Its a very confusing page to read, we are listed as 127.0.0.2 and that is NERD-CA. The other entries like: ARIXDICTSTALE Sender has a history of dictionary spamming: stale.dict.rbl.arix.com -> 127.0.0.1 I think indicate what that RBL is for and what the value indicates, we are NOT in there: host smtp.easydns.comstale.dict.rbl.arix.com and the txt record looks like a wildcard for all of the lists. In fact, several of the people who emailed me off list saying "you're in no-more-funn" were ALSO listed in "no-more-funn" in the same manner. So that, combined with the number of "same here" posts wrt yahoo lead me to believe that that's not the reason. -mark On Thu, 9 Oct 2003, Thor Larholm wrote:
If you would read the page through, you would see that you are listed MULTIPLE places.
No-more-funn.moensted.dk ARIXDICTSTALE NERD-CA NERD-ZZ
Only the last two are country specific
/thor
-----Original Message----- From: Mark Jeftovic [mailto:markjr@easydns.com] Sent: Thursday, October 09, 2003 2:30 PM To: Thor Larholm Cc: nanog@merit.org Subject: RE: contact at yahoo mail? (they think we're an open relay :< )
We are listed in no-more-funn.moensted.dk as 127.0.0.2 which is described as:
+ NERD-CA ip-space assigned to Canada: ca.countries.nerd.dk -> 127.0.0.2 216.220.40/24 is in ca, rejected based on geographical location about: Please see our webpage for more information about: This zone lists ONLY based on geographic information about: The zone does NOT contain known spammers, nor open relays
We do cop to being Canadian, but that's about it. I hope yahoo isn't keying on this RBL.
-mark
...and we've already filled out the retest form at Yahoo.
On Thu, 9 Oct 2003, Thor Larholm wrote:
If you read through all of that page, you will notice that Yahoo itself has a re-test script you can use to trigger a verification.
http://add.yahoo.com/fast/help/us/mail/cgi_retest
Yahoo is not your only problem, if you look at http://moensted.dk/spam/?addr=216.220.40.247 you will notice that several DNSBL lists that IP address. No-more-fun believes it to be a "Direct spam source" and ArixDictStale says it has performed active dictionary attacks within the last 3 months.
If you want to positively check whether you are an open relay, I would
recommend testing through ORDB at http://ordb.org/submit/
Regards Thor Larholm PivX Solutions, LLC - Senior Security Researcher
-----Original Message----- From: Mark Jeftovic [mailto:markjr@easydns.com] Sent: Thursday, October 09, 2003 1:23 PM To: nanog@merit.org Subject: contact at yahoo mail? (they think we're an open relay :< )
Today our email forwarders started getting this from yahoo.com mail handlers:
553 Mail from 216.220.40.247 not allowed - VS99-IP1 deferred - see help.yahoo.com/help/us/mail/defer/defer-02.html (#5.7.1) Connection closed by foreign host.
Which when you go look at that page basically tells you you're probably an open relay (which we're not), etc.
Can any mail admins at Yahoo contact me offlist, or post what the restrictions are or at what levels this will kick in?
-mark
-- Mark Jeftovic <markjr@easydns.com> Co-founder, easyDNS Technologies Inc. ph. +1-(416)-535-8672 ext 225 fx. +1-(416)-535-0237