methownet.com
Advertise in the Methow Valley
               

ideas and advice for common tech questions
our network | internet service plans | tech support | our policies | contact us

  

Spamfilters Blacklist Mailservers

Over the past couple of weeks, we've seen an increase in spam and virus traffic on the Internet. As a result several major ISPs have had their mail server listed on what are called the Real Time Blacklists. This has affected methownet.com customers and their ability to get mail from these major providers so we will take a minute to explain how the system works, how it is affecting mail and what you can do to help fix it.

In an effort to control the amount of spam circulating on the Internet, several organizations came up with the goal of identifying where the spam is coming from and advertising those locations in a list, so that others may block mail coming from known spammers. The lists have a process for delisting so that if a certain mail server is added to the list, the administrators of that list can fix the problem and then request delisting, which generally can be done in under an hour. While not perfect, the system works quite well at both identifying the sources of spam and giving ISPs a way to block spam from those sources.

In the recent increase in spam and virus activity, several major ISP mail servers have found themselves on the blacklists and as a result are having their mail blocked by other ISPs. Our mailservers at methownet.com have not been listed and our customers can send mail just fine, but customers of other ISPs who have blacklisted servers have not been able to send mail to our customers. Some have suggested that we turn the filters we employ off for these servers, but if we did that we would open our network to the very spam that got that particular ISP listed in the first place. The goal here is to keep the amount of spam and viruses on our system and in customers email boxes to a minimum and to that end we would encourage all ISPs to respect the role of the Realtime Blacklists and keep a handle on the mail that goes out of their system so they don't get listed. If you hear from someone who gets a mail delivery notice for "blocked due to reputation," you can ask them to contact their service provider and request they pursue the delisting process.

For more information on Blackists Google "wiki rbl blacklist"

To check to see if your server's IP number is listed try MXToolbox at:
http://mxtoolbox.com/blacklists.aspx

Some information from Tech Industry websites:
http://blogs.itbusiness.ca/2011/05/cutwail-botnet-raising-spam-levels-once-more/

There has been a recent increase in the amount of malicious email traffic detected by MessageLabs Intelligence despite a continuous decrease in the actual number of spam mail distributed.

The decrease in spam is due in large part to the takedown of Rustock, the largest spamming botnet, in March. So what accounts for this increase in malware traffic?

MessageLabs Intelligence Senior Analyst,
Symantec Hosted Services
Paul Wood

An investigation by MessageLabs Intelligence revealed that this increase is at least due in part to the Cutwail botnet.

Cutwail, which has been active for some time, recently increased its activity and is now sending more spam with large attachments.

This is no surprise as email attachments are one of the easiest and most powerful tools cyber criminals use to attack PCs and this month MessageLabs Intelligence saw an increase in this type of spam technique using zip file and portable document formats (PDF).

http://www.allspammedup.com/2011/09/is-the-spam-industry-fighting-back/

Why the recent surge?

Experts claim that although the recent spike appears to be a large increase in spam, levels of email spam are still at historic lows.

Instead of this being a cause for concern, most are saying that these efforts are merely a desperate attempt to rebuild an industry that is struggling as attachment spam is one of the easiest methods of spam for the filters to spot, and because so many messages never make it to their destination, it is often considered a last resort.

Botnets like Cutwail, Festi and Asprox are being used to send large numbers of messages to compensate for so many messages being stopped by spam filters. Hoping to find poorly protected organizations and outdated operating systems, spammers believe that they can use their limited successes to help build their networks for future, more lucrative, attacks.

p.s. from methownet.com:
The attachments discussed above have been mainly with email explaining that the recipient is getting a delivery from UPS, DHL, or FedEx and they need to open the attachment to confirm the delivery information. The attachment contains a virus which is installed when opened. Be wary of any such attachment.


Please call or email us with problems
996-2022