For any of the dozen class C that they have, they typically are listed on the Multi-RBL checklist by at least 4 or more RBLs.
You can check a majority of the common RBLs at the following link.
http://www.anti-abuse.org/multi-rbl-check-results/
And any of the RBL that are queried, will sometimes shows the address or even the whole range as listed or bad;
eg ( spamrats )
or
Okay so I put together a few tips, that could help you avoid going to dog house & listed as a bad sender of email.
1: First crafted a SPF record
This is a must do, and will helps you if some one forges mail from one of your domain(s).
Please list a SPF & regardless if you even plan to send mail from that domain. Here's a few domains I own, & that I never planned on sending mail from. So I also crafted a DNS TXT spf record that list my preferences for mail sending ( "-all" ).
This will helps against mail-filtering devices that inspects & validates the domains 1000gigabit.com/net and for any senders that might want to forge mail for these 2 domains.
2: Ensure you have NO open-mail relays
Yes the age old abuse of open-relays, should no be over looked. If you don't know what a open relay is, than follow this link;
http://en.wikipedia.org/wiki/Open_mail_relay
Your mail-sender program will probably have methods for you to check and correct open-relay. Allow mail to only be relayed by client networks that you support & allow.
3: Make sure your mail attachments are virus free
Yes, please help with keeping the internet clean and healthy
What this means ;
" Me and you, need to inspect our mail attachments and/or enforce AV/Malware detections on our clients side ".
The former is easy if you have a mail-sender that has AV detection and inspects all MAIL sent from the server. Optionally, you can use a Firewall that has AV detection ( a firewall from fortigate/paloalto/etc for example ) and direct all mail thru the firewall before sending to the internet.
see these two examples of possible AV inspection ;
( relay with AV all mail is allowed from the client outbound and not directly )
( firewall Fortigate with security inspections or email filtering )
The green-line = post AV inspected mail traffic
4: Rate and throttle your outbound mail sessions, to avoid being throttle by the recipient domain mail-gateway/firewall
Send mail and beaware of the number of mail you send per hour and to each destination.
5: Act responsively to ALL abuse claims.
Any size able organization should have a abuse-security team or abuse-personnel. This also means we need to correct and keep up to date SOA contacts, WHOIS contact, and other technical email address. ( It does not make any given sense to list a invalid contact )
This team or individual, should always monitor the inbox for new claims or complaints and act professionally and responsively to any claims of abuse.
I've worked with numerous ISP over the last 20 years and I can count on 2 hands, how many times the contact was incorrect or the inbox was not even reviewed or monitored.
Be a good organization and monitor your technical/admin/abuse email contacts daily or weekly at minimum.
6: Enrolled any authorized mailer-devices into a RBL monitor
Their's a few free and a few paid RBL monitoring service. All will alert you to a possible RBL listing, and they typically scan every 12-48 hours, depending on the levelof service you subscribed to. Find one or two and have them monitor your email servers ip_address.
7: If your a big agency or ISP, request a mutual mail-sender-usage policy and ask to be white-listed or less restrictive limits against your authorized mail-senders
Big organization like AOL, Google and MS and others, will work with you to ensure your mail get thru. So if you send like a million or more mail sessions per day to one domain, try to work out a mail-usage acceptance policy. They might do any of the following;
- 1: reduce or eliminate any mail-sender grey-listing
- 2: reduce or eliminate certain AS checks
- 3: reduce or eliminate certain reputation throttling policies
- 4: white list your senders address
8: Review all logs for any tell-tale signs like deferred or temporary bounces, mail in a dead queues
Yes your "maillogs" and "mailqueues" , will provide feedback to any potential mail problems. You should be monitoring these daily.
9: Ensure you meet all common practices for mail-senders
- (DNS) PTR installed
- ( DNS ) FQDN matches PTR
- Ensure your MTA uses proper EHLO/HELLO
- avoid differences with regards to the mail-replay and mail-from headers
- Proper mail headers creation
- mail data envelope size is conservative ( yes don't try to send a 200mb attachment and watch the number of mail headers you add to a mail message.... bigger is not always better )
10: The final & most important tip, don't send SPAM
Yes what this means; " if you use mail for intended recipients , in a conservative manner, and do not send unsolicited mail". Then you will most likely never get on a RBL list.
I can't even tell you the number of times, a remote party has email or called me to ask why we are not accepting any mail from them.
If you get on a RBL, there's probably a good reason and you probably have something out of wack or you deserved to be listed on the RBL. So don't blow off the RBL listing and blindly request a removal. Fix/Correct the issues and re-monitor the address.
Also don't blame the RBL maintainers. I had a gentlemen threatening to fly to my location and beat/shoot-me , because a RBL, I was working with, had flagged his addresses as possible senders of SPAM ( he was a openrelay btw ).
Yes keep this thought in mind ; " the RBLs DOES NOT BLOCK YOU. The recipient mail-gateway that your sending mail to is BLOCKING YOU " .
The RBL listing is nothing more than a suggestion & based on analysis feedback and reports from numerous recipients that your are SENDING SPAM or have a Open mail-relay.
Fix the damm problem!
I hope these 10 tips, helps you to have a happy mail sending experience
Ken Felix
Freelance Network / Security Engineer
kfelix ----a---t---socpuppets ---d---o---t---com
^ ^
=( ^ ^ )=
o
/ \
.
No comments:
Post a Comment