Our IP address recently got listed on UCEPROTECT-1 as a potential spam address, and we aren't able to figure out how to stop this. According to their website, UCEPROTECT-1 listing happens when: IP's get listed in Level 1 automatically if they either try to deliver e-mails to spamtraps or if they are involved in port scans or probes or any kind of attacks against our servers
Some research online suggests that the only way to ensure it doesn't happen again is to find out what is triggering these spam traps and plug them.
Any idea how we can go about looking for what is triggering these automatic listings? Any help would be appreciated!
Some background:
We use GSuite for our email servers, wix.com for our website, and namecheap.com for our DNS.
We'd originally paid to not be listed in the UCEPROTECT-2 and 3 listings but were automatically removed as soon as we got listed under UCEPROTECT-1.
I don't know how G-Suite works but in general check
logfiles of the outgoing e-mail servers for days with "strange" recipients patterns or for more e-mails than on other days
if your domain is listed on other blacklists, maybe that is giving you other hints
The problem is: if you are using the outgoing e-mail servers from Google and some of them are listed on UCEProtect (because other G-Suite customers are sending spam, mostly without knowing it cause they are hacked), you have little chance of fixing this yourselve. This is not really uncommon, me.com/icloud.com (17.58.63.0/24) is listed at UCEProtect right now too.
Related
The project I'm working on is a newsletter builder, and I'm on its final steps. Now I need to verify spf dkim and dmark (which I don't know what they mean or how they work). Then I also need to check if my email is considered as spam or if any of the news contains spam (separately). I tried to read the documentation of 2 great spamcheckers (spamassassin and rspamd) and I couldn't understand anything about how they are supposed to be integrated on my project. I think all my problems are due to my lack of knowledge related to emails/email servers and stuff related. I'd really appreciate if someone could enlight me about what are the steps that I need to do, if I really need to setup an email server to test this out and how to do it etc. etc. I'm really in the dark here. I know the enterprise I'm doing this work for already was sending emails from their domain but I don't think they gave me access to that.
The following link may be useful to you, it's a document of iRedMail (an open source mail server solution):
https://docs.iredmail.org/setup.dns.html
You don't need to know what iRedMail is, just check the introduction of each dns record.
For me, these introductions are enough, if you want a more detailed introduction, wikipedia and official website may be more useful
For checking spam status and dns records such as spf, dkim, etc., setting spamassassin or rspamd by yourself may be complicated, but there are many free services available.
I often use the following (I have my own mail server, so I sometimes use these services for testing):
https://www.mail-tester.com/
https://mxtoolbox.com/
I'm aware this may not be the right place to ask this, but I don't know where else and others may encounter the same issue.
I'd like to have an aggregated view (or an alert) when some recipients in my contact list don't receive any of the emails my app sents. Is this possible?
I checked on the alert thing in the docs but it doesn't seem to do what I need. Although this seems like a pretty common need and there may not be necessary to setup webhooks and own app logic to handle this, wouldn't it?
Thanks
I have also faced same issue with cPanel and many other providers like Mailchimp. This usually happens due to Empty Subject due to which Cross-Server Contacts may not happen. Also, if you are using PHPmail() or sendmail function instead of SMTP, You need to be using TLS1.2 or TLS1.3 though 1.0 is also supported but many of my E-mails were not delivered so I upgraded to TLS 1.3 . Also, Check if your mail goes to Spam Folder. In that case, increase your Website and Domain Score and Try to rank in Google Safe Browsing. Also, this also happens due to misleading Hosting Provider whose SMTP servers are not setup correctly or Provider send many spam messages due to which, you domain score may got low. I currently use interserver_smtp and cloudmate_smtp collectively for all my clients as interserver deliverablility in India is low and cloudmate works in both texas and india correctly. Try cPanel or Plesk as it has the best deliverability. One More thing, This could also be an issue of DNS. Check your DNS settings if MX records are pointed to MailJet Servers.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
The mail server I manage is clean according to 92 blacklists checked by MXToolbox.
But ...
host mx.ecentral.com.cust.b.hostedemail.com[64.98.36.4]
refused to talk to me: 421 4.7.1 Service unavailable; Client host
[My Server IP] blocked using tms.urbl.hostedemail.com; Your IP has been
sending too much spam
How does one get off of this list? What puts one on their list but not on any of the ones with more obvious rules? Is hostedemail.com some kind of rogue provider?
Thanks!
What's crazy about this (to me, anyway) is that both hostedemail.com and urbl.hostedemail.com have no A records and no website, not even a redirect or a single page that would give people the bare minimum information about their blacklist or service. That's not how professionally run blacklists are managed these days.
My users are getting this:
host mx.DOMAIN.org.cust.a.hostedemail.com[216.40.42.4] refused to talk to me: 554 5.7.1 Service unavailable; Client host [1.2.3.4] blocked using urbl.hostedemail.com; Your IP has been manually blacklisted
It's the reference to manual blacklisting that flummoxes me. None of my servers are in any of the blacklists checked by MxToolbox (and like most mail admins, I work hard to keep it that way), so if someone has taken the time to manually add the IP address of one of my servers to the list then this sounds as amateur as my own manual blacklist I use on my servers when I have no patience waiting for a spammer to be shut down or blacklisted. And it has been there for at least a week; I haven't bothered checking last week's logs, as a week is long enough to determine whether or not a server is (still) sending spam.
After some research I found this post:
What does this error mean when emails are bouncing back to sender?
That led me to:
https://fbl.hostedemail.com/
... which is actually a branded CNAME for fbl-opensrs.app.returnpath.net that leads to:
https://fbl.returnpath.net/
So at the end of that long trail I ended up signing up for Return Path's FBL for their short list of 22 ISPs (including, as far as I can tell, a couple of individual companies' email systems). In doing so I have now agreed to them sharing my "Personal Information with business partners or other third party sponsors of sweepstakes, contests and similar promotions from time to time" (seems like a bizarre provision for the terms of service for a B2B company, especially one whose raison d'ĂȘtre is about reducing spam, but what choice do I have?), but I am none the wiser yet on why my one server's IP address has been blacklisted.
However, like #StephenB, I am going to abuse my standing as an OpenSRS reseller (an account I have all but abandoned because of their crappy service) and send their support department an email. I expect I'll get the usual "not my department" reply, as happened sometime last year when someone was registering phishing domains spoofing one of my user's domains. I'll post the results of that in a comment when/if I hear back.
UPDATE: I did email OpenSRS reseller support and (to my surprise) they responded within the hour to (belatedly) inform me of the FBL. Another seven hours later they de-listed my IP and the delayed mails in the queue went through.
I brought up some of my points above and this was their reply:
Thank you so much for your feedback, certainly your concerns are understandable. At OpenSRS/Tucows we're always looking to provide a better service, and definitely we can see your point as far as blacklist/delisting goes, for the time being I believe the reason for this is due to a lack of resources to put something like this together, but certainly I can assure you it is on our radar. I will pass this information along to our managers so that we can ensure your voice is heard.
Platitudes, but nevertheless positive platitudes.
UPDATE 2: Well, the platitudes didn't last long. They blacklisted my IP again, and this time I was just patronised instead:
I am just replying back on the RBL listing you inquired about and I can confirm the IP was once again de-listed but I did get some additional information for you as requested. I needed to do a bit of checking but the IP x.x.x.x is provided by RIPE Network Coordination Centre, the IP assigned to the user by the hosting provider carries the reputation of the rest of the CIDR. The nature of VPS/Shared IPs is to be disposable, and it is not suitable for sustainable mail services. I would suggest that you should be renting a dedicated IP/CIDR directly from ARIN or any other static IP provider to avoid further listings from happening in the future since its [sic] not necessarily your customers being listed but the IP being listed. But of course for the time being we have de-listed the IP but assuming nothing changes its [sic] likely it will be listed again in the future. Let me know if you have any questions from here.
We've been using VPSes for mail since 2008 (after a lot of thought and research), and have never in that time had an issue. I understand the sentiment that VPS IPs have a lower reputation in the minds of sysadmins with long memories, including myself, but in this day and age this is like saying that "I don't like x nationality because of what they did to my great-grandfather during the war." Properly maintained blacklists are supposed to have a memory hours long (in most cases; not all, of course), not generations long, and OpenSRS/Tucows/Hostedemail are blocking data centres worldwide full of legitimate mail servers, that nobody else are blocking. I diplomatically told them they're using thinking that became obsolete around the end of the last century.
I already have one of their customers (that our users were having trouble emailing) talking to us about moving.
If WiTon Nope's answer was correct at one point, it doesn't appear to be accurate anymore. They blacklisted my server as well, for no apparent reason, and it took a week of chasing them to get that resolved - and it appears that the only reason it didn't take longer (or got resolved at all) is because I'm already an OpenSRS reseller for domain registration (I don't use their EMail service, and I certainly won't be after this experience). Even then, I had to resort to calling them, because the attempts I made to contact them via their reseller support EMail & Twitter were all ignored. Oh, and unlike nearly every other RBL I've dealt with, they fail to provide any method for requesting delisting.
Also, the suggestion to check MX Toolbox doesn't seem to be relevant, since they don't actually monitor urbl.hostedemail.com - and same as with Daniel Wilson, my server wasn't on any of the (more than 40) RBLs that MX Toolbox does monitor.
To top it all off, once they finally DID resolve the problem, they refused to provide any useful details, like ANY reason for having listed my server, or even so much as confirming that there WAS a reason in the first place. I try not assume that people are acting in bad-faith, but I can't think of any reason not to provide the justification for the listing - unless they discovered that was no valid reason for blacklisting the server, and are just trying to weasel out of admitting that they screwed up.
hostedemail.com is used by OpenSRS providing email hosting service and it's not a blacklist directory. You don't have to worry you have to wait for couple of days while your IP will be refreshed accross all mailservers and dns globally.
What are the risks, if any, of sending out massive amounts of emails over SMTP? Specifically, this question is regarding the risks of being labelled/blacklisted as spammers of spoofers.
Our mails are legitimate, however. Our system needs to send out reminders to our corporate users on a daily basis, which may number into the thousands, say. Our worry is that with such a setup, our domain might end up being blacklisted by the receiving organisation, thus rendering our reminder service useless.
Does anyone have any information on what might be a "safe" volume of emails to send out to avoid being blacklisted? Or can we just churn out emails with abandon?
You may be able to contract a third-party organization to take care of this for you. I know there's a lot of "direct marketing" companies that will let you use their API to send mass email (newsletters, etc). They can do the work of negotiating to get off blacklists - that's what you pay them for.
I haven't used Sendloop and don't know if it has the functionality you want, but it's probably a good example.
See: How to conduct legitimate email campaigns
In your reminder service, just follow some basic spam guidelines. Identify where the message came from, why the user got it, the link to "opt-out" or discontinue the reminders, and you'll be fine. Any blacklists you do get on will certainly remove you if you have this information in your messages.
Additionally, should you get blacklisted for some reason, have another server on a different network that you can use as a backup should your primary server get blacklisted temporarily for any reason.
Oh, and one final note - usually your entire "domain" (i.e. whatever.com) doesn't get blacklisted. Specific IP addresses or specific servers are usually what get blacklisted.
As long as you're mailing over clean IPs and domains you should be fine. You say your mailings are "legitimate" so there's no reason to worry about ISPs blocking you.
However, as you also mentioned, the volume can become a challenge. Broadly speaking, sending "thousands" of messages should be a non-issue. But... hundreds of thousands, say 250K messages a day on up, is when you start to qualify as a "high-volume" sender.
Once you start sending at this bulk level, you must run a tight ship. ISP filters will look for any clue that you're a black-hat mailer/spammer and will promptly block your deployment if anything looks off.
Make sure your list(s) are spic-and-span; all bounces, duplicates, typos and honey-pots have been scrubbed-out. Your IPs have been properly warmed-up, your DNS and domains are clean and properly registered and you remain responsive to your list recipients.
Basic common sense and following through on all the tiny, simple but crucial details goes a long way.
We run a large online community in the Netherlands. Because of that we send a lot of mail to the hotmail email addresses of our members.
Recently we have noticed that not all mail is reaching our members, because we have hit a certain limit or so it seems.
Google doesn't give a solution (yet) but we see a lot of others having the same problem.
Note, We have added (since long) SPF records for our domain, in TXT and SPF types.
What else can we do to tackle this problem?
// Ryan
To add to what bzlm said, hotmail probably isn't rejecting your mails, so much as trying to use rate-limiting to prevent spam. That said, there are a few potential solutions you could use here. You could contact hotmail and see about getting your mailserver exemption status from their rate-limiting. Depending on the size of your community, they may or may not respond to you or be willing to work with you. I suggest this only as the "diplomatic" solution.
Or, you could set up two mail servers; one for hotmail users, and one for everybody else. I know from some of the sites that I run that a lot of people register with hotmail accounts, mostly because everybody has one which they use as a "spam dump" for online services where they don't want to use their real email address. So, as you no doubt realize, the number of hotmail users in your database represents a fairly substantial percentage. Therefore, when you need to send an email, you could determine whether to send it to your normal SMTP server, or your hotmail-designated one. On the hotmail SMTP service, you'd need to add some type of waiting mechanism to sleep a certain amount of time after receiving a 421 response.
The problem with this idea is that the number of hotmail users you have, plus the delay you'll encounter in sending, means that the queue length might very well exceed the number of mails you must send. You could alleviate this problem by setting up secondary/tertiary servers, preferably on other networks... but I'm getting ahead of myself here. At any rate, I did a bit of googling around (as you probably have, too), and this isn't such an uncommon problem, but there is no obvious solution to it.
So likely, you'll either have to create some type of slightly-unorthodox network workaround, or try the "diplomatic" route and contact an organization unlikely to care about your problem. I'd suggest doing both in parallel. :)
421 means that the service is not currently available, and that the client should try again. This could be for any number of reasons, including trying to discourage you from too frequent mailing if Hotmail thinks you might be a spambot.
Why not simply let your outbound smtpd queue the mails and try again?
Why is "not all mail reaching your members"? Don't you try again if you get a 421 response?
EDIT: Do what sqook says.
The only real way to "get around" this is to become a good e-mail citizen. Make it easy for people to unsubscribe from your notifications, establish complaint feedback loops with the major mail providers, remove bouncing e-mails from your list automatically, don't send people e-mails they don't want to receive. Failing to adhere to these simple requirements makes you look like a spammer, and providers like Hotmail will treat you like one.
The mail server IP connecting to Outlook.com server has exceeded the rate limit allowed. Reason for rate limitation is related to IP/domain reputation. If you are not an email/network admin please contact your Email/Internet Service Provider for help.
https://mail.live.com/mail/troubleshooting.aspx
I advise you too wait some times