NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
 ·Pacific Bell - SBC
| reply to KKoch
Re: Has AT&T and/or Yahoo started filtering Spam?
said by KKoch :
Just got confimation today that an email from a family member to me was blocked by AT&T and returned to them as undeliverable spam.
Did the NDR actually say something about "spam", or just about non-deliverable email.
Other family members received the email without any problems. They're not using AT&T.
There was no message in my AT&T trash folder about a blocked email. So I couldn't 'unblock' it if I wanted to.
Email that is rejected by the domain gateway (MX) server will not result in a message to the recipient about non-deliverable email.
At this point I would like to ask AT&T to at least give me the option of allowing me to determine if I want spam to be blocked from my personal email since their spam blocking alogrithms(sp) are not 100% effective.
Most email service providers do not offer optional control over filters on the gateway. The domain gateway (MX) server either accepts email for delivery, or rejects it. Without seeing the full text of the NDR, there is no way to tell how to react to it. If the sender is sending email from a mail host on a dynamic IP address, they may need to change how they send. If their mail host is not on a dynamic IP address, there may be a configuration issue on that mail host which needs to be addressed. Either way (or any other way), having the NDR message, in full, would help to analyze what is going wrong.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
ks_av8r
Premium
join:2003-09-17
Newton, KS
| reply to KKoch
I have not yet experienced this since the recent change, but in earlier days, I had legitimate email wind up in the bulk folder. If I added them to the address book on the web-mail page, subsequent ones would come through. It would be an interesting test to see if their email address was added to the "address book" on the web-mail page, if subsequent email from them would then get through.
Maybe a tech could weigh in on this.
Good luck |
|
KKoch
@swbell.net
| reply to sblake
Just got confimation today that an email from a family member to me was blocked by AT&T and returned to them as undeliverable spam. Other family members received the email without any problems. They're not using AT&T.
There was no message in my AT&T trash folder about a blocked email. So I couldn't 'unblock' it if I wanted to.
At this point I would like to ask AT&T to at least give me the option of allowing me to determine if I want spam to be blocked from my personal email since their spam blocking alogrithms(sp) are not 100% effective.
cheers
kkoch |
|
katarina
join:2003-09-07
Houston, TX
| reply to sblake
Instead of the usual 50 or so emails per day being diverted to the BULK folder, mine are now down to a handful every day.
Most of those, however, are legitimate emails from bulk mail type sources and I have to go back to the web interface in order to "train" the spam filters.
I receive multiple alerts each day from Morningstar.com and on any given day, some of them are diverted to the BULK mail folder and others to the INBOX.
Have I missed something when it comes to marking as "NOT SPAM?" I have to open each individual email in order to have an option to mark as "NOT SPAM." It really would be nice if I could just select all of those at once and click on a NOT SPAM button. |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
| reply to homenode
If AT&T Internet Services (operates MX servers for the nine legacy SBC domains) is blocking dynamic hosts, that is something relatively new. AT&T Worldnet Service has been doing it for some time. Comcast started doing it a couple of months ago, and AOL has been doing it forever.
AOL:
Comcast:
This is going to be the way of email, for as long as spammers are able to get their 'bots installed on user computers.
There are actually three different MX server groups involved, depending upon the email domains: AT&T Worldnet Services (ATTW), AT&T Internet Services (ATTIS), and Yahoo! (YAOO).
ameritech.net (ATTIS)
att.net (ATTW)
bellsouth.net (ATTW)
flash.net (ATTIS)
nvbell.net (ATTIS)
pacbell.net (ATTIS)
prodigy.net (ATTIS)
sbcglobal.net (ATTIS)
snet.net (ATTIS)
swbell.net (ATTIS)
wans.net (ATTIS)
yahoo.com (YAOO)
This only brings AT&T and Yahoo! into line with the way that AOL ran things forever, and Comcast started running things a few months back. And this is really only new to ATTIS and Yahoo! users; ATTW users (att.net and bellsouth.net domains) have already gone through this mess.
There are threads in the AT&T Southeast (former Bellsouth) forum, and the Comcast forum. I think I have seen similar threads WRT Cox, and a couple of others, as well.
This only affects people trying to send into those domains. It should not have any affect on sending from those domains.
Although I run my own MTA, this isn't a problem for me because I am currently using 'smtpauth.sbcglobal.net' as a "SmartHost". I was using 'smtp.att.yahoo.com:465', but a change by Yahoo! has made that solution unworkable.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
KKoch
@swbell.net
| reply to McSummation
said by McSummation  :What the heck is that going to accomplish? If they've filtered it, it's already gone before it gets to your inbox on the server. ****
Not much... didn't fix anything. Which was what I expected.
The tech's are probably told to ask customers to do that just to give us something to do.  |
|
Lizz
Premium
join:2002-10-22
Fullerton, CA | reply to homenode
Well, I DO know how to find and read email headers, but seeing as I never ever received the email from support@, there's not to much I can do |
|
homenode
Premium
join:2007-11-18
Bullhead City, AZ
| reply to Lizz
said by Lizz :Since you seem to be really knowledgeable about all this, do you think it's likely that my hosting company has their sales staff's email originate from a source separate and apart from their support staff or "automated" mailings? I received emails from sales@hostsite and an individual@hostsite, but not support@hostsite. I suggest that you look at the complete headers of the messages and see if they originate from different servers and/or different IP addresses. Viewing complete headers is a different command for each email client, so you'll have to poke around the commands to find it.
All from me for a while: I'm working on some other options before giving up and rehosting at Network Solutions. |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
 ·AT&T U-Verse
·AT&T Midwest
| reply to Lizz
I've heard that the problem is actually on the Yahoo! servers, not AT&T. There seem to be two different problems, both occurring at around the same time.
Apparently AT&T has started doing extensive blocking of incoming mail.
At about the same time, Yahoo has started to be very fussy about the authentication of senders for outgoing mail, and now requires that the sender address match the sending yahoo (or att/yahoo) account used for sending.
--
AT&T dsl; Westell 327w modem/router; SuSE 10.1; firefox 2.0.0.12 |
|
Fiscal
join:2007-11-13
Longview, TX
| reply to Lizz
The ONLY spam I've gotten since 3/21/08 has been a message offering to sell me medications that increase the size of an appendage; the email "From:" address is Kent v@sbcglobal.net> . Apparently, in order to send spam to my sbcglobal.net account you have to at least pretend to send it from sbcglobal.net!
However, I can no longer check mail that the server thinks is spam to see if it has made an error and is not really spam. This happens fairly often.
 |
|
Lizz
Premium
join:2002-10-22
Fullerton, CA
| reply to homenode
Since you seem to be really knowledgeable about all this, do you think it's likely that my hosting company has their sales staff's email originate from a source separate and apart from their support staff or "automated" mailings?
I received emails from sales@hostsite and an individual@hostsite, but not support@hostsite. |
|
homenode
Premium
join:2007-11-18
Bullhead City, AZ
| reply to Lizz
The good news, Lizz, is that your outbound email isn't impacted. Your mail goes to at&t's mail server and is routed for you by them. at&t is sending your mail for you and your address resolves back to their mail server - which is a static IP address and listed as a trusted sender.
Your hosting company is also most likely using a routing host with a static address; however, they may have other sites that route through that host that are considered spam sources, or other companies that use their hosting to re-direct mail and web hits to servers that ARE hosted dynamically. Because of these factors, your hosting company may be lumped together with the "bad apples" and getting their legitimate email blocked. Also, it is possible that some of their hosted web sites are infected with malware agents (this has been a HUGE problem for the past two weeks, hitting even security firms like Symantec and Trend Data) which is causing their IP address list to be blacklisted.
I seriously doubt that this is going to get resolved. The majority of at&t customers are ecstatic at not receiving any spam, and the few that have even noticed that messages are missing are telling their friends to switch over to at&t, or Yahoo! or one of the other RBOC (Regional Bell Operating Companies - the old "baby bells") services. It's only the very, very small number of SOHO businesses like us that are really impacted by this - and we're supposed to "know better" and host ourselves with a "legitimate" hosting company like Rackspace or Network Solutions. Or at&t business hosting.
So, for the foreseeable future, you're going to be losing email from sources that don't meet the new filter criteria. There's nothing we can do about this: I couldn't send you an email on a dare if I wanted to, because I'm blocked by at&t.
Deerfield (my current hosting company, where I've hosted for 15 years) can't do anything for me. They're stuck the same as I am: their servers are OK with at&t, but mail that originates from somewhere OTHER than their servers (like my PC or local server) is blocked anyway, even though it is secure and validated by Deerfield. And, since my domain resolved to a multi-domain co-hosting address (at Deerfield) and NOT to a static address registered to my domain directly via ICAN, I'm considered a "relay" domain and not to be trusted.
So...I'm going to have to abandon Deerfield and move my domains to Network Solutions, pay the $300-400/month per domain and just live with it. |
|
Lizz
Premium
join:2002-10-22
Fullerton, CA
| reply to homenode
I'm not nearly technical enough to understand all this, but I do know I have a dynamic IP address, and I think that's true of most ATT DSL subscribers, and I don't think mail I send is being blocked, but I can't swear to that.
I can't imagine that my web hosting company is sending email from their support staff via a dynamic IP, but that's only a guess.
Maybe I'm not understanding what you're saying at all. All I can do is hope this mess gets resolved before too much longer!! |
|
ks_av8r
Premium
join:2003-09-17
Newton, KS
| reply to Lizz
I'm experiencing the same, but on an swbell.net address. The bulk folder has caught one legit spam and 6 other obvious spam have made it to the inbox. There were 2 others in the bulk folder that were newsletters that someone in the house had subscribed too. Apparently ATT or Yahoo has backed off somewhat. |
|
homenode
Premium
join:2007-11-18
Bullhead City, AZ
| reply to Lizz
Lizz, it appears that the problem is over most of the at&t domains, not just Yahoo!. Also sbcglobal, attworldnet, prodigy, and some of the other RBOCs that are again part of at&t are all reporting this issue.
I've done some research into how they're using the PBL (Policy Block List), which is how this is being implemented. Ordinarily the fact that I use a MTA (mail transfer agent) at DNS2GO would be construed as having an "OK" IP address for mail acceptance, as all the MX (Mail Exchange) records for my domains point to the DNS2GO MTA, which has a set of static IP addresses that it uses. However, the originator address for my mail is from my PC, which is on a private subnet that is translated (NAT) to a dynamic public IP address by my gateway/modem. THIS address show as the original sender of the email, and it is THIS address that is being subject to PBL blocking.
As I mention above, I'm hosed because I can't get a static IP for a wireless modem (or at least not without paying upwards of $1000/mo), so I'm going to have to move my domains into a hosted server environment and give up mobile computing except for web mail. There are a few little bright points of light left, but I doubt that I'm going to be able to afford to continue with this experiment.
For more info on RBL, XBL, PBL, ROKSO and DROP, read the info at The Spamhaus Project:
»www.spamhaus.org/
Spamhaus is considered to be the "gold standard" of blocklists in the world. I use them for my own RBL/XBL/PBL block lists (their ZEN list). I was actually blacklisted by them way back in the early 1990's (I had an open relay - OOPS!) and they were very helpful in getting me fixed up and protected - and off their list for good. They explain how these systems work and what the up and down sides are. |
|
Lizz
Premium
join:2002-10-22
Fullerton, CA
| reply to homenode
Brett,
I've heard that the problem is actually on the Yahoo! servers, not AT&T.
I don't know what they're doing, but today I'm receiving spam in my inbox: 5 so far today. None in the bulk/spam folder.
I do have a plain vanilla Yahoo address, but it rarely received spam in the past, and that still holds true. Doesn't get much legit email either, so it's not a good barometer of what's currently going on. |
|
homenode
Premium
join:2007-11-18
Bullhead City, AZ
| reply to Fiscal
From what I've been able to find in research on this, at&t is blocking the spam in their pre-filter that is not user accessible. This is also where the virus filtering is done.
at&t changed the filtering to reject mail that is coming directly from SMTP hosts that are in a dynamic IP block. The reason for this is that the majority of spam originates from infected (or "p0wnd") home computers - nearly all of which get a dynamic IP address from their ISP. The bot infection that sends the spam is usually a stand-alone email program that, among other tricks to fool spam filters, attempts to send directly to an MX host (the equivalent of a DNS host for email) that is associated with the target email domain. This bypasses the possibility that the "public" email route for the target of the spam is actually a 3rd. party spam filter, thus ensuring that the mail gets delivered with only local Bayesian filtering - or no filtering - in place. (Bayesian filters, while good, are readily bypassed by the new spam engines.)
So blocking mail from dynamic IP addresses is a very strong tool for stopping the overwhelming tide of bot spam.
Unfortunately, there are many legitimate businesses and individuals that do run small email and web servers from dynamic IP addresses. (I'm one of them.) Often these are club list servers, or user group BBS - the type of thing that can be expected from "advanced amateur" computer users. This new level of filtering also blocks those servers.
It is a fair trade-off for the level of security it provides: legitimate SOHO mail servers make up only a few hundredths of a percent of the dynamic IP addresses out there, so they can either get static (non-changing) IP addresses (usually only US$20-100 per month more from their ISP, in combination with other useful services) or move their mail/BBS servers to a hosted server farm (also only a few dollars more per month).
You can try contacting at&t to ask about disabling the filtering for your account. It is very, VERY unlikely that at&t will do this for you - it defeats the entire purpose of applying the filter across their ENTIRE domain.
More useful would be to send an email to all the folks on your contacts list informing them that you are now protected by at&t's "super filter", and for them to reply to your message; when you get their reply, you will send THEM a reply stating that "You're OK, keep sending me mail". If they DO NOT get a reply from you, then they are BLOCKED, and need to either (a) rebuild their computer to remove a bot infection; (b) get a static IP address or (c) get a new email provider/hosting service that does NOT use a dynamic IP address or hosts known spam sources. Gmail, Yahoo! mail and MSN Live are all alternatives for cheap, WEB-based email services that are not being blocked.
This seems to be the end to a sad, sad tale. Since I live in a caravan ("motor-home" for the Yanks) I am never going to be able to get a static IP address. My alternative is buying hosted services, which I will do for my business and personal servers. I'm expecting this to be fairly expensive, much more so than the current investment I have in hardware and software for managing this via wireless. I've resisted this for years, primarily because I have to give up so much control, but it's time to move on. |
|
McSummation
Mmmm, Zeebas Are Tastee.
Premium,MVM
join:2003-08-13
Round Rock, TX
·AT&T Southwest
| reply to KKoch
said by KKoch :
Just got off the phone with "Josh" @ATT tech support and he advised me to check the "Leave a copy of message on server" ... What the heck is that going to accomplish? If they've filtered it, it's already gone before it gets to your inbox on the server. |
|
KKoch
@swbell.net
| reply to sblake
Just got off the phone with "Josh" @ATT tech support and he advised me to check the "Leave a copy of message on server" checkbox on my advanced properties menu in my Outlook Express mail account. I'm using Win 98, so it may be slightly different if you are using another MS OS.
Don't know if it's going to work, since I just changed it. But we'll see...
cheers |
|
Fiscal
join:2007-11-13
Longview, TX
| reply to sblake
I'm an sbcglobal.net customer. I too have noticed a great reduction in spam. My practice was to download everything, and items that were marked as [Bulk] went directly to my trash folder. I'd review those items which were normally spam and empty the trash... but the reviewing let me get legitimate messages that were mistakenly marked as spam. I liked this method of handling spam. Three questions:
1) Who is blocking my spam before I see it?
2) Why did they change the way spam is handled?
3) Can we make them go back to the old way so legitimate mail is not blocked? |
|
