homenode
Premium
join:2007-11-18
Bullhead City, AZ
| Thanks, Lizz. Good start for analysis.
As of now it appears that my mail is getting through again. Or I'm at least not getting a bounce message. I'm going on the road for a few days, so I might not be able to check accurately until Wednesday - depends on WiFi coverage.
If any of your friends have their own domains that they mail from, please have them check for bounces from you - like the one that was blocked twice. THAT's where the issue appears to be.
BTW, I found another L O N G post here that seems to be closely related:
»Bellsouth blocking my legit email server
Same symptoms, but might be slightly different mechanism.
Again, thanks for the feedback. Anyone else?
--
Brett Brennan
VP/CITO
Homenode Group Inc. |
|
Lizz
Premium
join:2002-10-22
Fullerton, CA | Brett,
Did you see what Dan Goodwin wrote for The Register??
No telling what effects a little press might have  |
|
jmorlan
Hmm... That's funny.
Premium
join:2001-02-05
Pacifica, CA
 ·Pacific Bell - SBC
| said by Lizz  :Did you see what Dan Goodwin wrote for The Register?? No telling what effects a little press might have Spelled "Goodin," I think:
»www.theregister.co.uk/2008/03/24···filters/
Links to several threads here.
--
If America has an official philosophy, it surely includes the belief in individualism, competition, private property, democracy, freedom, and a deep faith in education. This social philosophy is called "liberalism." GKM (1936) |
|
Lizz
Premium
join:2002-10-22
Fullerton, CA | Ooops, sorry Dan.
And thanks, jmorlan, for correcting my mistake and putting in the link. I tried to get back to add the link, and for some reason, this site would NOT load, got an error message several times. Then got distracted and forgot. |
|
jhloaded
join:2008-03-25
Pleasanton, CA
·SONIC.NET
| Good morning everyone,
Thought I would share my experience with the lovely AT&T as it relates to this problem.
For the past week and a half my users in my office were getting a lot of bouncebacks when trying to send to clients on sbcglobal.net & att.net email addresses. The bounceback typically contained this:
nlpi099.prodigy.net #553 5.3.0 nlpi099,DNSBL:521(our ip) >_is_blocked.__See_»www.att.net/bls_rbl/_for_information. ##
After going out to the site mentioned in the message, I submitted a couple requests via their webform. I then received responses back a few days later stating that my servers were removed from their block list. I then went and immediately had my users try to email clients and found that they were immediately rejected with the same bounceback. I went to submit another request via their webform and then see that the form is unavailable with problems every time I try to submit a request.
Frustrated with this, I started at the AT&T corporate - »www.corp.att.com/contact/corporate.html - by calling their corporate information line @ 908-221-4191. I navigate through the short menu system and finally end up hitting 0 to get an operator. I then get an recorded message stating that they are having technical difficulties with this line. After a few days pass, I try again and finally get someone on the phone. I then proceed to play the "transfer" game getting pawned off to 4 different departments until finally I get a hold of someone in the East Bay office from the Internet Services division. This person was extremely helpful and worked with me over the next couple of days testing email communication and working with the IISS department to make sure that I was removed.
After working with this person, I was finally able to get email messages through to both att.net and sbcglobal.net addresses. My wife's company is experiencing the same problem and she works in the staffing industry where hundreds of people are seekings jobs and could have AT&T email addresses. AT&T is seriously impacting a lot of businesses with this poorly implemented project of theirs. |
|
homenode
Premium
join:2007-11-18
Bullhead City, AZ
| This is the most positive response from at&t that I've heard of yet. Unfortunately for the majority of folks outside the at&t hegemony, this may not be possible.
I have concluded my research, and I've posted a summary to another thread on these forums. Alas, it is the end of a long, hard road.
»Re: Has AT&T and/or Yahoo started filtering Spam? |
|
