Re: [mailop] btinternet.com blacklist

[Dave Warren]

That hetzner.de (or whatever host owns the equipment) is leasing 
hardware+connectivity in one bundle, and possibly the OS, leaving their 
customer is fully in control of the machine and the host has no day to day 
administrative duties or responsibilities. 

On Tue, Jul 18, 2017, at 16:52, Tim Starr wrote:
> Then what does "unmanaged" mean in this context?
> 
> -Tim
> 
> On Tue, Jul 18, 2017 at 1:28 AM, Dave Warren  wrote:>> __
>> As far as #2, because users of said servers often want to send email.>> 
>> 
>> On Mon, Jul 17, 2017, at 12:05, Tim Starr wrote:
>>> An overall admirable response, keep up the good work. Just 2 questions:>>> 
>>> 1) Why not put TLDR at top?
>>> 2) Why allow email to be sent at all from "unmanaged servers"?
>>> 
>>> -Tim
>>> 
>>> On Mon, Jul 17, 2017 at 7:44 AM, Hetzner Blacklist  
>>> wrote: I just got back from a 2 week holiday and have been reading this 
>>> thread with a lot of interest. I thought I would respond and try to 
>>> explain the situation from our perspective. I could write an entire 
>>> essay on this, but I have tried to be as concise as possible, though it 
>>> is still a wall of text.
 
 Am 11.07.2017 um 13:00 schrieb Felix Schwarz:
 > If I'm not mistaken also Hetzner's mail admins are reading this list 
 > so maybe
 > they can convice their management to do something about the bad
 reputation.
 
 Management was convinced over a year ago. Our internal abuse 
 processing and handling was reviewed, and made stricter. I will admit 
 that we used to be too lenient in that regard, but that is no longer 
 the case (at least not intentionally).
 
 The results have been very encouraging. The leading blacklist and
 reputation providers that have easy network/ASN lookups show a 
 decrease of at least 60% in “bad” IPs within our network within the 
 last year. This applies to Spamhaus, SpamCop, SORBS, UCEPROTECT, 
 Senderbase (now Talos Intelligence) and the Microsoft SNDS. The amount 
 of abuse
 complaints we get has also decreased substantially. All of this, even 
 though we are continually growing.
 
 I’ve been in contact with a number of people this past year and many 
 of them have acknowledged that our network no longer deserves a bad
 reputation. However, I can fully understand that not everybody will 
 agree, and I believe there are 3 main reasons for that.
 
 1) Historical. I wil be the first to admit that in the past we were 
 too lenient with spam-handling, and there was more spam leaving our 
 network than there should have been. This can mean that if somebody 
 gets spam from our network today, they think "great, Hetzner hosting 
 another spammer", even though the message was due to a compromised 
 account (see point 2), and the overall amount of spam is much lower 
 than it was historically.
 
 2) Constant spam. Due to the nature of our business (IAAS provider), 
 the fact is that there will always be a certain level of spam leaving 
 our network. Brandon actually mentioned exactly this.
 
 Am 10.07.2017 um 21:37 schrieb Brandon Long:
 > They may not even be renting directly to spammers, but their users 
 > are > getting compromised and sending spam and other crap from their
 servers.  We
 > see clickbot and other fraud farming from those IP ranges as well. >
 > It is an unfortunate situation, and challenging, no doubt.
 
 We have over a million IP addresses, and the vast majority of those 
 are allocated to unmanaged servers. Short of blocking all email
 communication from our network, there are always going to be customers 
 sending emails, and thus there will always be some who send spam. Our 
 job is to minimize that as much as possible. Anybody who has worked an 
 abuse desk will know how hard that is, especially at an IAAS provider 
 like ourselves.
 
 We don’t intentionally harbor any spammers, and any that manage to get 
 through our checks (we block dozens of new orders a day) and start 
 sending spam, are soon terminated. We have a few email marketers, but 
 the vast majority of the spam leaving our network is from compromised 
 accounts, for which we can do very little.
 
 3) Perspective. As with so many things in life, what you think of
 something depends greatly on your point of view, and the assumptions 
 and expections you (sometimes subconsciously) bring along. If 
 somebody assumes that there should be zero spam leaving our network, 
 they will always be disappointed.
 
 I believe a perfect example of these different perspectives is found 
 within this thread.
 
 Am 11.07.2017 

Re: [mailop] btinternet.com blacklist

[Tim Starr]

Then what does "unmanaged" mean in this context?

-Tim

On Tue, Jul 18, 2017 at 1:28 AM, Dave Warren  wrote:

> As far as #2, because users of said servers often want to send email.
>
>
> On Mon, Jul 17, 2017, at 12:05, Tim Starr wrote:
>
> An overall admirable response, keep up the good work. Just 2 questions:
>
> 1) Why not put TLDR at top?
> 2) Why allow email to be sent at all from "unmanaged servers"?
>
> -Tim
>
> On Mon, Jul 17, 2017 at 7:44 AM, Hetzner Blacklist 
> wrote:
>
> I just got back from a 2 week holiday and have been reading this thread
> with a lot of interest. I thought I would respond and try to explain the
> situation from our perspective. I could write an entire essay on this,
> but I have tried to be as concise as possible, though it is still a wall
> of text.
>
> Am 11.07.2017 um 13:00 schrieb Felix Schwarz:
> > If I'm not mistaken also Hetzner's mail admins are reading this list
> so maybe
> > they can convice their management to do something about the bad
> reputation.
>
> Management was convinced over a year ago. Our internal abuse processing
> and handling was reviewed, and made stricter. I will admit that we used
> to be too lenient in that regard, but that is no longer the case (at
> least not intentionally).
>
> The results have been very encouraging. The leading blacklist and
> reputation providers that have easy network/ASN lookups show a decrease
> of at least 60% in “bad” IPs within our network within the last year.
> This applies to Spamhaus, SpamCop, SORBS, UCEPROTECT, Senderbase (now
> Talos Intelligence) and the Microsoft SNDS. The amount of abuse
> complaints we get has also decreased substantially. All of this, even
> though we are continually growing.
>
> I’ve been in contact with a number of people this past year and many of
> them have acknowledged that our network no longer deserves a bad
> reputation. However, I can fully understand that not everybody will
> agree, and I believe there are 3 main reasons for that.
>
> 1) Historical. I wil be the first to admit that in the past we were too
> lenient with spam-handling, and there was more spam leaving our network
> than there should have been. This can mean that if somebody gets spam
> from our network today, they think "great, Hetzner hosting another
> spammer", even though the message was due to a compromised account (see
> point 2), and the overall amount of spam is much lower than it was
> historically.
>
> 2) Constant spam. Due to the nature of our business (IAAS provider), the
> fact is that there will always be a certain level of spam leaving our
> network. Brandon actually mentioned exactly this.
>
> Am 10.07.2017 um 21:37 schrieb Brandon Long:
> > They may not even be renting directly to spammers, but their users are
> > getting compromised and sending spam and other crap from their
> servers.  We
> > see clickbot and other fraud farming from those IP ranges as well.
> >
> > It is an unfortunate situation, and challenging, no doubt.
>
> We have over a million IP addresses, and the vast majority of those are
> allocated to unmanaged servers. Short of blocking all email
> communication from our network, there are always going to be customers
> sending emails, and thus there will always be some who send spam. Our
> job is to minimize that as much as possible. Anybody who has worked an
> abuse desk will know how hard that is, especially at an IAAS provider
> like ourselves.
>
> We don’t intentionally harbor any spammers, and any that manage to get
> through our checks (we block dozens of new orders a day) and start
> sending spam, are soon terminated. We have a few email marketers, but
> the vast majority of the spam leaving our network is from compromised
> accounts, for which we can do very little.
>
> 3) Perspective. As with so many things in life, what you think of
> something depends greatly on your point of view, and the assumptions and
> expections you (sometimes subconsciously) bring along. If somebody
> assumes that there should be zero spam leaving our network, they will
> always be disappointed.
>
> I believe a perfect example of these different perspectives is found
> within this thread.
>
> Am 11.07.2017 um 09:11 schrieb John Levine:
> > Hetzner gushes spam, and I've had most of their
> > IP ranges totally blocked for years.
>
> Am 13.07.2017 um 20:15 schrieb John Levine:
> > Look for yourself:
> >
> > http://www.taugh.com/sp.php?c==78.47.0.0=78.47.255.255=puavppaxru
>
> First of all, thank you for that link John, I appreciate you sharing
> that information. It’s always good to have additional information about
> our network, and I will be checking that link regularly.
>
> I have no idea what assumptions John has, but the comment about
> “gushing” spam made me believe that the evidence would show a list of
> hundreds, if not thousands of IPs, sending spam every few days over the
> course of many months/years.
>
> What I see instead is almost exactly the 

Re: [mailop] btinternet.com blacklist

[Brandon Long via mailop]

I don't know how much of this is fictional or the order of exact
operations...

but you've admitted your server got hacked and then we blocked your mail.
A good percentage of the spam we receive is from hacked boxes, and these
boxes can send millions of messages in the minutes after being hacked.

Yes, it can take a while to recover from that.  And we also have defenses
against the possibility, which is what many small operators run into, that
we heavily throttle small senders so that when they get hacked, they can't
do much damage.  It's unfortunate that that's what the internet has come
to.  I've tried to get our rejection reasons better tuned, but we have a
lot of complicated rules, and many of them just use the default rejection
message which isn't that helpful.  OTOH, 99.99% of the rejections we do are
to spammers who know they're spamming, so they don't really care about the
rejection message.

If these things weren't in the order you mentioned, or were more widely
spaced in time or IPs, I can take a look if you send me the exact errors
you are seeing.  They have to be less than a week old to be investigated.

Brandon

On Tue, Jul 18, 2017 at 6:12 AM, Vittorio Bertola <
vittorio.bert...@open-xchange.com> wrote:

>
> Il 17 luglio 2017 alle 21.05 Tim Starr  ha scritto:
>
> 2) Why allow email to be sent at all from "unmanaged servers"?
>
> I've been buying an "unmanaged server" from various European providers
> (including OVH, and currently Contabo) for the last 15 years, to run my
> personal website and email server, as well as those of a few local
> non-profits.
>
> Over time, it has become more and more difficult to keep doing so. You are
> being required to learn and install new pieces and protocols, just to be
> able to continue sending. The automatic updates of your Wordpress stop for
> a few weeks, your server gets cracked and starts spamming, your provider
> shuts you down and you're off the Internet. Even now, even if I am not
> listed in any blacklist that I know of, even if I implemented SPF, DKIM,
> DMARC and even DNSSEC and DANE, Gmail keeps rejecting 90% of my messages
> (fully ham, personal, 1-to-1 messages to real life friends) because... you
> don't know, in the error message they say that it's spam (though clearly
> it's not) and they don't give you any other explanation, you are sent to a
> maze of useless "support" pages and even if you find a contact form and use
> it, as I did several times before giving up, nothing ever happens.
>
> Now, you may think that this is the right thing, that only "professionals"
> should be allowed to connect a server to the Internet, for "security
> reasons". But that is not how the Internet was supposed to be, and it is
> not why it has offered freedom and growth to everyone around the world.
>
> The Internet is what it is exactly because anyone is allowed to connect a
> server to it and start doing what he wants, as long as he speaks the common
> protocols. But this is going away, and you are increasingly being told that
> if you want to stay online you should better stop doing things on your own
> and start using a Gmail account as well.
>
> The real risk of this approach is that sooner or later all of us here,
> except those who work for Google, Facebook, Apple or Microsoft, will be out
> of business. There will be no email any more, there will be a few huge
> messaging platforms competing with each other to attract customers into
> their closed garden by exploiting their critical mass, like it already is
> for instant messaging. If this happens, even telcos won't be big enough to
> continue offering email reliably, as so many delivery issues reported here
> already show.
>
> Is this really what we want? It's good to have anti-spam features in place
> and to be hard against spammers, but I'd rather take all the spam that I
> can get, than give up the federated nature of the Internet.
>
> Regards,
>
> --
>
> Vittorio Bertola | Research & Innovation Engineer
> vittorio.bert...@open-xchange.com
> Open-Xchange Srl - Office @ Via Treviso 12, 10144 Torino, Italy
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Suresh Ramasubramanian]

I’m afraid it is much like driving these days.  Or maybe manufacturing cars.

Back in the day any old inventor could tinker in his backyard and come up with 
something that had four wheels and an engine.   And driving it didn’t really 
need too much of a license.

These days, you get a much stricter driving test and still run the risk of 
accidents much more than in the old days when the only other traffic on the 
road was maybe a horse and buggy, (the way even a well-managed personal server 
still gets hacked) and actually manufacturing a car is much more complex and 
then needs to navigate a maze of regulatory approvals.

The internet of today isn’t what it was even 15 years back.  If only because 
malicious people are quite good at abusing the very same protocols that we use.


From: mailop <mailop-boun...@mailop.org> on behalf of Vittorio Bertola 
<vittorio.bert...@open-xchange.com>
Date: Tuesday, 18 July 2017 at 6:46 PM
To: "mailop@mailop.org" <mailop@mailop.org>, Tim Starr <timstar...@gmail.com>
Subject: Re: [mailop] btinternet.com blacklist

The Internet is what it is exactly because anyone is allowed to connect a 
server to it and start doing what he wants, as long as he speaks the common 
protocols. But this is going away, and you are increasingly being told that if 
you want to stay online you should better stop doing things on your own and 
start using a Gmail account as well.
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Philip Paeps]

On 2017-07-17 15:44:09 (+0200), Hetzner Blacklist  wrote:

I just got back from a 2 week holiday and have been reading this thread
with a lot of interest. I thought I would respond and try to explain the
situation from our perspective.


Thank you for engaging with this community.  I'm sure this must feel 
like a very hostile environment for you. :)


I’ve been in contact with a number of people this past year and many of 
them have acknowledged that our network no longer deserves a bad 
reputation. However, I can fully understand that not everybody will 
agree, and I believe there are 3 main reasons for that.


Unfortunately, it takes a lot longer to clean up a bad reputation than 
it does to tarnish a good reputation.  Actions definitely speak a lot 
louder than words.



TL;DR We care about spam and believe that the evidence shows that.


Keep reminding us of that by reducing the volume of spam leaving your 
network and responding promptly to abuse notifications. :)


Philip

--
Philip Paeps
Senior Reality Engineer
Ministry of Information

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Dave Warren]

As far as #2, because users of said servers often want to send email.


On Mon, Jul 17, 2017, at 12:05, Tim Starr wrote:
> An overall admirable response, keep up the good work. Just 2 questions:> 
> 1) Why not put TLDR at top?
> 2) Why allow email to be sent at all from "unmanaged servers"?
> 
> -Tim
> 
> On Mon, Jul 17, 2017 at 7:44 AM, Hetzner Blacklist  
> wrote:>> I just got back from a 2 week holiday and have been reading this 
> thread>>  with a lot of interest. I thought I would respond and try to 
> explain the>>  situation from our perspective. I could write an entire essay 
> on this,>>  but I have tried to be as concise as possible, though it is still 
> a wall>>  of text.
>> 
>>  Am 11.07.2017 um 13:00 schrieb Felix Schwarz:
>>  > If I'm not mistaken also Hetzner's mail admins are reading this list>>  
>> so maybe
>>  > they can convice their management to do something about the bad
>>  reputation.
>> 
>>  Management was convinced over a year ago. Our internal abuse processing>>  
>> and handling was reviewed, and made stricter. I will admit that we used>>  
>> to be too lenient in that regard, but that is no longer the case (at>>  
>> least not intentionally).
>> 
>>  The results have been very encouraging. The leading blacklist and
>>  reputation providers that have easy network/ASN lookups show a decrease>>  
>> of at least 60% in “bad” IPs within our network within the last year.>>  
>> This applies to Spamhaus, SpamCop, SORBS, UCEPROTECT, Senderbase (now>>  
>> Talos Intelligence) and the Microsoft SNDS. The amount of abuse
>>  complaints we get has also decreased substantially. All of this, even>>  
>> though we are continually growing.
>> 
>>  I’ve been in contact with a number of people this past year and many of>>  
>> them have acknowledged that our network no longer deserves a bad
>>  reputation. However, I can fully understand that not everybody will>>  
>> agree, and I believe there are 3 main reasons for that.
>> 
>>  1) Historical. I wil be the first to admit that in the past we were too>>  
>> lenient with spam-handling, and there was more spam leaving our network>>  
>> than there should have been. This can mean that if somebody gets spam>>  
>> from our network today, they think "great, Hetzner hosting another
>>  spammer", even though the message was due to a compromised account (see>>  
>> point 2), and the overall amount of spam is much lower than it was
>>  historically.
>> 
>>  2) Constant spam. Due to the nature of our business (IAAS provider), the>>  
>> fact is that there will always be a certain level of spam leaving our>>  
>> network. Brandon actually mentioned exactly this.
>> 
>>  Am 10.07.2017 um 21:37 schrieb Brandon Long:
>>  > They may not even be renting directly to spammers, but their users are>>  
>> > getting compromised and sending spam and other crap from their
>>  servers.  We
>>  > see clickbot and other fraud farming from those IP ranges as well.>>  >
>>  > It is an unfortunate situation, and challenging, no doubt.
>> 
>>  We have over a million IP addresses, and the vast majority of those are>>  
>> allocated to unmanaged servers. Short of blocking all email
>>  communication from our network, there are always going to be customers>>  
>> sending emails, and thus there will always be some who send spam. Our>>  job 
>> is to minimize that as much as possible. Anybody who has worked an>>  abuse 
>> desk will know how hard that is, especially at an IAAS provider>>  like 
>> ourselves.
>> 
>>  We don’t intentionally harbor any spammers, and any that manage to get>>  
>> through our checks (we block dozens of new orders a day) and start
>>  sending spam, are soon terminated. We have a few email marketers, but>>  
>> the vast majority of the spam leaving our network is from compromised>>  
>> accounts, for which we can do very little.
>> 
>>  3) Perspective. As with so many things in life, what you think of
>>  something depends greatly on your point of view, and the assumptions and>>  
>> expections you (sometimes subconsciously) bring along. If somebody
>>  assumes that there should be zero spam leaving our network, they will>>  
>> always be disappointed.
>> 
>>  I believe a perfect example of these different perspectives is found>>  
>> within this thread.
>> 
>>  Am 11.07.2017 um 09:11 schrieb John Levine:
>>  > Hetzner gushes spam, and I've had most of their
>>  > IP ranges totally blocked for years.
>> 
>>  Am 13.07.2017 um 20:15 schrieb John Levine:
>>  > Look for yourself:
>>  >
>>  > http://www.taugh.com/sp.php?c==78.47.0.0=78.47.255.255=puavppaxru>> 
>>  First of all, thank you for that link John, I appreciate you sharing>>  
>> that information. It’s always good to have additional information about>>  
>> our network, and I will be checking that link regularly.
>> 
>>  I have no idea what assumptions John has, but the comment about
>>  “gushing” spam made me believe that the evidence would show a list of>>  
>> hundreds, 

Re: [mailop] btinternet.com blacklist

[Tim Starr]

An overall admirable response, keep up the good work. Just 2 questions:

1) Why not put TLDR at top?
2) Why allow email to be sent at all from "unmanaged servers"?

-Tim

On Mon, Jul 17, 2017 at 7:44 AM, Hetzner Blacklist 
wrote:

> I just got back from a 2 week holiday and have been reading this thread
> with a lot of interest. I thought I would respond and try to explain the
> situation from our perspective. I could write an entire essay on this,
> but I have tried to be as concise as possible, though it is still a wall
> of text.
>
> Am 11.07.2017 um 13:00 schrieb Felix Schwarz:
> > If I'm not mistaken also Hetzner's mail admins are reading this list
> so maybe
> > they can convice their management to do something about the bad
> reputation.
>
> Management was convinced over a year ago. Our internal abuse processing
> and handling was reviewed, and made stricter. I will admit that we used
> to be too lenient in that regard, but that is no longer the case (at
> least not intentionally).
>
> The results have been very encouraging. The leading blacklist and
> reputation providers that have easy network/ASN lookups show a decrease
> of at least 60% in “bad” IPs within our network within the last year.
> This applies to Spamhaus, SpamCop, SORBS, UCEPROTECT, Senderbase (now
> Talos Intelligence) and the Microsoft SNDS. The amount of abuse
> complaints we get has also decreased substantially. All of this, even
> though we are continually growing.
>
> I’ve been in contact with a number of people this past year and many of
> them have acknowledged that our network no longer deserves a bad
> reputation. However, I can fully understand that not everybody will
> agree, and I believe there are 3 main reasons for that.
>
> 1) Historical. I wil be the first to admit that in the past we were too
> lenient with spam-handling, and there was more spam leaving our network
> than there should have been. This can mean that if somebody gets spam
> from our network today, they think "great, Hetzner hosting another
> spammer", even though the message was due to a compromised account (see
> point 2), and the overall amount of spam is much lower than it was
> historically.
>
> 2) Constant spam. Due to the nature of our business (IAAS provider), the
> fact is that there will always be a certain level of spam leaving our
> network. Brandon actually mentioned exactly this.
>
> Am 10.07.2017 um 21:37 schrieb Brandon Long:
> > They may not even be renting directly to spammers, but their users are
> > getting compromised and sending spam and other crap from their
> servers.  We
> > see clickbot and other fraud farming from those IP ranges as well.
> >
> > It is an unfortunate situation, and challenging, no doubt.
>
> We have over a million IP addresses, and the vast majority of those are
> allocated to unmanaged servers. Short of blocking all email
> communication from our network, there are always going to be customers
> sending emails, and thus there will always be some who send spam. Our
> job is to minimize that as much as possible. Anybody who has worked an
> abuse desk will know how hard that is, especially at an IAAS provider
> like ourselves.
>
> We don’t intentionally harbor any spammers, and any that manage to get
> through our checks (we block dozens of new orders a day) and start
> sending spam, are soon terminated. We have a few email marketers, but
> the vast majority of the spam leaving our network is from compromised
> accounts, for which we can do very little.
>
> 3) Perspective. As with so many things in life, what you think of
> something depends greatly on your point of view, and the assumptions and
> expections you (sometimes subconsciously) bring along. If somebody
> assumes that there should be zero spam leaving our network, they will
> always be disappointed.
>
> I believe a perfect example of these different perspectives is found
> within this thread.
>
> Am 11.07.2017 um 09:11 schrieb John Levine:
> > Hetzner gushes spam, and I've had most of their
> > IP ranges totally blocked for years.
>
> Am 13.07.2017 um 20:15 schrieb John Levine:
> > Look for yourself:
> >
> > http://www.taugh.com/sp.php?c==78.47.0.0=78.47.255.255=puavppaxru
>
> First of all, thank you for that link John, I appreciate you sharing
> that information. It’s always good to have additional information about
> our network, and I will be checking that link regularly.
>
> I have no idea what assumptions John has, but the comment about
> “gushing” spam made me believe that the evidence would show a list of
> hundreds, if not thousands of IPs, sending spam every few days over the
> course of many months/years.
>
> What I see instead is almost exactly the opposite. This year (2017),
> there have been a total of 89 spam messages, from a mere 44 IPs (which
> currently belong to 44 separate customers of ours). These 44 IPs
> represent 0.00067% of the IPs in the /16 range (65,536 IPs total). None
> of the IPs sent spam regularly, 

Re: [mailop] btinternet.com blacklist

[Simon Forster]

> On 17 Jul 2017, at 14:44, Hetzner Blacklist  wrote:
> 
> I’ve been in contact with a number of people this past year and many of
> them have acknowledged that our network no longer deserves a bad
> reputation. However, I can fully understand that not everybody will
> agree, and I believe there are 3 main reasons for that.
> 
> 1) Historical. I wil be the first to admit that in the past we were too
> lenient with spam-handling, and there was more spam leaving our network
> than there should have been. This can mean that if somebody gets spam
> from our network today, they think "great, Hetzner hosting another
> spammer", even though the message was due to a compromised account (see
> point 2), and the overall amount of spam is much lower than it was
> historically.

We talk about IP reputation.

We talk about domain reputation.

Marketing talks about brand reputation.

You’ve got to work at it to get a good reputation. And on the flip side, it’s 
darned difficult to get rid of a bad one.

Bastiaan, another year or two of good work and you may overcome people’s 
perceptions.

Point here being that it’s hard (expensive) to reposition a brand. So for all 
the guys doing it right, keep at it as the commercial side will not like it if 
you end up with a bad reputation. Short term benefit may be good but longer 
term, not so much so.

Simon___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Hetzner Blacklist]

I just got back from a 2 week holiday and have been reading this thread
with a lot of interest. I thought I would respond and try to explain the
situation from our perspective. I could write an entire essay on this,
but I have tried to be as concise as possible, though it is still a wall
of text.

Am 11.07.2017 um 13:00 schrieb Felix Schwarz:
> If I'm not mistaken also Hetzner's mail admins are reading this list
so maybe
> they can convice their management to do something about the bad
reputation.

Management was convinced over a year ago. Our internal abuse processing
and handling was reviewed, and made stricter. I will admit that we used
to be too lenient in that regard, but that is no longer the case (at
least not intentionally).

The results have been very encouraging. The leading blacklist and
reputation providers that have easy network/ASN lookups show a decrease
of at least 60% in “bad” IPs within our network within the last year.
This applies to Spamhaus, SpamCop, SORBS, UCEPROTECT, Senderbase (now
Talos Intelligence) and the Microsoft SNDS. The amount of abuse
complaints we get has also decreased substantially. All of this, even
though we are continually growing.

I’ve been in contact with a number of people this past year and many of
them have acknowledged that our network no longer deserves a bad
reputation. However, I can fully understand that not everybody will
agree, and I believe there are 3 main reasons for that.

1) Historical. I wil be the first to admit that in the past we were too
lenient with spam-handling, and there was more spam leaving our network
than there should have been. This can mean that if somebody gets spam
from our network today, they think "great, Hetzner hosting another
spammer", even though the message was due to a compromised account (see
point 2), and the overall amount of spam is much lower than it was
historically.

2) Constant spam. Due to the nature of our business (IAAS provider), the
fact is that there will always be a certain level of spam leaving our
network. Brandon actually mentioned exactly this.

Am 10.07.2017 um 21:37 schrieb Brandon Long:
> They may not even be renting directly to spammers, but their users are
> getting compromised and sending spam and other crap from their
servers.  We
> see clickbot and other fraud farming from those IP ranges as well.
>
> It is an unfortunate situation, and challenging, no doubt.

We have over a million IP addresses, and the vast majority of those are
allocated to unmanaged servers. Short of blocking all email
communication from our network, there are always going to be customers
sending emails, and thus there will always be some who send spam. Our
job is to minimize that as much as possible. Anybody who has worked an
abuse desk will know how hard that is, especially at an IAAS provider
like ourselves.

We don’t intentionally harbor any spammers, and any that manage to get
through our checks (we block dozens of new orders a day) and start
sending spam, are soon terminated. We have a few email marketers, but
the vast majority of the spam leaving our network is from compromised
accounts, for which we can do very little.

3) Perspective. As with so many things in life, what you think of
something depends greatly on your point of view, and the assumptions and
expections you (sometimes subconsciously) bring along. If somebody
assumes that there should be zero spam leaving our network, they will
always be disappointed.

I believe a perfect example of these different perspectives is found
within this thread.

Am 11.07.2017 um 09:11 schrieb John Levine:
> Hetzner gushes spam, and I've had most of their
> IP ranges totally blocked for years.

Am 13.07.2017 um 20:15 schrieb John Levine:
> Look for yourself:
>
> http://www.taugh.com/sp.php?c==78.47.0.0=78.47.255.255=puavppaxru

First of all, thank you for that link John, I appreciate you sharing
that information. It’s always good to have additional information about
our network, and I will be checking that link regularly.

I have no idea what assumptions John has, but the comment about
“gushing” spam made me believe that the evidence would show a list of
hundreds, if not thousands of IPs, sending spam every few days over the
course of many months/years.

What I see instead is almost exactly the opposite. This year (2017),
there have been a total of 89 spam messages, from a mere 44 IPs (which
currently belong to 44 separate customers of ours). These 44 IPs
represent 0.00067% of the IPs in the /16 range (65,536 IPs total). None
of the IPs sent spam regularly, and all of them stopped within a few
days. 99.99933% of IPs did not send spam.

To me, this is a clear sign that we are doing a good job. Yes, there is
a “trickle” of spam, and I would dearly love to completely cut that out,
but as mentioned above, that is unrealistic. We are trying to minimize
the amount of spam, and I believe this shows we are doing exactly that.

Now, I’m biased, and I’m obviously going to defend the 

Re: [mailop] btinternet.com blacklist

[Chris Boyd]

> On Jul 14, 2017, at 2:30 PM, Michael Peddemors  wrote:
> 
> Found a referral to rwhois.psychz.net:4321.

This particular outfit is block on sight for me. Back when I ran a managed 
services company, blocking all of their IP address space took out s significant 
amount of spam that had to be processed. Zero false positive reports over 
several years.

—Chris


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Michael Peddemors]

On 17-07-14 12:05 PM, Karen Balle wrote:
It's less of a common practice than it used to be, I think.  I don't 
work for an abuse desk anymore, but antispam technology is much more 
advanced now and blocking of entire networks by large ISPs has never 
really been a common practice.  You lose a lot of customers if there's 
enough legitimate email from that network.


  Karen


Actually, it is still common I am sure...

But speaking about reputation.. If the following showed up in your logs 
over nite, what would you do? (last night)


What if this was happening on an ongoing basis for months?

And what happens if the hosting company isn't following ARIN guidelines, 
eg.. listing a non-functioning 'rwhois' server in their SWIP? Or at the 
very best, not able to properly operate one?


Found a referral to rwhois.psychz.net:4321.

fgets: Connection reset by peer

And it isn't as if the hosting company could not easily detect this..
(Email being generated, and they haven't even bothered to set up PTR 
records, sounds like not validating new customers that get /27's at least..)


If you were the ISP, what would you do?  Some ISP's go even farther than 
just blocking the provider, they might even null route it at the 
borders..  And you aren't going to do that for individual IP(s), you 
will do it for the range..


23.238.153.3(M)   4   unassigned.psychz.net
   23.238.153.4 (M)   2   unassigned.psychz.net
   23.238.153.5 (M)   1   unassigned.psychz.net
   23.238.153.6 (M)   2   unassigned.psychz.net
   23.238.153.7 (M)   2   unassigned.psychz.net
   23.238.153.8 (M)   1   unassigned.psychz.net
   23.238.153.9 (M)   2   unassigned.psychz.net
   23.238.153.11(M)   3   unassigned.psychz.net
   23.238.153.14(M)   1   unassigned.psychz.net
   23.238.153.15(M)   3   unassigned.psychz.net
   23.238.153.17(M)   4   unassigned.psychz.net
   23.238.153.19(M)   1   unassigned.psychz.net
   23.238.153.22(M)   2   unassigned.psychz.net
   23.238.153.23(M)   2   unassigned.psychz.net
   23.238.153.24(M)   2   unassigned.psychz.net
   23.238.153.25(M)   1   unassigned.psychz.net
   23.238.153.27(M)   1   unassigned.psychz.net
   23.238.153.28(M)   1   unassigned.psychz.net
   23.238.153.29(M)   1   unassigned.psychz.net
23.238.155.226  (M)   3   unassigned.psychz.net
   23.238.155.227   (M)   3   unassigned.psychz.net
   23.238.155.229   (M)   1   unassigned.psychz.net
   23.238.155.230   (M)   1   unassigned.psychz.net
   23.238.155.231   (M)   2   unassigned.psychz.net
   23.238.155.232   (M)   2   unassigned.psychz.net
   23.238.155.233   (M)   2   unassigned.psychz.net
   23.238.155.234   (M)   5   unassigned.psychz.net
   23.238.155.235   (M)   1   unassigned.psychz.net
   23.238.155.236   (M)   1   unassigned.psychz.net
   23.238.155.238   (M)   1   unassigned.psychz.net
   23.238.155.239   (M)   1   unassigned.psychz.net
   23.238.155.240   (M)   3   unassigned.psychz.net
   23.238.155.241   (M)   1   unassigned.psychz.net
   23.238.155.242   (M)   1   unassigned.psychz.net
   23.238.155.243   (M)   2   unassigned.psychz.net
   23.238.155.244   (M)   1   unassigned.psychz.net
   23.238.155.245   (M)   2   unassigned.psychz.net
   23.238.155.246   (M)   2   unassigned.psychz.net
   23.238.155.247   (M)   2   unassigned.psychz.net
   23.238.155.249   (M)   2   unassigned.psychz.net
   23.238.155.250   (M)   2   unassigned.psychz.net
   23.238.155.253   (M)   1   unassigned.psychz.net
23.238.158.198  (M)   1   unassigned.psychz.net
   23.238.158.199   (M)   2   unassigned.psychz.net
   23.238.158.201   (M)   2   unassigned.psychz.net
   23.238.158.202   (M)   2   unassigned.psychz.net
   23.238.158.204   (M)   1   unassigned.psychz.net
   23.238.158.205   (M)   1   unassigned.psychz.net
   23.238.158.206   (M)   1   unassigned.psychz.net
   23.238.158.208   (M)   1   unassigned.psychz.net
   23.238.158.209   (M)   2   unassigned.psychz.net
   23.238.158.211   (M)   3   unassigned.psychz.net
   23.238.158.212   (M)   2   unassigned.psychz.net
   23.238.158.213   (M)   1   unassigned.psychz.net
   23.238.158.215   (M)   2   unassigned.psychz.net
   23.238.158.216   (M)   2   unassigned.psychz.net
   23.238.158.218   (M)   1   unassigned.psychz.net
   23.238.158.219   (M)   2   unassigned.psychz.net
   23.238.158.220   (M)   4   unassigned.psychz.net
   23.238.158.221   (M)   1   unassigned.psychz.net
   23.238.158.222   (M)   2   unassigned.psychz.net

Re: [mailop] btinternet.com blacklist

[Karen Balle]

On Thu, Jul 13, 2017 at 3:40 PM, Dom Latter  wrote:

> On 13/07/17 02:58, John Levine wrote:
>
>> I get the impression that you vastly overestimate how much the rest of
>> the world cares whether they get your mail.  (This is the general you,
>> not you personally.)
>>
>
> Our recipients care very much!  They are literally paying for it.
>
> I'd put it this way - btinternet don't care very much whether or not
> they deliver their customers' legitimate email.



Unless the spam problem an ISP sees from a netrange is especially
egregious, you reaching out to the ISP should be enough to get an exception
provided that your own sending metrics support it.  It is not BT's
responsibility to accept a lot of spam at their expense in order for your
customers to receive mail they paid you for.  If BT chooses to make an
exception for your mail, then that is fabulous.  Problem solved.
Otherwise, it is your responsibility to your customer to find an unabusive
way of delivering their paid content to them.  In this case, you have two
choices - 1) Find a provider with a better reputation or 2) ask your mutual
customers to contact BT to request an exception for your dedicated IP(s).
I recommend the first option.


Or to look at it another way, if you don't care enough to find a
>> network from which people can easily accept mail, why should anyone else?
>>
>
> Well, now we know, and we have a plan to relay via a reputable network.
>
> Trouble is - and feel free to call me naive - is that I had no idea
> that this sort of range blocking was a standard practice, or that
> Hetzner had such a bad reputation.


It's less of a common practice than it used to be, I think.  I don't work
for an abuse desk anymore, but antispam technology is much more advanced
now and blocking of entire networks by large ISPs has never really been a
common practice.  You lose a lot of customers if there's enough legitimate
email from that network.

 Karen
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Dom Latter]

On 13/07/17 02:58, John Levine wrote:

I get the impression that you vastly overestimate how much the rest of
the world cares whether they get your mail.  (This is the general you,
not you personally.)


Our recipients care very much!  They are literally paying for it.

I'd put it this way - btinternet don't care very much whether or not
they deliver their customers' legitimate email.


Or to look at it another way, if you don't care enough to find a
network from which people can easily accept mail, why should anyone else?


Well, now we know, and we have a plan to relay via a reputable network.

Trouble is - and feel free to call me naive - is that I had no idea
that this sort of range blocking was a standard practice, or that
Hetzner had such a bad reputation.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Bill Cole]

On 12 Jul 2017, at 18:57, Dom Latter wrote:

I do still find it baffling that guilt by association [1] is 
considered

reasonable - and I do not see the need to block ranges when single
IPs will do.  Although perhaps there are technical reasons for this
that I am unaware of.


Are you familiar with the concept of "snowshoe spammers?" They are 
operations that get small address range assignments (/26 or smaller) 
from one or more lax providers, spread their spamming across the 
disjoint address space, and try to evade blacklists by letting addresses 
that get listed or generate complaints to the provider go quiet for a 
while.


Snowshoe spamming only works because of lax providers who ignore 
complaints, let spammers off with warnings, don't recognize the pattern, 
or just don't care. Blocking one IP at a time is fine for some other 
styles of spamming (e.g. botnets, "legit" ESPs who segregate their 
sketchy customers to particular IPs, Microsoft's dedicated O365 sewage 
outlets, etc.) However, snowshoeing is an adaptive tactic to 
one-at-a-time blocking. The adaptive defense is broader blocking of 
address space of providers who have a history of being a safe haven for 
spammers. If I see one snowshoe range on a particular network, I can be 
pretty confident that in a short time I'll be seeing others nearby.


It is also worth noting 3 facts that also reduce the cost risk for 
receivers of wholesale blocking:


1. For receivers of significant scale and/or age, the vast majority of 
mail on offer is spam. It has abated in the past decade from a peak over 
95%, but for many receivers there's less than a 20% chance of an 
attempted port 25 connection resulting in the transport one or more 
non-spam message.


2. The overwhelming majority of IP addresses are never used to offer 
email to unrelated hosts. Most which do, only ever send spam. If you 
block an IP that has never tried to send you mail, the odds are it will 
never try and that if it does, it will be spam.


3. Most receiving systems could whitelist a few dozen networks that send 
them mostly non-spam and reject all other sources without rejecting 
anything legitimate for weeks at a time.


This all adds up to the conclusion that using "guilt by association" to 
block IP addresses by top-level RIR allocation block is more likely to 
stop spam than to block legitimate email from previously unknown IPs.



[1] What happened to "innocent until proven guilty"?


That principle of criminal law often differs across national borders. 
More importantly, it is a principle of criminal law, not property rights 
or business practices. I lock the doors to my house at night and when no 
one is home. That's not because I've declared everyone guilty until 
proven innocent. It is a rare business that automatically gives all 
customers "net 90" payment terms without a credit check, even though 
most customers would pay on time.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[John Levine]

In article  you write:
>For example the top 50 ips from 78.47.0.0/16 (by email volume) there were 34
>IPs with "good" reputation and 7 with "bad" reputation.

Some of us keep our own records of what arrives at our mail servers.
For the past couple of months from 78.47/16 I see one message from you
yesterday, doubtless part of this mail thread, and other than that
100% spam, no real mail at all.  Not unblocking that any time soon.

Look for yourself:

http://www.taugh.com/sp.php?c==78.47.0.0=78.47.255.255=puavppaxru

(The auto-ack from a spam report on the 4th doesn't count.)

R's,
John

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Paul Smith]

On 13/07/2017 03:06, steve wrote:


Depending on how it's carved up, there are at least 50k IP addresses 
in a /16. One line, or... 


From my experience, it's not so much that it's hard work blocking 
individual IP addresses, it's that the spammers move around.


I don't know if the hosting company lets the customer request a new IP 
address, or the customer just orders a new virtual server or something, 
but we'll see similar incoming spam from the same hosting company from 
IP addresses that change several times a day. After a few days of 
chasing this around, it's tempting to just decide to block bigger ranges 
to block the spam before it arrives from a new IP address, rather than 
playing catch-up and blocking IP addresses after they've already been 
abandoned by the spammer.





___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Felix Schwarz via mailop]

Am 13.07.2017 um 04:23 schrieb Jay Hennigan:
> If you live in a crime-ridden neighborhood by misfortune or choice, you learn
> not to leave valuable outgoing packages in your curbside mailbox for the
> postman to pick up. You take them to a secure facility operated by someone you
> trust. Same principle applies digitally.

Just to put this into perspective: I don't think the Hetzner situation is that
dire overall: I just checked the Talos/SenderBase scoring for some Hetzner
nets and they were not so bad.

For example the top 50 ips from 78.47.0.0/16 (by email volume) there were 34
IPs with "good" reputation and 7 with "bad" reputation.

I am sure my customers would not tolerate blocking networks with similar
statistics. Personally if I expect sophisticated measures from dc providers
(SMTP proxies, even forcibly terminating TLS connections) I also try to do
something more sophisticated when it comes to classifying received messages.
(E.g. we are building our own internal IP reputation so initially unknown IPs
might get a bad rating from the network but these messages still have a chance
and over time the IP might get its own reputation so it will be unaffected
from the general network storage.)

Anyhow I'll stop here as I feel I'm off-topic now :-)

regards
Felix


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Jay Hennigan]

On 7/12/17 7:06 PM, steve wrote:

Depending on how it's carved up, there are at least 50k IP addresses in 
a /16. One line, or...


I have the misfortune of inheriting a server on this /16, and am using 
my own smart host.


If you live in a crime-ridden neighborhood by misfortune or choice, you 
learn not to leave valuable outgoing packages in your curbside mailbox 
for the postman to pick up. You take them to a secure facility operated 
by someone you trust. Same principle applies digitally.


--
--
Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net
Impulse Internet Service  -  http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[valdis . kletnieks]

On Wed, 12 Jul 2017 00:46:28 -, Michael Wise via mailop said:
> You’d be surprised how many people think that their sincerity is flagged in
> the protocol somehow….

RFC3514 was written explicitly to add support for that.


pgpzmD8obTwjW.pgp
Description: PGP signature
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Renaud Allard via mailop]

On 12/07/17 17:35, Laura Atkins wrote:
I have been known to tell clients, “There’s no place in the filter 
mechanisms where they can flag ‘is a client of Laura’s’, the filters do 
what they do and we can work with them but hiring me doesn’t change what 
the filters are going to do with your mail.”




I actually make filters which basically do that to a certain point. 
Every time one of my customers sends an email through my servers, I 
store the sender, the recipient, the date and a counter. When there is a 
(allegedly) reply coming back, I bypass some filters and decrease the 
counter. That system also works for whitelisting people to a certain 
point, if you were waiting for an email that you didn't receive, you can 
send an email to the "sender" and the reply will most probably go through.

But obviously, this only scales to a certain point.



smime.p7s
Description: S/MIME Cryptographic Signature
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Laura Atkins]

I have been known to tell clients, “There’s no place in the filter mechanisms 
where they can flag ‘is a client of Laura’s’, the filters do what they do and 
we can work with them but hiring me doesn’t change what the filters are going 
to do with your mail.” 

On another point there are a lot of people out there who honestly think they 
are “good senders” but mostly because they don’t understand the full scope of 
what it is to be a good sender. I get a lot of clients asking how they can get 
the “special treatment” that certain ESPs get. “Well, that ESP has a compliance 
desk of a dozen people, so first thing would be to do a lot of hiring.” “That 
ESP has spent 10 years building automation to monitor customers and enforce 
policy. We can talk about what that entails.”  *silence*

laura 


> On Jul 11, 2017, at 5:46 PM, Michael Wise via mailop <mailop@mailop.org> 
> wrote:
> 
>   <>
> You’d be surprised how many people think that their sincerity is flagged in 
> the protocol somehow….
>  
> Aloha,
> Michael.
> --
> Michael J Wise
> Microsoft Corporation| Spam Analysis
> "Your Spam Specimen Has Been Processed."
> Got the Junk Mail Reporting Tool 
> <http://www.microsoft.com/en-us/download/details.aspx?id=18275> ?
>  
> From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of John Stephenson
> Sent: Tuesday, July 11, 2017 5:23 PM
> To: Larry M. Smith <mailop@fahq2.com>
> Cc: mailop <mailop@mailop.org>
> Subject: Re: [mailop] btinternet.com blacklist
>  
> I hope nobody gets hurt in this massive and sudden effort to dog pile on top 
> of Dom for assuming that being a good sender was enough to avoid being 
> blocked.  It was naive given the realities of the internet, but let's not 
> pretend we're all above being trapped in our own perspectives.
>  
> On Tue, Jul 11, 2017 at 3:39 PM, Larry M. Smith <mailop@fahq2.com 
> <mailto:mailop@fahq2.com>> wrote:
> Dom Latter wrote:
> (snip)
> > But it shouldn't matter.  We are not spammers.  [...]
> 
> .. And btinternet.com 
> <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fbtinternet.com=02%7C01%7Cmichael.wise%40microsoft.com%7Cf6a2b27f79ca4854265108d4c8bd8cfd%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636354163821612355=h3hoNJQGDul5Mlv%2BK2qV2%2BSD9DPV%2FrZ0eS7PdHIzlDw%3D=0>
>  is supposed to automatically know this?  How?
> 
> --
> SgtChains
> 
> ___
> mailop mailing list
> mailop@mailop.org <mailto:mailop@mailop.org>
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop 
> <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailop=02%7C01%7Cmichael.wise%40microsoft.com%7Cf6a2b27f79ca4854265108d4c8bd8cfd%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636354163821612355=hT38BAfnQAlhwuJfCy7OvsjqMU6FQ9w%2BjH8MC6OX9UQ%3D=0>
>  
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

-- 
Having an Email Crisis?  800 823-9674 

Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741  

Email Delivery Blog: http://wordtothewise.com/blog  






___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Michael Wise via mailop]

You’d be surprised how many people think that their sincerity is flagged in the 
protocol somehow….

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Got the Junk Mail Reporting 
Tool<http://www.microsoft.com/en-us/download/details.aspx?id=18275> ?

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of John Stephenson
Sent: Tuesday, July 11, 2017 5:23 PM
To: Larry M. Smith <mailop@fahq2.com>
Cc: mailop <mailop@mailop.org>
Subject: Re: [mailop] btinternet.com blacklist

I hope nobody gets hurt in this massive and sudden effort to dog pile on top of 
Dom for assuming that being a good sender was enough to avoid being blocked.  
It was naive given the realities of the internet, but let's not pretend we're 
all above being trapped in our own perspectives.

On Tue, Jul 11, 2017 at 3:39 PM, Larry M. Smith 
<mailop@fahq2.com<mailto:mailop@fahq2.com>> wrote:
Dom Latter wrote:
(snip)
> But it shouldn't matter.  We are not spammers.  [...]

.. And 
btinternet.com<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fbtinternet.com=02%7C01%7Cmichael.wise%40microsoft.com%7Cf6a2b27f79ca4854265108d4c8bd8cfd%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636354163821612355=h3hoNJQGDul5Mlv%2BK2qV2%2BSD9DPV%2FrZ0eS7PdHIzlDw%3D=0>
 is supposed to automatically know this?  How?

--
SgtChains

___
mailop mailing list
mailop@mailop.org<mailto:mailop@mailop.org>
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailop=02%7C01%7Cmichael.wise%40microsoft.com%7Cf6a2b27f79ca4854265108d4c8bd8cfd%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636354163821612355=hT38BAfnQAlhwuJfCy7OvsjqMU6FQ9w%2BjH8MC6OX9UQ%3D=0>

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[John Stephenson]

I hope nobody gets hurt in this massive and sudden effort to dog pile on
top of Dom for assuming that being a good sender was enough to avoid being
blocked.  It was naive given the realities of the internet, but let's not
pretend we're all above being trapped in our own perspectives.

On Tue, Jul 11, 2017 at 3:39 PM, Larry M. Smith 
wrote:

> Dom Latter wrote:
> (snip)
> > But it shouldn't matter.  We are not spammers.  [...]
>
> .. And btinternet.com is supposed to automatically know this?  How?
>
> --
> SgtChains
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Larry M. Smith]

Dom Latter wrote:
(snip)
> But it shouldn't matter.  We are not spammers.  [...]

.. And btinternet.com is supposed to automatically know this?  How?

-- 
SgtChains

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Michael Peddemors]

On 17-07-11 09:09 AM, Seth Mattinen wrote:

On 7/11/17 02:19, Philip Paeps wrote:


Unfortunately, spammers have made the internet worse for everyone.  In 
the world of email today, "we are not spammers" is not a good enough 
argument to get your email accepted by anyone.



"We're not spammers" is up there with "double confirmed opt-in" or 
"can-spam compliant" as things a spammer would say to try and get 
unblocked so they can fire off a spam run.


~Seth


Some of my favourites...

Templated responses..

"Could you please send us some evidence.."
"We have taken necessary steps to prevent any kind of spam email being 
sent from the server"

"We have investigated this issue and has taken care of"
"pls remove me from blacklist" (that is the full request)
"not listed in any blacklist except yours"
"The mail server is clean"
"..signed.. delivery consultant" (Why do they need one?)
"The spam problem related to this issue was already solved"
"We use DKIM and SPF"




--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Jay Hennigan]

On 7/11/17 11:43 AM, Michael Wise via mailop wrote:


Let's not forget S.1618 


And, "We're not the sender, our spammy customer is the sender."

--
Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net
Impulse Internet Service  -  http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Michael Wise via mailop]

Let's not forget S.1618 

Aloha,
Michael.
-- 
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Got the Junk Mail Reporting Tool ?

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Seth Mattinen
Sent: Tuesday, July 11, 2017 9:10 AM
To: mailop@mailop.org
Subject: Re: [mailop] btinternet.com blacklist

On 7/11/17 02:19, Philip Paeps wrote:
> 
> Unfortunately, spammers have made the internet worse for everyone.  In 
> the world of email today, "we are not spammers" is not a good enough 
> argument to get your email accepted by anyone.


"We're not spammers" is up there with "double confirmed opt-in" or "can-spam 
compliant" as things a spammer would say to try and get unblocked so they can 
fire off a spam run.

~Seth

___
mailop mailing list
mailop@mailop.org
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailop=02%7C01%7Cmichael.wise%40microsoft.com%7Ca54675cb74d04aa25dd408d4c878fe3d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636353869367881078=noFy8kdhXOfRtw9sC%2F8tBpfWYl5kKoF%2B9DCypGaaqQ0%3D=0
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Seth Mattinen]

On 7/11/17 02:19, Philip Paeps wrote:


Unfortunately, spammers have made the internet worse for everyone.  In 
the world of email today, "we are not spammers" is not a good enough 
argument to get your email accepted by anyone.



"We're not spammers" is up there with "double confirmed opt-in" or 
"can-spam compliant" as things a spammer would say to try and get 
unblocked so they can fire off a spam run.


~Seth

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Philip Paeps]

On 2017-07-10 12:53:55 (+0100), Dom Latter  wrote:

On 10/07/17 11:22, Suresh Ramasubramanian wrote:
Back during the old nanae and spam-l days in the 90s and 2000s, 
whenever this came up, and it did a lot even with filters a lot less 
hair trigger than what we have today, the usual analogy wasn't people 
partying next door, it was usually compared to renting an apartment in 
a high crime area so cabbies and pizza delivery people wouldn't go 
there after dark, or most any time for that matter:


We have been in the Hetzner "neighbourhood" for years.  This is our 
fourth server (and hence IP address) there and the first time we have 
had this issue. [1]


You've merely been lucky.  Plenty of people block substantially all of 
Hetzner's address space.



But it shouldn't matter.  We are not spammers.


Unfortunately, spammers have made the internet worse for everyone.  In 
the world of email today, "we are not spammers" is not a good enough 
argument to get your email accepted by anyone.


It is stupid to block a range of IP addresses on the behaviour of one.  


I disagree.  First of all, it's not the behaviour of one.  It's the 
behaviour of many over a period of several years.  Hetzner's abuse 
handling has historically been abysmal.  Having most of their address 
space blacklisted by just about everyone who cares apparently forced 
them to start cleaning up their network[0].  It's a pity that that's 
what it took...


And there should be some sort of checker / delisting mechanism that is 
better than writing to postmaster@ and hoping for the best.


Spammers would love that.

[1] We have relatively unusual requirements - we need *lots* of disk 
space (we upload 2TB / year, and it's nice to have a few years worth) 
but other than that a fairly modest server will suffice.  It would be 
nice to find a UK provider with, say, 4 x 4TB disk, for < 100USD / yr.


I also host several servers at Hetzner.  While I am critical of their 
abuse handling, I am very happy with their services (and their prices).  
Like you, I particularly find their storage prices attractive.  To give 
my email a fighting chance of being delivered though, I also have a very 
cheap, very modest, VPS with another hoster with a more savoury 
reputation.  Maybe that would work for you too?


Philip

[0]: Hetzner abuse staff are reading this mailing list and can explain 
what they've been doing to oust existing spammers and prevent signing up 
new ones.  It's obviously not an easy task and few people will accept 
their promise that things are improving until they see if with their own   
eyes.  Meanwhile lots of networks still refuse all of their mail.


--
Philip Paeps
Senior Reality Engineer
Ministry of Information

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Felix Schwarz via mailop]

Am 10.07.2017 um 21:45 schrieb John Levine:
> Many other hosting companies manage to control their spam.  The usual
> approach is to filter the mail their customers send, either with
> "transparent" filters hijacking port 25 traffic

From your experience: Are spammers relying on unencrypted SMTP? I just checked
and most of our outbound SMTP deliveries are using TLS.

> or by blocking port 25 and providing a smarthost.

That might work - at least if server got hacked.

> I suppose they might claim that under German law they're not allowed to do
> that, but for one thing, that's not our problem, and for another, 
> Schlund/1&1 manages to deal with it.

Ok, maybe I'm just unlucky but I get quite a bit of spam via their relay 
servers.

If I'm not mistaken also Hetzner's mail admins are reading this list so maybe
they can convice their management to do something about the bad reputation.

regards,
Felix

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Noel Butler]

On 10/07/2017 21:53, Dom Latter wrote:

> We have been in the Hetzner "neighbourhood" for years.  This is our
> fourth server (and hence IP address) there and the first time we have
> had this issue. [1]

Consider yourself lucky, we have a large chunk of Hetzner blocked 

> But it shouldn't matter.  We are not spammers.  It is stupid to block
> a range of IP addresses on the behaviour of one.  And there should be

Uhg, your real name isnt Harry is it... had this argument out with him
many a time 

> some sort of checker / delisting mechanism that is better than writing
> to postmaster@ and hoping for the best.

Sammers would love that 

> 

-- 
Kind Regards, 

Noel Butler 

This Email, including any attachments, may contain legally 
privileged
information, therefore remains confidential and subject to copyright
protected under international law. You may not disseminate, discuss, or
reveal, any part, to anyone, without the authors express written
authority to do so. If you are not the intended recipient, please notify
the sender then delete all copies of this message including attachments,
immediately. Confidentiality, copyright, and legal privilege are not
waived or lost by reason of the mistaken delivery of this message. Only
PDF [1] and ODF [2] documents accepted, please do not send proprietary
formatted documents 

 

Links:
--
[1] http://www.adobe.com/
[2] http://en.wikipedia.org/wiki/OpenDocument

signature.asc
Description: OpenPGP digital signature
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Michael Peddemors]

Again, we are getting pretty off-topic.. but for the record..

inetnum:5.9.170.240 - 5.9.170.255
netname:HOS-201823
descr:  HOS-201823
country:DE
admin-c:HOAC1-RIPE
tech-c: HOAC1-RIPE
status: ASSIGNED PA
mnt-by: HOS-GUN
created:2017-06-23T01:18:48Z
last-modified:  2017-06-23T01:18:48Z
source: RIPE # Filtered

role:   Hetzner Online GmbH - Contact Role
address:Hetzner Online GmbH
address:Industriestrasse 25
address:D-91710 Gunzenhausen
address:Germany

[240-255]
5.9.170.244 (RS)  3 
static.244.170.9.5.clients.your-server.de
   5.9.170.245  (RS)  4 
static.245.170.9.5.clients.your-server.de
   5.9.170.246  (RS)  3 
static.246.170.9.5.clients.your-server.de
   5.9.170.247  (RS)  1 
static.247.170.9.5.clients.your-server.de


We have automated systems that detect outbreaks like these from many 
hosting providers, close to zero day, but yes.. it seems that they are 
giving 'new customers' IP Space that are just snowshoe spammers, or 
general spammers, and it is still happening on an almost daily basis, so 
their methods for 'signing up' new customers does seem to be having it's 
challenges, or they aren't concerned until AFTER the abuse reports roll in.


It would help if they advertised the operator of the delegated IP space 
properly in their 'rwhois/SWIP', but aside from that, it isn't hard for 
them to see sudden large increases in outbound SMTP from new operators 
if they want to. (HOS-201823 doesn't really help anyone)


And egress reporting is available in almost every router out there, eg 
creating alerts when a sudden large amount of traffic on egress to port 
25 is generated.


And of course, no outbound email should be allowed to port 25, from 
certain DNS naming conventions..


Any hosting company which waits for an 'abuse report' before acting, is 
bound to end up with reputation problems..



On 17-07-10 12:41 PM, John Levine wrote:

In article <34c9f2de-c6bf-69af-6570-f17b3f283...@latter.org> you write:

We have been in the Hetzner "neighbourhood" for years.  This is our
fourth server (and hence IP address) there and the first time we have
had this issue. [1]


Honestly, you're lucky.  Hetzner gushes spam, and I've had most of their
IP ranges totally blocked for years.  I report a lot of it (semi-automatic
tools) which has never made any difference I could see.


But it shouldn't matter.  We are not spammers.  It is stupid to block
a range of IP addresses on the behaviour of one.


But it makes a lot of sense to block a range of IP addresses when the
whole range gushes spam.  Whenever I've looked at the logs, the stuff
from Hetzner is like 99% spam.

R's,
John

PS: Unpersuasive argument: "This is inconvenient for me, therefore you should not do 
it."


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Seth Mattinen]

On 7/10/17 04:53, Dom Latter wrote:


[1] We have relatively unusual requirements - we need *lots* of disk
space (we upload 2TB / year, and it's nice to have a few years worth)
but other than that a fairly modest server will suffice.  It would be
nice to find a UK provider with, say, 4 x 4TB disk, for < 100USD / yr.



Spammers and abusers like low costs, too. One could even argue it 
attracts them, especially if the hoster doesn't really care. Even if 
they do get turned off they're not out that much money (if any) to fire 
and forget.


~Seth

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[John Levine]

In article <6dc1c120-5c8d-3d83-fdfc-c520f5c05...@schwarz.eu> you write:
>What puzzles me most is that I'm not sure how providers like Hetzner are
>supposed to reduce their spam rate significantly. 

Hetzner is an outlier, and not in a good way.  Many other hosting
companies manage to control their spam.  The usual approach is to
filter the mail their customers send, either with "transparent"
filters hijacking port 25 traffic or by blocking port 25 and providing
a smarthost.

I suppose they might claim that under German law they're not allowed to
do that, but for one thing, that's not our problem, and for another, 
Schlund/1&1 manages to deal with it.

R's,
John

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Brandon Long via mailop]

They may not even be renting directly to spammers, but their users are
getting compromised and sending spam and other crap from their servers.  We
see clickbot and other fraud farming from those IP ranges as well.

It is an unfortunate situation, and challenging, no doubt.

Brandon

On Mon, Jul 10, 2017 at 5:52 AM, Felix Schwarz via mailop  wrote:

>
> Am 10.07.2017 um 13:53 schrieb Dom Latter:
> > But it shouldn't matter.  We are not spammers.  It is stupid to block
> > a range of IP addresses on the behaviour of one.  And there should be
> > some sort of checker / delisting mechanism that is better than writing
> > to postmaster@ and hoping for the best.
>
> Well, this situation comes up quite regularly here and surprisingly the
> problem is often with servers hosted in Hetzner's dc.
>
> It seems like the consensus of major inbox providers is that blocking
> networks
> is acceptable and the collateral damage weighs less than their improved(?)
> ability to block more spam.
>
> What puzzles me most is that I'm not sure how providers like Hetzner are
> supposed to reduce their spam rate significantly. Seemingly many inbox
> providers get a lot of spam from the Hetzner network and sometimes they
> block
> some ip ranges based on the spam/ham ratio. The message I'm getting from
> these
> providers is "the spam rate must go down".
>
> However I don't see any specific recommendations throughout the industry
> how
> to manage spam rate as a IAAS provider. Maybe that's just me and probably
> others know better but it is certainly not easy to find.
>
> As far as I can tell Hetzner employs a "traditional" approach to managing
> spam: Running a responsive abuse department where you can reach actual
> humans.
> I think they also monitor some blacklists for their IP ranges (also I can
> see
> them being subscribed in Microsoft's SNDS).
>
> One problem I'm seeing in their approach is that they might wait too long
> before shutting down a spammer. In edge cases they tend to give the
> customer/spammer some time to response to complaints before cutting
> connectivity for that machine.
>
>
> I'd like to hear what other big IAAS providers are doing to get "ok-ish"
> deliverability from their IP networks?
> At least for our customers I can say that Hetzner's ham/spam ratio is much
> better than OVH and (even worse) DigitalOcean but maybe that's just a bad
> sample.
>
> Felix
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Paul Smith]

On 10/07/2017 12:53, Dom Latter wrote:


[1] We have relatively unusual requirements - we need *lots* of disk
space (we upload 2TB / year, and it's nice to have a few years worth)
but other than that a fairly modest server will suffice.  It would be
nice to find a UK provider with, say, 4 x 4TB disk, for < 100USD / yr. 



Another thought - you could always have your web hosting with Hetzner 
and have a cheap server with much less storage somewhere else which you 
use for sending mail (so the web server on the untrustable IP address 
sends mail via a relay with an IP address in a nicer neighbourhood).





___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Paul Smith]

On 10/07/2017 12:53, Dom Latter wrote:

but other than that a fairly modest server will suffice.  It would be
nice to find a UK provider with, say, 4 x 4TB disk, for < 100USD / yr. 


Do you really mean $100/yr?

That doesn't even cover the cost of 4 x 4TB disks, never mind the rest 
of the server, electricity, bandwidth, redundancy, backups etc


If you mean $100/mth, then I'd look at getting your own server and pay 
to store it in a data centre somewhere. You should be able to get 1U 
colocation in the UK for about that price.



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Rob Kendrick]

On Mon, Jul 10, 2017 at 12:53:55PM +0100, Dom Latter wrote:
> On 10/07/17 11:22, Suresh Ramasubramanian wrote:
> > Back during the old nanae and spam-l days in the 90s and 2000s,
> > whenever this came up, and it did a lot even with filters a lot less
> > hair trigger than what we have today, the usual analogy wasn't people
> > partying next door, it was usually compared to renting an apartment
> > in a high crime area so cabbies and pizza delivery people wouldn't go
> > there after dark, or most any time for that matter:
> 
> We have been in the Hetzner "neighbourhood" for years.  This is our
> fourth server (and hence IP address) there and the first time we have
> had this issue. [1]

I've had several in Hetzner too, without issue.  They require a
government ID to sign up with so they can ban individuals from using
their service just because of the spam issue.  They are very quick to
act to messages they've received at their abuse@ account.  In other
words, they are not OVH.

B.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Paul Smith]

On 10/07/2017 11:11, Dom Latter wrote:


And they are not saying they will blacklist it again if they get
spam from it.  They are saying they might blacklist it again if
they get spam from a *different* IP address - which happens to be
in a similar range.

It's like I move into a house and find that I am banned from having
visitors because somebody once held a noisy party in the house next
door.


To be honest, they're saying "You've chosen to use a badly behaved 
hosting company which helps spammers, so we can't guarantee your address 
won't get blocked again"


You can always change to a hosting company with a better reputation 
which deals properly with spammers. That'll solve your problem.


The only way bad hosting companies will change their ways is if 
legitimate customers go elsewhere. BT are just trying to encourage that. 
I don't generally agree with BT, but this seems reasonable to me. I wish 
Google, Microsoft etc would do the same...





___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Andrew C Aitchison]

It's like I move into a house and find that I am banned from having
visitors because somebody once held a noisy party in the house next
door.


At least in England, before you buy a house, you get a solicitor (lawyer, 
not street-walker) to do "searches". If they missed that ban you would

claim from your expert.

--
Andrew C Aitchison  Cambridge, UK

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Suresh Ramasubramanian]

Back during the old nanae and spam-l days in the 90s and 2000s, whenever this 
came up, and it did a lot even with filters a lot less hair trigger than what 
we have today, the usual analogy wasn't people partying next door, it was 
usually compared to renting an apartment in a high crime area so cabbies and 
pizza delivery people wouldn't go there after dark, or most any time for that 
matter:

Yes all analogies suck in one way or the other

--srs

> On 10-Jul-2017, at 3:41 PM, Dom Latter  wrote:
> 
> It's like I move into a house and find that I am banned from having
> visitors because somebody once held a noisy party in the house next
> door.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Dom Latter]

On 10/07/17 10:51, Noel Butler wrote:

On 10/07/2017 19:02, Dom Latter wrote:


"The IP address is owned by the hosting company Hetzner Online GmbH.
 Unfortunately we have seen many spam attacks from servers/IP addresses
 hosted by this company and at times various groups of IP addresses have
 been blocked as a result of this.

 I will clear the restrictions on this IP address now, but as the
 address is on amongst several used for sending mail it is possible that
 the restrictions will return." [1]

Which is bizarre.

Nothing bizarre about it at all, they've essentially just warned you 
that if your server relays for others, it is likely they will remove 
your exclusion if they get spam from it, consider what they are doing is 
offering you a life-line, if it gets abused, they'll cut it and let you 
sink.


My server does not relay for others.  [1].

And they are not saying they will blacklist it again if they get
spam from it.  They are saying they might blacklist it again if
they get spam from a *different* IP address - which happens to be
in a similar range.

It's like I move into a house and find that I am banned from having
visitors because somebody once held a noisy party in the house next
door.

[1] FTAOD: my customer sells photographs from motorcycle trackdays.
The email we send out is not just requested, it's often paid for.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop