US Cable Support > Comcast HSI > [E-mail] Expected turnaround on SMTP blacklist removal...

[E-mail] Expected turnaround on SMTP blacklist removal...

Does your mailserver have a PTR? rDNS? If not comcast is beginning to block everything that does not have this
Jason1 New Comcast email policy requires proper rDNS entries on email servers Feb 16, 2006 2:57 PM

From: jason (note email address removed)
Registered: 2/17/04


To all,

In an effort to help reduce the amount of spam reaching Comcast.net email addresses, Comcast has implemented a new policy that will block email sent from an email server that has no rDNS entry. Over the next several days, this new policy will be rolled out to each of our email servers.

This new policy should not affect your Comcast email usage. But if you have friends, family, or other email acquaintances that use email systems that are not set up with proper PTR and rDNS entries, their email to comcast.net will not be delivered and a message will be returned to them explaining the new policy and directing them to contact their email provider. The return message will include a link to this FAQ which will help to explain the reason their email is not being delivered and additional information to assist with contacting their mail provider to correct the improper PTR and rDNS information.

This is one of several actions Comcast is taking to reduce spam. Additional methods are in the planning and implementation stages and we'll post info on these additional measures as we receive it. Please let us know if you have any questions/comments.

Thanks

--
da Cajun Darn I hate Malware

Yah, I'm doing rDNS, so that shouldn't be the issue. Thanks for the note, though. One more pointer to check off...

reply to CajunTek
On the other hand.....if one is stupid and had the nameserver reversing a couple of months ago for his *test* .net domain, and forgot to set it back.....sigh.....we may have just solved this.....lemme go restart the nameservers with the .com entry....whimper....

reply to CajunTek
On the gripping hand...nope, that wasn't it. Still bouncing, not with 521 that the Comcast FAQ implies will be sent for the rDNS issue, but with a 550. Sigh.

Is your ptr record a generic Comcast ptr record; i.e., 'c-69-253-73-253.hsd1.nj.comcast.net'?

Do the Comcast business accounts get recognizably different ptr records than their residential accounts (example is a residential account, nearly as I can tell)?

Is it a true static, and will the Comcast Business office assign a ptr record for you which reflects your domain?
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

In addition to needing a rDNS entry, the A record for that domain has to point back at the same IP, and the HELO/EHLO string has to match as well.

So, if your mailserver is on IP 1.2.3.4, and it is on domain mydomain.com, you need to:

1. Have an A record mydomain.com -> 1.2.3.4
2. Have a PTR record 1.2.3.4 -> mydomain.com
3. Have HELO/EHLO string on outgoing mail from 1.2.3.4 be mydomain.com.

It seems extreme, but these are the steps I had to take on a site I'm running (on a dedicated, hosted server) to stop Comcast from bouncing back emails.
--
SMTP: Spam and Malware Transfer Protocol. Also used on rare occasion to transmit e-mail messages.

For the last two notes:

[1] This isn't a Comcast business account. It's an SBC business (static) DSL account, and, yes, I've got full control over my nameservers for forward and reverse.

[2] Yes, I've got all the records pointing correctly, and the mailserver announces itself as mydomain.com.

I'll wait until this afternoon to see if the blacklist address answers my email, then I'll ping them again. I suspect they may be busy; it's beginning to look like their attempt to tighten things up is going to be creating problems for literally hundreds of small business and personal servers that are sitting in and running their own domains.

I'm reading Dennett's 'Consciousness Explained' right now (as on-the-nightstand before lights out material), and Chapter 5 is actually getting into the reasons for that behavior...

reply to rdrdsl
Okay, it's been 72 hours and I've seen *nothing* back from the people on the other end of the blacklist email address. Do Comcast folks read this forum? If so, how much longer should I have to wait to get unblocked?

It might be easer and quicker to setup a smarthost rule in your SMTP server to relay through SBC's SMTP server for outgoing email to Comcast.

--
Outsourcing is not the same thing as Offshoring!!.
Test your firewall.
Smell the flowers.

Except for the fact that doing so basically caves in to a badly implemented policy on the part of Comcast, and I'm not willing to do that. I have no problem with an ISP setting policies designed to stop some of the more obvious sources of spam (for instance - as in this case the blanket blocks on IP ranges that largely consist of home PCs that have a high probability of being zombie spam generators). I start to have a problem when said policy does not appear to include a reasonably quick mechanism for exceptions to be granted. One without the other essentially starts to break down the overall fabric of the Net, and I don't care for that one little bit.

Now, I suppose, it's time to back up that rather sweeping statement with a bit of explanation. I've been one of the bozos helping to build, or directly building, or both, reasonable chunks of the backbone since about 1993. My current day job tells me to pretend that I'm a Senior Systems Engineer with a not-so-small telco. My group installs really honkin' big backbone pipes for the ISP affiliate of said telco. [Really honkin' big = OC3/12/48/192/+ - a few hundred per year - do the math.]

Right now I'm trying really hard to be a Good Citizen and get a simple overzealous issue corrected. And it would appear that my efforts are going nowhere. In about two more days my patience will end, and I will start (a) making direct phone calls with all manner of escalation to Comcast, and (b) let some folks at our affiliate ISP know what's going on. While they won't retaliate because that would be Bad Form, there are plenty of sales and marketing types who will truly enjoy this type of story. I believe the correct term will be 'making hay'.

The current Comcast policy is seriously mucking with a lot of people like me - hobbyist geeks who run their own servers - as well as potentially hundreds of small businesses who sit downstream on business DSL/Cable/ISDN connections. I'm willing to guess that all of us on this end have no problem with going through a few extra steps of vetting so Comcast can maintain the bulk of their filtering/blocking scheme - we don't like zombie home machines and botnets either - but the vetting needs to happen in a timely and communicative manner.

I understand, I also run my own in-house email server (on my Covad gateway, not over Comcast).

Have fun negotiating with Comcast (and AOL, and MSN, and....)
--
Outsourcing is not the same thing as Offshoring!!.
Test your firewall.
Smell the flowers.

The three good things about having something like this happen from time to time are:

[1] It actually is a good exercise to ensure that the integrity of the Net gets maintained through input from the non-monlithic users;

[2] It keeps me off the streets, and;

[3] I never lose my temper with my wife and children because the escalation environment is so target rich if I actually have to engage at that level.