Did Mail Ever Get Unblacklisted?

[Anomie]

Man, practically no major will accept mail sent from a website mail account here, still.

I seem to remember this was going to be fixed with some new IPs last January, but I just checked and test messages typically bounce as spam or, worse, are simply vaporized without a trace (ATT.net, for one).

Thoughts?

 

[Genesis]

Looks that way Anomie. We're checking it out. Could be what we've experienced before which are backdoor scripts that get loaded through WordPress, Joomla or Drupal. Members who either don't have up to date WordPress scripts or plugins or pirated plugins get the script loaded through contact forms. Your hacker then gets access to the system e-mail account and sends hundreds of spam mails from the account via the relay system without the knowledge of the owner of the account. Only way the owner gets to learn if he is watching, is his disk space starts to go through the roof and he has no control over his system e-mail account any longer. Little later he may get suspended for an account that is over quota.

So when I was cleaning up accounts and suspending inactive accounts, that is why we have been doing it.

 

[lloydadams]

So, If I get hosting here. I won't be able to send email from any email account made under my domains here. All the major's have banned the ip range here?

 

[Genesis]

Only for now. This is a recent thing. Anomie is wrong - LOGICALLY we wouldn't be able to survive if we had been blacklisted for as long as he hinted we had been. It doesn't only effect our e-mails but everything else and particularly our premium accounts that are managed through our e-mail system.

The last blacklisting happened last night only. It will be solved in the next two to three days and then it should be OK.

 

[Anomie]

Only for now. This is a recent thing. Anomie is wrong - LOGICALLY we wouldn't be able to survive if we had been blacklisted for as long as he hinted we had been.

Actually, this problem goes back to at least last year. I have never been able to get a test message through to an att.net address or several others. Gmail and Yahoo used to bounce mail from here, but now seem to get through.

I just checked. As of five minutes ago:

521-37.187.74.24 blocked by sbc:blacklist.mailrelay.att.net.
521 DNSRBL: Blocked for abuse. See http://att.net/blocks

[later:] Actually, I got the reactions of two ISPs backwards. It's AOL.com that vaporizes messages from here (as of a couple of minutes ago), not ATT.net, which bounces them. The ATT.net bounce message above is the same one I've consistently gotten since sometime in 2014.

Do your own tests and check results.

 

[Anomie]

I did a bunch of digging and experimenting on AOL and the problem there is apparently (?) a lack of an SPF record for either gi9.co or its subdomains or perhaps both. Messages just go into the spamgrinder. I'm not sure if anything can be done about that -- but it's not due to a blacklisted IP.

Subject: Test
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - hero.gigadnsserver.com
X-AntiAbuse: Original Domain - aol.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - anomie.gi9.co
X-Get-Message-Sender-Via: hero.gigadnsserver.com: authenticated_id: [...]@anomie.gi9.co
x-aol-global-disposition: S
X-AOL-SCOLL-AUTHENTICATION: mtaig-aan02.mx.aol.com ; domain : anomie.gi9.co DKIM : pass
Authentication-Results: mx.aol.com;
spf=none (aol.com: the domain anomie.gi9.co appears to have no SPF Record.) smtp.mailfrom=anomie.gi9.co;
dkim=pass (aol.com: email passed verification from the domain anomie.gi9.co.) header.i=@anomie.gi9.co;
X-AOL-OVERRIDE-PIK-REASON: Y
X-AOL-REROUTE: YES
x-aol-sid: 3039ac1b134255a6cd78001a
X-AOL-IP: 37.187.74.24
X-AOL-SPF: domain : anomie.gi9.co SPF : none

It appears to me that lots of systems simply regard any mail coming from a subdomain as presumptive spam, but numerous addresses I have experimented with go neither to the recipient inboxes nor the spamboxes nor bounce, but simply vanish. Occasionally, they show up after very long delays. My service bills from ATT evaporated on their way to my safe-mail.net address for over a year.

Many of my correspondents from major ISPs have their mail routed as spam to some of my accounts for no reason we can discern.

The war on spam is a vicious one with lots of collateral casualties!

 

[Genesis]

Do your own tests and check results.

So what makes you think we're not doing these tests? Have you bothered to read my first post to you in this thread? .

Looks that way Anomie. We're checking it out. Could be what we've experienced before which are backdoor scripts that get loaded through WordPress, Joomla or Drupal. Members who either don't have up to date WordPress scripts or plugins or pirated plugins get the script loaded through contact forms. Your hacker then gets access to the system e-mail account and sends hundreds of spam mails from the account via the relay system without the knowledge of the owner of the account. Only way the owner gets to learn if he is watching, is his disk space starts to go through the roof and he has no control over his system e-mail account any longer. Little later he may get suspended for an account that is over quota.

So when I was cleaning up accounts and suspending inactive accounts, that is why we have been doing it.

We know we have a problem. This problem was detected on 14 July and we're working on solving it. Before 14 July our e-mail system was OK. Yes, we've been blacklisted before. But definitely not continuously. If it had been continuously, it is logical we wouldn't have been around any longer - sort of makes sense doesn't it?

Ours is a shared server with an overall majority of WordPress and Joomla Websites, scripts that are vulnerable by design for being hacked and infected. A large percentage of our customers are here to try out new things and some do make mistakes as they go along. We work flat-out to fight spam at Gigarank but there is no guarantee we won't be blacklisted again. As such recommend if you are looking for a spam-free e-mail service that you look for hosting elsewhere.

 

[admin]

We are working on this.

Sent from my GT-N7000 using Tapatalk

 

[Anomie]

We know we have a problem. This problem was detected on 14 July and we're working on solving it. Before 14 July our e-mail system was OK. Yes, we've been blacklisted before. But definitely not continuously. If it had been continuously, it is logical we wouldn't have been around any longer - sort of makes sense doesn't it?

The bulk of my correspondents are on ATT systems and the periodic tests I've made to them since 2014 have always bounced with the same blacklisted-IP error message, so I reasonably assumed the problem there was continuous. When I mentioned it last year, you said it wouldn't be corrected until you got some different IPs this year, in January, IIRC. I tested again at that time and the mail still bounced and it does as of today.

Other majors handle what they misperceive as spam in proprietary ways that remain mysterious to me. Gmail vaporizes some putative spam and passes others to the spam box. Why? I dunno. Etc., etc., etc. To some extent this stuff remains an unavoidable pain for most email users.

Ours is a shared server with an overall majority of WordPress and Joomla Websites, notorious for being hacked and infected. A large percentage of our customers are here to try out new things and do make mistakes as they go along. So there is no guarantee we won't be blacklisted again. As such recommend if you are looking for a spam-free e-mail service that you look for e-mail hosting elsewhere.

I understand this, which is why I have kept my parked site monitored, comment-blocked and religiously security-updated so I wouldn't be part of that problem, as I know from my logs that these sites are maliciously probed pretty much nonstop. So far, mine's stayed clean as far as I can tell.

I wanted to use my own Gigarank site's mail system purely for the control it would afford me over that of my ISP and other mail hosts which are becoming more and more intrusive, inconvenient and obstructive. Doing mail here is fast and trouble-free from my mail client, but delivery to my correspondents is weirdly unpredictable, except that it's predictably never reached those on ATT's mail systems.

This is why I asked about this. I had assumed that these were low-priority issues you had forgotten about.

 

[Genesis]

@"Anomie"

Right now we're no longer blacklisted. In my experience it may take some time for the "unblacklisting" to filter through to att.net though. If you do your research with att.net you'll notice they use Spamhaus as a reference point for spam. They're usually at least a few days behind the time.

Our technical admin had to spend hours to root the infection out. Totally commend him for fixing the problem during his week's vacation.

We have two issues that are making this more challenging than usual. People who still don't realize how essential security precautions with WordPress/Joomla/Drupal are like keeping scripts up to date, making sure they're using clean plugins. The other problem is that places like Spamhaus is becoming over specialized with their blacklisting triggers resulting in many false positives. Same thing is happening at Yahoo and Hotmail. As a user of Yahoo and Hotmail I have been blocked so many times because of overzealous rules. For example, I find it is almost impossible to access my Yahoo and Hotmail accounts when I travel and have to make sure their verification e-mails are always non Yahoo and Hotmail ones - otherwise I'd be blocked. So much easier to get blocked and blacklisted for the smallest of issues than before.

As previously mentioned we are fighting spam around the clock at Gigarank. We're also using stopforumspam.com. We however can't guarantee 100% spamfree and there is a good chance we'll get blacklisted again even though we are fighting for that not to happen. My suggestion, if you really want a very secure e-mail service is to subscribe to a paid e-mail service instead of using webmail through the Website host. Quite a large number of Website owners do it, i.e. have two different hosts for their Website and e-mail service. It takes some extra effort to connect it up but makes it worth it in the end, especially when the e-mails are important for doing business.