Saturday, December 17, 2011

Congratulations, You're BLACKLISTED!

A long time ago, I posted The Trouble With Greylisting.  My latest rant is brought to you by the current state of e-mail server blacklisting.  I'll relate to you the following anecdote, to help with the specifics:

My client recently purchased a new internet pipe from their ISP - (I won't specify, but let's just say they're "Vermont's largest wireline provider.")  Along with this new connection came a new block of public IP addresses.  This has been standard fare - they have switched connections 3 times in the last 2 years, and for a variety of reasons, each time it's been a fiasco to get everything migrated to the new block.

This time it almost went incredibly smoothly (without question, this was at least partly due to the help of an Astaro Security Gateway, and its almost infinite flexibility).  The only snag was when I moved the mail server over to the new IP block.  Within 20 minutes, people were reporting bounces (undeliverable message reports).  The new IP address was blacklisted for sending spam.  I moved the server to another IP in the block, and an hour or so later, received another report of the same issue.  For the record, this server is totally clean, and sends maybe 50 totally legit messages an hour, during peak.

The only explanation is that some (perhaps all?) of the IPs that were given to us were previously used by spammers.  As I played the scenario through in my head, it all made sense.  Due to the severely overtaxed IPv4 address space, addresses are constantly recycled.  Furthermore, every IP address in that space has probably used by a spammer at some time or another, given the number of spammers in the world.  Ok, perhaps that's a bit of an exaggeration, but still...  It was enough for me to get the picture.

I moved the mail server back to the known good IP, and then set out to start the long and arduous process of delisting all these IPs.  Even though I don't plan to use more than one for sending mail, I need to have options, as obviously I can't predict what is going to happen to my IP reputation, regardless of what is actually my fault.

Throughout the process, one interesting thing I got to see was the variety of different types of blacklists out there.  They range from reasonable and responsible (think Spamcop), to strange, and obscure.  Some blacklists are very straightforward about removal requests.  The policy is simply "check yourself, and then click the removal button."  Some blacklist providers investigate reports of spam before listing a host.  However, the lower end providers take a very lazy approach to blacklist management.  They blacklist everything based on loose criteria, don't expire anything, and make it very difficult for hosts to request removal.  One delisting form was actually punctuated with a lecture about how

So, to review, we have 2 problems:

1. (some) ISPs sell IP blocks with no guarantees about the reputation of IPs within that block

2. (some) Blacklist providers use lazy tactics to manage their lists, including listing without due process, with complicated and indefinite delisting requirements, and without expiration of highly outdated listings.

With these 2 factors at work, it's a very disconcerting direction for private mail hosting in general.

No comments: