Does anyone have a clue why hotmail is appearantly blocking certain IP ranges ? I provided a new server for a customer in his own IP subnet which is a part of a /20 we announce, but for some reason all mail sent to @hotmail.com addresses disappears. He has another server in a /24 we announce which is still part of another network and that works like a charm. None of our subnets are blacklisted in any spamfilter I can find, so i'm a bit puzzeled on what's up here. If any hotmail netadmin is reading this list, can you please check if 81.26.212.0/26 is blocked in any way (It's part of 81.26.208.0/20 originating from AS39556) According to the mailserver logs all the mail is properly accepted by the hotmail relays, never to be seen again after that. Met vriendelijke groet, Jeroen Wunnink, EasyHosting B.V. Systeembeheerder systeembeheer@easyhosting.nl telefoon:+31 (035) 6285455 Postbus 48 fax: +31 (035) 6838242 3755 ZG Eemnes http://www.easyhosting.nl http://www.easycolocate.nl
Jeroen Wunnink wrote:
Does anyone have a clue why hotmail is appearantly blocking certain IP ranges ?
I provided a new server for a customer in his own IP subnet which is a part of a /20 we announce, but for some reason all mail sent to @hotmail.com addresses disappears.
He has another server in a /24 we announce which is still part of another network and that works like a charm.
None of our subnets are blacklisted in any spamfilter I can find, so i'm a bit puzzeled on what's up here.
If any hotmail netadmin is reading this list, can you please check if 81.26.212.0/26 is blocked in any way (It's part of 81.26.208.0/20 originating from AS39556)
According to the mailserver logs all the mail is properly accepted by the hotmail relays, never to be seen again after that.
hotmail reportedly installed some new spam control lately. many ISPs and ESPs are reporting problems similar to what you describe (my employer is having such deliverability problems, for one.) SPF records, signing up for the MSN/Hotmail feedback loop, and opening a ticket with hotmail support are all things you can do. effectiveness is not guaranteed, and it's taking hotmail 3-4 days to respond to new tickets, they appear to be swamped. richard
On 4/25/07, Jeroen Wunnink <jeroen@easyhosting.nl> wrote:
Does anyone have a clue why hotmail is appearantly blocking certain IP ranges ?
Yeah, Hotmail's spam filtering recently got very aggressive. The short version is that they are being pounded so hard by botnets and other malicious spam/phish delivery vectors that IPs that have never sent mail to Hotmail users start out with a negative reputation in Hotmail's eyes. Some info (admittedly, not too detailed, but it's all I could find handily): http://tinyurl.com/38qutc http://tinyurl.com/2meoqk http://tinyurl.com/2ror2q Short version of what can be done: - Ensure any host sending mail has working forward/reverse DNS. - Start signing mail with Sender ID. - Contact Hotmail here: http://tinyurl.com/2byyts - Wait and hope for a response. It's impacting a lot of folks right now, from what I can see. Hotmail has been very slow to address (or even respond) in some instances. I theorize that this is because they are receiving a lot of contact about this issue, but certainly don't know that for sure. Regards, Al Iverson -- Al Iverson on Spam and Deliverabilty, see http://www.spamresource.com News, stats, info, and commentary on blacklists: http://www.dnsbl.com Currently on a bus somewhere between Indianapolis and Chicago, USA
Some sites have recently reported problems mailing hotmail due to inability to resolve the hotmail MX records. This appears to be due to the hotmail DNS servers now blackholing DNS queries where the UDP source port was < 1024. I can reproduce this here and now, but don't know if it's new. Chris -- Chris Edwards, Glasgow University Computing Service
Yeah they and a few others started doing this not too long ago (few months). I thought perhaps something common got upgraded/patched but then I just thought that it was a rather odd configuration change.. It certainly is new. A chap I know (for some reason) set his source port for queries to be port 53 and his DNS queries started to fail. -- Leigh -----Original Message----- From: owner-nanog@merit.edu on behalf of Chris Edwards Sent: Wed 4/25/2007 10:43 PM To: nanog@merit.edu Subject: Re: Hotmail blackholing certain IP ranges ? Some sites have recently reported problems mailing hotmail due to inability to resolve the hotmail MX records. This appears to be due to the hotmail DNS servers now blackholing DNS queries where the UDP source port was < 1024. I can reproduce this here and now, but don't know if it's new. Chris -- Chris Edwards, Glasgow University Computing Service
On Thursday 26 April 2007 00:43, you wrote:
A chap I know (for some reason) set his source port for queries to be port 53 and his DNS queries started to fail.
It was the default source port for DNS queries in some versions of BIND. And may well still be (I don't do those versions of BIND). The main reason for changes was that you need root privilege to bind to those ports in traditional Unix model, and people wanted to run DNS as a non-root user. The more general bitbucketing of hotmail email is well known (try Google or Yahoo! search engines to find out more). In general people should be advising against using Hotmail until Hotmail fix the bitbucketing issue, as encouraging it will undermine the reliability of email. Presumably eventually (like AOL did) Hotmail will bitbucket some email important enough to make them realise the error of their ways, meanwhile Hotmail users get a service which is worth about what most of them pay for it.
Simon Waters wrote:
On Thursday 26 April 2007 00:43, you wrote:
A chap I know (for some reason) set his source port for queries to be port 53 and his DNS queries started to fail.
It was the default source port for DNS queries in some versions of BIND. And may well still be (I don't do those versions of BIND). The main reason for changes was that you need root privilege to bind to those ports in traditional Unix model, and people wanted to run DNS as a non-root user.
The more general bitbucketing of hotmail email is well known (try Google or Yahoo! search engines to find out more).
In general people should be advising against using Hotmail until Hotmail fix the bitbucketing issue, as encouraging it will undermine the reliability of email.
Presumably eventually (like AOL did) Hotmail will bitbucket some email important enough to make them realise the error of their ways, meanwhile Hotmail users get a service which is worth about what most of them pay for it.
I would advise against using Hotmail anyway ;-) Of course the problem is that Hotmail never seem to get the flack from customers, it always ends up at the ISP (i.e. us) because of course it CAN'T be Hotmail's fault.. -- Leigh
Yeah but that's not really an option our customer wants to hear ;-) He has several valid mailinglists which he moved to a new server, and it happens to have quite some hotmail addresses on it. At 11:58 26-4-2007, you wrote:
I would advise against using Hotmail anyway ;-) Of course the problem is that Hotmail never seem to get the flack from customers, it always ends up at the ISP (i.e. us) because of course it CAN'T be Hotmail's fault..
-- Leigh
Met vriendelijke groet, Jeroen Wunnink, EasyHosting B.V. Systeembeheerder systeembeheer@easyhosting.nl telefoon:+31 (035) 6285455 Postbus 48 fax: +31 (035) 6838242 3755 ZG Eemnes http://www.easyhosting.nl http://www.easycolocate.nl
In addition to aligning A and PTR records with the outgoing banner try the following: -Use the dnsstuff.com "Spam Database Lookup" tool to check the server's IP against a ton of RBLs. If listed, get it delisted -Ensure that the domain you are sending from has an SPF record allowing that server to send -If your SMTP server support domain keys, set that up -Ensure that the sending domain has an MX record. This MX record should point back to a server that will respond with a banner having a matching domain name. Also, it would not hurt if it had an A record pointing somewhere (I know some email servers will do loopback checks to ensure that the sending domain actually has a email and/or webserver). -Check the range to see if it is on any bogon list (as we all know, some ISPs and bogon list operators tend not to update their block lists with the current IP assignments). -Lastly, change the IP of the email server. Don't move it to a new range, just one IP over (incase it got itself on some internal hotmail blacklist). Hope that helps, Adam Stasiniewicz -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Jeroen Wunnink Sent: Thursday, April 26, 2007 5:41 AM To: nanog@merit.edu Subject: Re: Hotmail blackholing certain IP ranges ? Yeah but that's not really an option our customer wants to hear ;-) He has several valid mailinglists which he moved to a new server, and it happens to have quite some hotmail addresses on it. At 11:58 26-4-2007, you wrote:
I would advise against using Hotmail anyway ;-) Of course the problem is that Hotmail never seem to get the flack from customers, it always ends up at the ISP (i.e. us) because of course it CAN'T be Hotmail's fault..
-- Leigh
Met vriendelijke groet, Jeroen Wunnink, EasyHosting B.V. Systeembeheerder systeembeheer@easyhosting.nl telefoon:+31 (035) 6285455 Postbus 48 fax: +31 (035) 6838242 3755 ZG Eemnes http://www.easyhosting.nl http://www.easycolocate.nl
On 4/26/07, Stasiniewicz, Adam <stasinia@msoe.edu> wrote:
In addition to aligning A and PTR records with the outgoing banner try the following:
-Use the dnsstuff.com "Spam Database Lookup" tool to check the server's IP against a ton of RBLs. If listed, get it delisted -Ensure that the domain you are sending from has an SPF record allowing that server to send -If your SMTP server support domain keys, set that up -Ensure that the sending domain has an MX record. This MX record should point back to a server that will respond with a banner having a matching domain name. Also, it would not hurt if it had an A record pointing somewhere (I know some email servers will do loopback checks to ensure that the sending domain actually has a email and/or webserver). -Check the range to see if it is on any bogon list (as we all know, some ISPs and bogon list operators tend not to update their block lists with the current IP assignments). -Lastly, change the IP of the email server. Don't move it to a new range, just one IP over (incase it got itself on some internal hotmail blacklist).
Keep in mind... To the best of my understanding, Hotmail isn't using any of the 200+ DNSBLs listed on DNSStuff. (And 99% of the DNSBLs listed on DNSStuff aren't used by any major receiving sites.) DomainKeys is not used by Hotmail. Changing the IP address is likely to make the problem worse, not better. A lot of this is Hotmail clamping down on IP addresses with no history; switching to a new IP with no history starts the cycle over. -- Al Iverson on Spam and Deliverabilty, see http://www.spamresource.com News, stats, info, and commentary on blacklists: http://www.dnsbl.com My personal website: http://www.aliverson.com -- Chicago, IL, USA
On Wed, 25 Apr 2007, Chris Edwards wrote:
Some sites have recently reported problems mailing hotmail due to inability to resolve the hotmail MX records. This appears to be due to the hotmail DNS servers now blackholing DNS queries where the UDP source port was < 1024.
A source port of 53 is permitted through (tested against all listed NSes from multiple locations). TCP queries are dropped, which is a slight worry as the 'any hotmail.com' response is sitting a mere 12 bytes short of the magic 512 byte truncation value. --==-- Bruce.
Tongue in cheek: Perhaps they upgraded to Vista on their servers and they are all waiting for someone to come around and answer the "Someone is trying to send mail through this server. Cancel or Allow?" prompts. Owen
They can have remote desktop sessions to an Indian city somewhere and employ a few thousand people to click the OK buttons ;-) -- Leigh Owen DeLong wrote:
Tongue in cheek:
Perhaps they upgraded to Vista on their servers and they are all waiting for someone to come around and answer the "Someone is trying to send mail through this server. Cancel or Allow?" prompts.
Owen
participants (9)
-
Al Iverson
-
Bruce Campbell
-
Chris Edwards
-
Jeroen Wunnink
-
Leigh Porter
-
Owen DeLong
-
Richard P. Welty
-
Simon Waters
-
Stasiniewicz, Adam