You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Giampaolo Tomassoni <Gi...@Tomassoni.biz> on 2010/12/12 19:23:23 UTC
blacklist.mailrelay.att.net
How does it work?
I just got blocked by the AT&T's blacklist (in contacting abuse@att.com,
besides...), but I'm pretty sure my MX is not an open relay or other kind of
nifty thing.
Maybe AT&T blocks whole address bunches from which some hosts are spamming?
Because this could explain me why: my MX is co-located...
Thanks,
Giampaolo
Re: blacklist.mailrelay.att.net
Posted by Philip Prindeville <ph...@redfish-solutions.com>.
On 12/14/10 11:31 AM, Giampaolo Tomassoni wrote:
>> I would strongly encourage your ISP to clean up their act by adding an
>> excursion detection system, that watches for bursty outbound traffic
>> patterns, like a sudden spike in outbound SMTP or HTTP connections to a
>> wide spread of addresses.
> Is Aruba.it so poorly reputed?
>
> g
I can't speak for their reputation, but when an entire ISP's CIDR blocks get blacklisted (like we did with iWeb.ca) it's usually because they aren't very responsive in dealing with issues when they occur and not proactive about trying to prevent them.
-Philip
RE: blacklist.mailrelay.att.net
Posted by Giampaolo Tomassoni <Gi...@Tomassoni.biz>.
> I would strongly encourage your ISP to clean up their act by adding an
> excursion detection system, that watches for bursty outbound traffic
> patterns, like a sudden spike in outbound SMTP or HTTP connections to a
> wide spread of addresses.
Is Aruba.it so poorly reputed?
g
> -Philip
Re: blacklist.mailrelay.att.net
Posted by Philip Prindeville <ph...@redfish-solutions.com>.
On 12/13/10 2:14 AM, Giampaolo Tomassoni wrote:
>> Le 12/12/2010 19:23, Giampaolo Tomassoni a écrit :
>>> How does it work?
>>>
>>> I just got blocked by the AT&T's blacklist (in contacting
>> abuse@att.com,
>>> besides...), but I'm pretty sure my MX is not an open relay or other
>> kind of
>>> nifty thing.
>>>
>>> Maybe AT&T blocks whole address bunches from which some hosts are
>> spamming?
>>> Because this could explain me why: my MX is co-located...
>>>
>> $ host tomassoni.biz
>> tomassoni.biz has address 62.149.201.242
>> tomassoni.biz has address 62.149.220.102
>> tomassoni.biz mail is handled by 10 c0.edlui.it.
>>
>> $ host c0.edlui.it
>> c0.edlui.it has address 62.149.220.102
>> c0.edlui.it has address 62.149.201.242
>>
>> $ host 62.149.201.242
>> 242.201.149.62.in-addr.arpa domain name pointer
>> host242-201-149-62.serverdedicati.aruba.it.
>>
>> $ host 62.149.220.102
>> 102.220.149.62.in-addr.arpa domain name pointer
>> host102-220-149-62.serverdedicati.aruba.it.
>>
>> So both IPs use generic hostnames, which are a sign of "half
>> configured"
>> servers.
> Unfortunately the RDNS is not under my control.
>
> Which is a fact I share with a lot of people worldwide...
>
>
>> think as the receiving side. when I see spam out of joe.spam.example, I
>> blocklist spam.example (and possibly every IP and domain related to
>> them). If I see spam coming from host1-2-364.serverdedicati.aruba.it,
>> what will I blacklist?
> I personally (and many serious blocklists) would block the single spamming
> address. You may easily see that Aruba.it is a co-location provider, so you
> may easily understand that different hosts from the same address bunch are
> probably handled by different organizations, with different means and
> purposes.
>
> To me, it is counter-productive to block the whole bunch.
>
> Giampaolo
>
I would strongly encourage your ISP to clean up their act by adding an excursion detection system, that watches for bursty outbound traffic patterns, like a sudden spike in outbound SMTP or HTTP connections to a wide spread of addresses.
-Philip
Re: blacklist.mailrelay.att.net
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> > Le 12/12/2010 19:23, Giampaolo Tomassoni a écrit :
> > > I just got blocked by the AT&T's blacklist (in contacting
> > > abuse@att.com, besides...), but I'm pretty sure my MX is not an open
> > > relay or other kind of nifty thing.
> > $ host tomassoni.biz
> > tomassoni.biz has address 62.149.201.242
> > tomassoni.biz has address 62.149.220.102
> > $ host 62.149.201.242
> > 242.201.149.62.in-addr.arpa domain name pointer
> > host242-201-149-62.serverdedicati.aruba.it.
> >
> > $ host 62.149.220.102
> > 102.220.149.62.in-addr.arpa domain name pointer
> > host102-220-149-62.serverdedicati.aruba.it.
> >
> > So both IPs use generic hostnames, which are a sign of "half configured"
> > servers.
>
> Unfortunately the RDNS is not under my control.
>
> Which is a fact I share with a lot of people worldwide...
> > think as the receiving side. when I see spam out of joe.spam.example, I
> > blocklist spam.example (and possibly every IP and domain related to
> > them). If I see spam coming from host1-2-364.serverdedicati.aruba.it,
> > what will I blacklist?
On 13.12.10 11:14, Giampaolo Tomassoni wrote:
> I personally (and many serious blocklists) would block the single spamming
> address.
I would not call what's at&t doing a spam blocking. I'd rather call that
"policy blocking" which means you need to have DNS records that clearly say
the IPs are not dynamically assigned.
The policy "we don't accept (unauthenticated) mail from dynamic hosts" is
quite common and logical.
> You may easily see that Aruba.it is a co-location provider, so you
> may easily understand that different hosts from the same address bunch are
> probably handled by different organizations, with different means and
> purposes.
>
> To me, it is counter-productive to block the whole bunch.
ask aruba.it to configure reverse records properly.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
BSE = Mad Cow Desease ... BSA = Mad Software Producents Desease
RE: blacklist.mailrelay.att.net
Posted by Giampaolo Tomassoni <Gi...@Tomassoni.biz>.
> Le 12/12/2010 19:23, Giampaolo Tomassoni a écrit :
> > How does it work?
> >
> > I just got blocked by the AT&T's blacklist (in contacting
> abuse@att.com,
> > besides...), but I'm pretty sure my MX is not an open relay or other
> kind of
> > nifty thing.
> >
> > Maybe AT&T blocks whole address bunches from which some hosts are
> spamming?
> > Because this could explain me why: my MX is co-located...
> >
>
> $ host tomassoni.biz
> tomassoni.biz has address 62.149.201.242
> tomassoni.biz has address 62.149.220.102
> tomassoni.biz mail is handled by 10 c0.edlui.it.
>
> $ host c0.edlui.it
> c0.edlui.it has address 62.149.220.102
> c0.edlui.it has address 62.149.201.242
>
> $ host 62.149.201.242
> 242.201.149.62.in-addr.arpa domain name pointer
> host242-201-149-62.serverdedicati.aruba.it.
>
> $ host 62.149.220.102
> 102.220.149.62.in-addr.arpa domain name pointer
> host102-220-149-62.serverdedicati.aruba.it.
>
> So both IPs use generic hostnames, which are a sign of "half
> configured"
> servers.
Unfortunately the RDNS is not under my control.
Which is a fact I share with a lot of people worldwide...
> think as the receiving side. when I see spam out of joe.spam.example, I
> blocklist spam.example (and possibly every IP and domain related to
> them). If I see spam coming from host1-2-364.serverdedicati.aruba.it,
> what will I blacklist?
I personally (and many serious blocklists) would block the single spamming
address. You may easily see that Aruba.it is a co-location provider, so you
may easily understand that different hosts from the same address bunch are
probably handled by different organizations, with different means and
purposes.
To me, it is counter-productive to block the whole bunch.
Giampaolo
Re: blacklist.mailrelay.att.net
Posted by mouss <mo...@ml.netoyen.net>.
Le 12/12/2010 19:23, Giampaolo Tomassoni a écrit :
> How does it work?
>
> I just got blocked by the AT&T's blacklist (in contacting abuse@att.com,
> besides...), but I'm pretty sure my MX is not an open relay or other kind of
> nifty thing.
>
> Maybe AT&T blocks whole address bunches from which some hosts are spamming?
> Because this could explain me why: my MX is co-located...
>
$ host tomassoni.biz
tomassoni.biz has address 62.149.201.242
tomassoni.biz has address 62.149.220.102
tomassoni.biz mail is handled by 10 c0.edlui.it.
$ host c0.edlui.it
c0.edlui.it has address 62.149.220.102
c0.edlui.it has address 62.149.201.242
$ host 62.149.201.242
242.201.149.62.in-addr.arpa domain name pointer
host242-201-149-62.serverdedicati.aruba.it.
$ host 62.149.220.102
102.220.149.62.in-addr.arpa domain name pointer
host102-220-149-62.serverdedicati.aruba.it.
So both IPs use generic hostnames, which are a sign of "half configured"
servers.
think as the receiving side. when I see spam out of joe.spam.example, I
blocklist spam.example (and possibly every IP and domain related to
them). If I see spam coming from host1-2-364.serverdedicati.aruba.it,
what will I blacklist?