Hi Suresh, We are the outsourced provider. :-) -J ----- Original Message ----- From: Suresh Ramasubramanian <ops.lists@gmail.com> To: Jason J. W. Williams Cc: nanog@merit.edu <nanog@merit.edu> Sent: Thu Apr 03 03:13:47 2008 Subject: Re: Hotmail NOC Contact On Thu, Apr 3, 2008 at 3:00 AM, Jason J. W. Williams <williamsjj@digitar.com> wrote:
Does anyone have a good contact number for the Hotmail NOC? We've got e-mails from Hotmail to some of our customers being returned the Hotmail sender with a 554 error message fairly regularly. Our logs aren't showing any rejections, so we need to talk to Hotmail and find out what the 554 means on their side (there's no error description). Any help is greatly appreciated.
Easier if you paste a sample bounce And check if you have some kind of smtp capable firewall device (like a barracuda) or maybe an outsourced filtering provider that's filtering this lot before it reaches your mailserver. srs !SIG:47f49fcf285637219712276!
In the last 10 days or so, ever since ORDB re-activated itself and blacklisted everything, we have had deliverability problems to: MSN Hotmail Bellsouth AT&T (the same as Bellsouth I think) Yahoo Detroit Edison In the case of MSN and Hotmail, they told us they were using Symantec’s Brightmail filtering system. So, does that mean Brightmail is not updating their system properly, or MSN/Hotmail is not updating their Brightmail? Seems like a huge waste of everyone’s time because some LARGE network operators can’t keep their stuff updated. *grumble*
Hey, Are you having trouble emailing them, or them to you. I think this thread is about emails coming from hotmail never reaching the destinations. What type of problems are you having with these companies? /r ________________________________________ From: owner-nanog@merit.edu [owner-nanog@merit.edu] On Behalf Of Fox, Thomas [tfox@expertsmi.com] Sent: Thursday, April 03, 2008 10:37 AM Cc: nanog@merit.edu Subject: RE: Hotmail NOC Contact In the last 10 days or so, ever since ORDB re-activated itself and blacklisted everything, we have had deliverability problems to: MSN Hotmail Bellsouth AT&T (the same as Bellsouth I think) Yahoo Detroit Edison In the case of MSN and Hotmail, they told us they were using Symantec’s Brightmail filtering system. So, does that mean Brightmail is not updating their system properly, or MSN/Hotmail is not updating their Brightmail? Seems like a huge waste of everyone’s time because some LARGE network operators can’t keep their stuff updated. *grumble*
We are having trouble sending to them. MSN Said: We have identified that messages from your IP (209.255.20.17) are being blocked based on the recommendations of the Symantec Brightmail as traffic/e-mail originating from your IP matched characteristics of recent spam attacks from compromised, or 'zombie' infected, machines. After reviewing the information you provided, we have taken steps to remove the block. This change should take effect within the next 24-48 hours. But, no other black lists have our IP on them, nor are we seeing any unusual traffic on our mail server. Tom -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Raymond L. Corbin Sent: Thursday, April 03, 2008 11:01 AM To: Fox, Thomas Cc: nanog@merit.edu Subject: RE: Hotmail NOC Contact Hey, Are you having trouble emailing them, or them to you. I think this thread is about emails coming from hotmail never reaching the destinations. What type of problems are you having with these companies? /r ________________________________________
We have identified that messages from your IP (209.255.20.17) are being blocked based on the recommendations of the Symantec Brightmail as traffic/e-mail originating from your IP matched characteristics of recent spam attacks from compromised, or 'zombie' infected, machines.
Do you rewrite/forward mail? .. we're a .edu, and allow our students to forward to hotmail/yahoo/whatever .. so when a phishing/malware sweep hits campus, about 60% is reflected back onto the Internet (sometimes our Anticrap gateway catches it, sometimes not). Because of the way addresses are re-written, it looks like it came from us.
After reviewing the information you provided, we have taken steps to remove the block. This change should take effect within the next 24-48 hours.
They're true to their word here .. we got ourselves de-listed in ~12hrs. Cheers, Michael Holstein Cleveland State University
Do you rewrite/forward mail? .. we're a .edu, and allow our students to forward to hotmail/yahoo/whatever .. so when a phishing/malware sweep hits campus, about 60% is reflected back onto the Internet (sometimes our Anticrap gateway catches it, sometimes not). Because of the way addresses are re-written, it looks like it came from us.
Hi Micheal, We do host mail for about 100 companies, but no remailing. Tom
yeah, We do hosting for about 300,000 users in our shared environment. They have forwarders setup or aliases that send to their external addresses. This forwards their spam as well. We purchased quite a few barracuda servers and became their case study for outbound units. They actually do a really good job at blocking the spam. But as spam changes every minute, we can only get updates every hour. The mail forwarders is the only spam that come from our network. Try subscribing to hotmails reporting services so you get reports on spam from your IP address, and they have the online reports that show if you add your AS so you can see a report for all ip's in your network. -Ray ________________________________________ From: owner-nanog@merit.edu [owner-nanog@merit.edu] On Behalf Of Fox, Thomas [tfox@expertsmi.com] Sent: Thursday, April 03, 2008 12:26 PM To: 'Michael Holstein' Cc: nanog@merit.edu Subject: RE: Hotmail NOC Contact
Do you rewrite/forward mail? .. we're a .edu, and allow our students to forward to hotmail/yahoo/whatever .. so when a phishing/malware sweep hits campus, about 60% is reflected back onto the Internet (sometimes our Anticrap gateway catches it, sometimes not). Because of the way addresses are re-written, it looks like it came from us.
Hi Micheal, We do host mail for about 100 companies, but no remailing. Tom
What we did was to isolate our forwarding traffic out through a separate set of IPs. And then told Hotmail, Yahoo, AOL etc about the IPs. They were very glad to tag these as such in their filters This was over three years ago, and admittedly, our email traffic is rather higher (by orders of magnitude) than most but it is still a good idea to isolate forwarding traffic and separate it from regular outbound email. Another advantage - monitor the mail queue of your forwarding IP and it gives you a very nice little snapshot of what kind of spam is slipping through your filters srs On Fri, Apr 4, 2008 at 2:22 AM, Raymond L. Corbin <rcorbin@hostmysite.com> wrote:
yeah,
We do hosting for about 300,000 users in our shared environment. They have forwarders setup or aliases that send to their external addresses. This forwards their spam as well. We purchased quite a few barracuda servers and became their case study for outbound units. They actually do a really good job at blocking the spam. But as spam changes every minute, we can only get updates every hour. The mail forwarders is the only spam that come from our network. Try subscribing to hotmails reporting services so you get reports on spam from your IP address, and they have the online reports that show if you add your AS so you can see a report for all ip's in your network.
-Ray
No. Thats not because of ordb. Because you see, if hotmail or these other providers were using ORDB (they sure as hell arent) none of the subscribers to those srevices would be getting ANY email at all. There's some other issue with your IP. And it is an issue that multiple providers are seeing NAT gateway and mailserver IP on the same interface, for instance? Or an overactive marketing department with a newsletter? Or an ISP with outbound spam problems from compromised user PCs? srs On Thu, Apr 3, 2008 at 8:07 PM, Fox, Thomas <tfox@expertsmi.com> wrote:
In the last 10 days or so, ever since ORDB re-activated itself and blacklisted everything, we have had deliverability problems to:
MSN Hotmail Bellsouth AT&T (the same as Bellsouth I think) Yahoo Detroit Edison
In the case of MSN and Hotmail, they told us they were using Symantec's Brightmail filtering system.
So, does that mean Brightmail is not updating their system properly, or MSN/Hotmail is not updating their Brightmail?
Seems like a huge waste of everyone's time because some LARGE network operators can't keep their stuff updated.
*grumble*
-- Suresh Ramasubramanian (ops.lists@gmail.com)
I'm suggesting that MSN/Hotmail and the others are using a system or systems that aren't properly updated, not that they are necessarily querying ORDB directly. There are no issues with my outbound mailserver IP that shows up in any monitoring system or blacklist of which I'm aware. We had no issues with delivering mail to these sites until ORDB came back online. Thanks Suresh! -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Suresh Ramasubramanian Sent: Thursday, April 03, 2008 11:07 AM To: Fox, Thomas Cc: nanog@merit.edu Subject: Re: Hotmail NOC Contact No. Thats not because of ordb. Because you see, if hotmail or these other providers were using ORDB (they sure as hell arent) none of the subscribers to those srevices would be getting ANY email at all. There's some other issue with your IP. And it is an issue that multiple providers are seeing NAT gateway and mailserver IP on the same interface, for instance? Or an overactive marketing department with a newsletter? Or an ISP with outbound spam problems from compromised user PCs? srs
On 4/3/08, Fox, Thomas <tfox@expertsmi.com> wrote:
In the last 10 days or so, ever since ORDB re-activated itself and blacklisted everything, we have had deliverability problems to:
MSN Hotmail Bellsouth AT&T (the same as Bellsouth I think) Yahoo Detroit Edison
In the case of MSN and Hotmail, they told us they were using Symantec's Brightmail filtering system.
So, does that mean Brightmail is not updating their system properly, or MSN/Hotmail is not updating their Brightmail?
Seems like a huge waste of everyone's time because some LARGE network operators can't keep their stuff updated.
No data has ever suggested that ORDB is/was used by any of those entities you list. It was a peripheral blacklist at best. Just as an additional data point, the clients I work with have all been able to deliver mail to the sites you mention successfully in that same time period. Regards, Al Iverson -- Al Iverson on Spam and Deliverability, see http://www.spamresource.com News, stats, info, and commentary on blacklists: http://www.dnsbl.com My personal website: http://www.aliverson.com -- Chicago, IL, USA Remove "lists" from my email address to reach me faster and directly.
participants (6)
-
Al Iverson -
Fox, Thomas -
Jason J. W. Williams -
Michael Holstein -
Raymond L. Corbin -
Suresh Ramasubramanian