Re: [mailop] Spamhaus Blocking SBLCSS - Need assistance
On Thu, 14 Mar 2019 09:58:45 -0500, Michael Rathbun wrote: >>The IPs are from different networks and being used by different customers... And I should have mentioned that "same spam from different networks, from same sending operation" is one of the most instantaneous ways of getting CSS listed. I have seen it take as short as eleven minutes for a newly-initiated /24 to go from pristine to CSS listed for this reason. (The .sig is apposite.) mdr -- If Jurassic Park had been about email, Jeff Goldblum would be known for saying "Spammers, uh, find a way". -- David Carriger of Infusionsoft, after noting that some spammers they hosed off the deck had found a new home elsewhere. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Spamhaus Blocking SBLCSS - Need assistance
On Thu, 14 Mar 2019 13:27:30 +, Jan Mollenhauer via mailop wrote: >Hello, > >we are an email service provider. Our customers use our software to send >newsletter. >Our software and servers are configured with all best practices like SPF, >DKIM, DMARC, RDNS. We have also processes implemented for processing bounces, >feedbackloops, unsubscribes and DOI subscriptions. > >Now we are getting blocked by Spamhaus SBLCSS with almost all of our ip >addresses. >The IPs are from different networks and being used by different customers of >us over multiple servers and for different subscribers. The CSS is a "snowshoe" list -- IPs that have been used to send spam in ways that are an apparent attempt to spread out the sending in such a way that it evades spam filters, or persists until the sending IPs/domains are blacklisted six ways from Sunday. One way for this to happen to an otherwise innocent ESP is if some of your clients have been sending out their spam from different ESPs. In my CSS spam sump, most of the "newsletters" this week are for the latest prices on Erectile Dysfunction remedies, tactical flashlights and bogus stock offerings. In many cases the identical "newsleetter" will come from several different sources, some of which appear to be ESPs. When the spam stops, the listings will expire. mdr -- "There will be more spam." -- Paul Vixie ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Spamhaus Blocking SBLCSS - Need assistance
Hi, >> Now we are getting blocked by Spamhaus SBLCSS with almost all of our ip >> addresses. You don't get blocked by SBLCSS but only listed. Any recipient / provider is responsible for using the list on its own. According to the Spamhaus site, you get listed because: - Email showing indications of unsolicited nature; - Broad-spectrum aggregated views of email deliveries; - Having poor list-hygiene; - Sending out bad email due to a compromise (compromised account, webform or CMS); - Other indicators of low reputation or abuse. According to your description (sending newsletter, different customer) your IPs are predestined to get listed there if you don't take care. Have you checked each of this points? Did you contact Spamhaus support? As you name no affected IP or range or sending hostname it is difficult to give you a hint. Mit freundlichen Grüßen / Kind Regards Olaf Petry From: mailop On Behalf Of Jan Mollenhauer via mailop Sent: Thursday, March 14, 2019 2:28 PM To: mailop@mailop.org Subject: [mailop] Spamhaus Blocking SBLCSS - Need assistance Hello, we are an email service provider. Our customers use our software to send newsletter. Our software and servers are configured with all best practices like SPF, DKIM, DMARC, RDNS. We have also processes implemented for processing bounces, feedbackloops, unsubscribes and DOI subscriptions. Now we are getting blocked by Spamhaus SBLCSS with almost all of our ip addresses. The IPs are from different networks and being used by different customers of us over multiple servers and for different subscribers. The only thing they have in common is that all IPs are registered by our company. We already tried the delisting process but with no luck and no further response from Spamhaus. The delisting process ist now being blocked. With message: CSS removal denied. xxx.xxx.xxx.xxx cannot be removed at this time. Maybe someone from Spamhaus is listening to this and can contact us or somone else can give some guidance? Any help appreciated. Best regards -- Jan Mollenhauer http://atpscan.global.hornetsecurity.com/index.php?atp_str=VbQbLPaBjvZyi7ZkkM65OBOXpx2FF8E6oBNTfGMzRYKxTMwHwS9VwUiIpWClvmoO5xTzdi-VnyapL1SGI5m4MTfI3x_ucyYlIRA5DSQqJ6k7iwKak3_OfQu7C9xHhKH_sGuZsftuOs0xHSWjoZswGxF57Y39tmm4ADNuaksHrWBhaeFkdKR256ROGUy_5_r2OkDPxmNCcV0CmU03tTJejm-9uLBUZz_onSlRXBf8GkZ-YgXvT5DpmvvMwNmi5Bv__ai7ZXlA-ys4Fcxubjg12NfyxqKoMaMRctcp9AOUgYkkG7MBz8H_LXXLfyM6OiNlY2I1NmYyNjZjYmQjOjojt2-jqdrWSE2H14CFkpvcaw BACKCLICK GmbH Brabandtstrasse 8 38100 Braunschweig Telefon: +49 531 615 63 - 200 Fax: +49 531 615 63 - 179 http://atpscan.global.hornetsecurity.com/index.php?atp_str=z2OGpzdLrqayOvrky5REkW-9DaIwt5J90Z-GBcE9wyw8n6aQfhegqzlt1aHg5sS3EJPRp-j7QvEvfoxZmINSVS3VuBHl_Jakd4MIlk3uuOtZybMDD_wLc5zbn07uakgJ46p8gw9ZvTUNhPCQgQFXkbfdc4aU-D8bOxanT3n104VXBapU_sKa9oiD5icanu_nztFdLrZncwMJGZRRV5RUxSUBCYR5PpecbfiM8yAA7BK_1xloeuSQvbyg0WKRf737FilLs0tosqjGItGsU96ufxi5w4uoMRNGZ34qz8Cu1SM6OiM0MDUzNTEzODM5Y2MjOjojIw-ew5gsWCJdVT0JbQhWeQ mailto:j.mollenha...@backclick.de smime.p7s Description: S/MIME cryptographic signature ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop