So this happened....

Jason

Our Cloud spam filtering software got listed in some blakclists.. fun.

Dashrender

did you use them for outbound email as well as inbound?

Jason

@Dashrender said in So this happened....:

did you use them for outbound email as well as inbound?

Yes. Spam can be outbound as well as inbound..

Dashrender

@Jason said in So this happened....:

@Dashrender said in So this happened....:

did you use them for outbound email as well as inbound?

Yes. Spam can be outbound as well as inbound..

Sure, but if your firewall prevents outbound 25 from all but your server, and you're server's locked down pretty good, outbound shouldn't be that big of deal.

Adding outbound filtering would double the cost of my spam filtering, currently don't consider it worthwhile.

Jason

@Dashrender said in So this happened....:

@Jason said in So this happened....:

@Dashrender said in So this happened....:

did you use them for outbound email as well as inbound?

Yes. Spam can be outbound as well as inbound..

Sure, but if your firewall prevents outbound 25 from all but your server, and you're server's locked down pretty good, outbound shouldn't be that big of deal.

Adding outbound filtering would double the cost of my spam filtering, currently don't consider it worthwhile.

This isn't even covering port 25 like that.. that is the firewall. This is to prevent people from accidentally forwarding spam or a malware using the email client to send spam which will get you on blacklists, as well as scanning of attachments and urls in emails going out.

This was only one of their IPs that ended up on a blacklist temporarily. for all of 3 spam emails. 1 on Sept 2 One Oct 5, and one Today got it blacklisted.

DustinB3403

A total of 3 emails caused you to be blacklisted.. that seems harsh.

I've had systems get infected with spamware, been blacklisted, nuked the system in question, and emailed the Blacklist asking them to remove the registration, problem resolved in half a day.

And his system was sending way more than 3 emails...

I'm surprised, honestly.

Dashrender

I'm with Dustin - who blacklists someone after 3 emails, one of which was over 30 days ago. harsh doesn't even come close to explaining how totalitarian that is.

I haven't filtered outbound email ever, and I haven't been on a blacklist in years, probably more than a decade.

Since you're using a filtering outbound service, I wonder if it wasn't you that was blacklisted, but the filter company and other services they all run through that same outgoing IP.

Jason

@DustinB3403 said in So this happened....:

A total of 3 emails caused you to be blacklisted.. that seems harsh.

I've had systems get infected with spamware, been blacklisted, nuked the system in question, and emailed the Blacklist asking them to remove the registration, problem resolved in half a day.

And his system was sending way more than 3 emails...

I'm surprised, honestly.

It wasn't us. it was a vendor. but it was the SORBS blacklist www.sorbs.net

Jason

@Dashrender said in So this happened....:

Since you're using a filtering outbound service, I wonder if it wasn't you that was blacklisted, but the filter company and other services they all run through that same outgoing IP.

It wasn't us I said in the OP it was the cloud service. and they have a lot of IPs just a single one was blocked. we only saw two emails rejected from it.

DustinB3403

@Jason Ah I must've misunderstood.

I thought one of your IP's were blacklisted.

Dashrender

Exactly - so by using an external filter caused your outage.

Do you use that filter to also keep a copy of all incoming and outgoing email?

Jason

@Dashrender said in So this happened....:

Exactly - so by using an external filter caused your outage.

Do you use that filter to also keep a copy of all incoming and outgoing email?

Yes, it's an archiver too.

Jason

@Dashrender said in So this happened....:

Exactly - so by using an external filter caused your outage.

Not sure that really classifies as an "outage" it was only one of their many IPs on the list.. it affected all of 3 emails outbound from us.

Dashrender

@Jason said in So this happened....:

@Dashrender said in So this happened....:

Exactly - so by using an external filter caused your outage.

Not sure that really classifies as an "outage" it was only one of their many IPs on the list.. it affected all of 3 emails outbound from us.

I'm going to go all @scottalanmiller on ya - if it's not an outage, what would you call it? Sure it's a short term one, I'm not sure what else I'd call it.

How do your SPF records look? do you have dozens of IPs in there to cover all of the IPs of the cloud service?

scottalanmiller

@Dashrender said in So this happened....:

I'm with Dustin - who blacklists someone after 3 emails, one of which was over 30 days ago.

Anyone with a zero tolerance policy. We'd blacklist for that for sure.

scottalanmiller

@Dashrender said in So this happened....:

@Jason said in So this happened....:

@Dashrender said in So this happened....:

Exactly - so by using an external filter caused your outage.

Not sure that really classifies as an "outage" it was only one of their many IPs on the list.. it affected all of 3 emails outbound from us.

I'm going to go all @scottalanmiller on ya - if it's not an outage, what would you call it? Sure it's a short term one, I'm not sure what else I'd call it.

How do your SPF records look? do you have dozens of IPs in there to cover all of the IPs of the cloud service?

If the service is disrupted, it's an outage.

Jason

more of a delay than distruption.. the emails delivered once the blacklist was clear (or it used another IP after it failed).

wrx7m

Curious as to which spam filter service this is...

Jason

@wrx7m said in So this happened....:

Curious as to which spam filter service this is...

https://www.mimecast.com/