Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

About

From time to time we (Tufts) spam the outside world when an account or accounts gets compromised. There are a number of outcomes that can result in the tufts mail domain being temporarily or permanently blocked from being able to send mail to recipient domains as part of this. This article describes some of them.

Different types of reactions from recipient domain

  1. Nothing - Some mail domains will not get enough spam for us, or will not have thresholds set to block the tufts domain (or we may be on their whitelist!) and no action is taken
  2. Temporary Blacklisting - some mail services will place us on a brief hold (anywhere from 24hrs to 4 weeks) and then we are automatically allowed to email them again
  3. Time shift temporary blacklisting - This works similarly to temporary listing, but we're only blacklisted for a shorter period of time from the LAST spam event, so it may be 24 hours after the last spam event is recieved
  4. Blacklist (single host) some services will blacklist JUST the smtp relay that sent to them, which gives the impression that "some mail goes through, some doesn't"
  5. Blacklist via service - some recipient domains are members of trust organizations, that will monitor their receipts. Getting whiteliested or de-listed from those trust organizations will return service
  6. Blacklist via recipient domain - some recipient domains keep their own black-list or augment their trust organizations with their own list.

Services to check if we are blacklisted:

1. http://MultiRBL.Valli.org
2. http://JustSpam.org
3. http://BlacklistAlert.org/

Keep it Simple ways to check

Read the bounce messages, often it will be an error in the 500's sometimes 544, like the below example:

> >     SMTP error from remote mail server after initial connection:
> >     host MX.nyu.edu [128.122.119.206]: 554-r1.home.nyu.edu
> >     554 Your access to this mail system has been rejected due to the
> > sending MTA's poor reputation. If you believe that this failure is in
> > error, please contact the intended recipient via alternate means.
> >

Generally the next steps are to visit the recipient domain's website, contact their support desk or abuse@domain.com or postmaster@domain.com to try to find out what their de-listing process is.

Road to remediation

Most services simply make you submit a human-intervention request. Most services these days do NOT allow whitelisting.

Potential Better Permanent solutions

  • We could begin scanning our mail on outbound, but this can cause false positives of mail we don't allow to go out to skyrocket.
  • We could rate-limit the amount of mail any one account can send over a period of time, this could also have adverse effects based on current business practices.

Frequent Flier Domains that Block Tufts

  • tuftsmedicalcenter.org very regularly is the target of compromised accounts and blocks the Tufts Domain. Unfortunately in our discussions with them they are unwilling to whitelist tufts, and often can take 24-96 hours to respond to unblock requests.
  • No labels

Information on the Tufts IT Knowledgebase is intended for IT Professionals at Tufts.
If you have a question about a Tufts IT service or computer/account support, please contact your IT support group.