How to know if I'm blacklisted

Glenn Steen glenn.steen at gmail.com
Tue Jan 22 09:27:52 GMT 2008


On 21/01/2008, Matt Kettler <mkettler at evi-inc.com> wrote:
> Glenn Steen wrote:
> > Yes. Exactly. One such invalidity is to use an email address syntax
> > (... at ....), which an amazing amount of spam senders use that.
> > One can argue about what is deemed a valid domain name, from a
> > syntactical viewpoint.... For instance, a bare word (xxxxx) isn't
> > syntactically correct either. Fortunate that the RFCs are pretty clear
> > on that too:-)
>
> I see a lot of spam and viruses with the bare hostname, but haven't seen any
> with the @ sign.. maybe I'll have to look harder..
>
I promised some figures, so here they are:
Yesterday I rejected 109 HELO/EHLO strings that contained an @.
Compare this to the 2687 rejects on a bare word HELO/EHLO, and it
doesn't seem much, agreed. But all simple things count;-). I also
reject access to 77 attempts to HELO/EHLO with my servers domain name
or IP address (NOT a domain literal, but the actual address), from
"unknown" hosts on the Internet... This all on a total influx of
approximately 7700 messages (of the ~4500 that get to MailScanner, 52%
are deemed SPAM, ~98% of which are high scoring.
There has been a shift... from rejections due to unknown recipient, to
rejections due to malformed/invalid HELO/EHLO strings fro me... I've
had this running for a few years now:-)

I know, not that huge a volume, but think what this would mean for an SP...:-)

> > Hm. Perhaps one shouldn't be talking about this in a public forum....
> > the B*stards might get a clue:-).
>
>
> Well, first we need the legitimate server operators to get a clue.

True.

> Unfortunately, a quick glance at my own email finds several legitimate senders
> that are using bare hostnames.
>
> Many I don't really care about normally, but I sometimes need email from them
> when using their tech support. (ie: APC)
Seems that all the remaining cases I do have where they simply get
this wrong is from some kind of newsletter sender program, or badly
botched mailing list software. Yesterday, WatchGuard (the FW company)
got rejected for a bare word HELO/EHLO. Turns out one of their senders
use the bare word MX4 while the rest use MX5.WATCHGUARD.COM etc.
But the good thing is that with a rejection like this, the real MTAs
and the real admins will get a notice, and will be able to do
something about it. And if they persist, a friendly nudge (through a
business channel, perhaps) usually take care of things:-).

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se


More information about the MailScanner mailing list