Musings from a small IPP

E-Mail hosting

Stopping e-mail from runaway web sites

by on Apr.10, 2015, under E-Mail hosting

Recently we had a customer whose website was infected by way of one of the infamous plugins that are sometimes bundled into themes, such as TimThumb.  The result was their site became one of the foci of a world-wide bot-net which posted tiny abouts of information (greeting and e-mail addresses)  to target fairly large SPAM messages out from their site.

This ran overnight at the weekend, so by the time we had tracked it down 25,000 messages had been submitted, all properly validated as coming from the customer’s site

Fortunately 10,000 messages were still in the system outgoing queue, and we were able to purge those, but it was still around 10 days before mail was flowing properly again.

In response to the issue we are “rate limiting” email by number of recipients from each sender. In a time window  I’ve run some analysis on the traffic logs, and apart from the mailing lists we host, which would be expected to send to many recipients, and with only 8 exceptions, in the past month no-one sends to more than 10 recipients in an hour.  We’ve exempted the known high volume senders from checks, and will be setting a sliding 1 hour window to restrict every other mail account’s submission rates to slightly more than this observed high

This may affect you if you suddenly decide to do a mass mailing.  It’s easy to enable your account if you tell us in advance, also don’t forget you can have a hosted mailing list which can individualise each message for its recipient

Comments Off on Stopping e-mail from runaway web sites :, , more...

How to get your mail blocked

by on Nov.30, 2012, under E-Mail hosting, Operations, SPF the Sender Policy Framework

We spend a lot of time trying to let legitimate mail through, and filtering problem mail into SPAM folders for our customers.  Here are a few ways you can ensure you get filtered as SPAM

  • Always change the sender of each message, to each recipient, to prevent whitelisting
  • Assume that the FROM line will be recognised (it will not, sender is what counts)
  • Have an incorrect SPF record for where you are sending from
  • Always change the sender of each message, to each recipient, to prevent whitelisting
  • Make sure your customers never reply to your mail, use a “noreply” address
  • Send mail to customers who report you as SPAMMING them
  • Use a 3rd party mailing list service with bought lists
  • Send mail containing links to sites that are black-listed
  • When doing any of the above, send lots of mail to establish a history of sending dodgy mail
  • Always change the sender of each message, to each recipient, to prevent whitelisting
  • Slightly less important, have a mismatch between the email sender’s domain, and the system sending it
  • Carefully include keywords that trigger automatic traps e.g. “Beneficiary,” “winner.” “prescription,” etc
  • Send from a misconfigured system
  • Have an invalid Message-id, or none at all.
  • Always change the sender of each message, to each recipient, to prevent whitelisting
  • Send from a system with a dynamic IP address (home vs business broadband)
  • Use words and phrases that differ greatly from the language written by the intended recipient (Bayesean check)
  • And remember always change the sender of each message, to each recipient, to prevent whitelisting

After all, it’s all about tracking deliveries, not getting your message through isn’t it?

Comments Off on How to get your mail blocked :, , more...

Social Network Nuisance E-Mail

by on Feb.06, 2012, under E-Mail hosting, Operations

If there’s one thing that’s visible every day, it’s that users (& some administrators/developers) are easily confused.

Take for instance the “Find My Friends” misfeature on most Social Networking sites. None warn the user to go through and check that the invitations they are about to generate are really only going to their friends, and that they should only send mail directly to their friends, not to mailing lists.

I wonder how many suppliers get invitations to connect to customers whom they don’t really know on LinkedIn? How many mailing lists are invited to sign up and befriend FaceBook users? Some sites like Flickr limit their invitations to existing users, others need blocked from every mailing list.

Example setting for Mailman > Privacy > Sender filter

Comments Off on Social Network Nuisance E-Mail :, , more...

Who is using your email address?

by on Jan.17, 2012, under SPF the Sender Policy Framework

Well you are of course.

Then there are spammers, whom we try to control with SPF records in the DNS to limit where your email can come from to the servers you use.

Then there are misguided websites which try to use your email address to send mail when someone fills in a form claiming to be you.  You didn’t send that mail, the website did, so the 4 players in the message should be set appropriately; they are

From — who he message purports to be from — you in this case
Sender — the website administrator
Reply address — again probably you
Error Reports — Probably should go to the website admin

Websites will usually fix this once they understand the problem.

Finally there are people doing stuff for you, for instance payment portal providers, or webservice consolidation sites such as  house or employment search services.  Most of the above applies, with the added wrinkle of you as the named responsable (EU French term for the person accountable) for the service.

The portal will correctly show you as the From address, but should not be using your email as the sending address that’s just simply wrong, if you do agree to it then the portal should provide a portal SPF record that can be included by your own SPF record, how otherwise are you supposed to maintain your email security with random contractors thinking they can send as though they are you vs someone providing a service to you?

One does not use another company’s headed notepaper after all. That’s fraud. Why then should you use another company’s email address, without making the ‘on behalf of‘ relationship clear?

 

Comments Off on Who is using your email address? :, , , more...

Hotmail ignoring MX records

by on Sep.02, 2011, under E-Mail hosting, Operations

One of my customers reported a very focused failure.

They could not receive emails from Hotmail.  Everywhere else seems to be fine, just hotmail returned immediate failure when mail was sent to them. The same hotmail account could send mail to us, and to other customers.

The thing that was different with this customer was an A record for their domain, a practice I try to discourage, because I could see this happening with mails from out of date systems, but  as far as I was aware, not an issue with major providers. The customer has the domain-level A record because their website supplier thinks it uncool to use www. in front of the website (a mistake made by WordPress-mu as well)

It was very simple to demonstrate the fault.  We removed the domain level A record from the DNS and the mail immediately started to come through.

Comments Off on Hotmail ignoring MX records :, , more...

Tsunami “charity” e-mail

by on Mar.15, 2011, under E-Mail hosting, Operations

I’ve just had an e-mail arrive in my SPAM folder that looks extremely dangerous.

It purports to be from the British Red Cross appealing for Japan, but

  • The Red Cross were on the radio yesterday explaining that their priority is currently the Libyan refugee crisis.
  • The email originated in China.
  • The payment method was Moneybookers (an alarm bell all by itself)
  • The payee was a personal account
  • The Payee should have been the Red CrossThe British Red Cross
  • No off-line donation methods listed, such as bank transfers, telephone with credit card, or local collections.

We are tagging these as SPAM, but do watch out

1 Comment :, more...

Should know better

by on Feb.22, 2011, under E-Mail hosting

The base standard for email RFC822 is close to 30 years old.  You’ld think by now that people would be capable of adhering to it, and that deviations would be jumped on by every anti-spam tool in existence.

Take for instance the requirement to have a message-Id.  A Message-Id has a very specific format: it starts with a ‘<‘ character, then a unique string often based on the date, time and how many messages the system has processed today, then ‘@’, then the fully qualified domain name (FQDN) of the originating system, and finally the closing ‘>’ character.

The message-Id is designed to trace a message through the e-mail infrastructure.  It should only be added by the starting MTA, and subsequent systems, in these SPAM aware times, should refuse to handle messages without a valid one, rather than adding one as they did in the past.

The Message-Id is intended for computer use, not human interpretation, so the FQDN should be that — a domain name that can be checked in the DNS, not europe3.mybigcompany, nor missing entirely.

This is even worse when the company in question sells SPAM and Virus detection software, or reliable communications.  Congratulations NORTON – Symantec, congratulations Blackberry, come up and take a bow.

Comments Off on Should know better : more...

Colossal Arrogance

by on Jan.23, 2011, under E-Mail hosting, Operations

Dear Blackberry/ Research in Motion,

I am not prepared to pay you to tell you your systems are misconfigured.  When I send you a note to let you know that you are generating message-ids that are not standards compliant for your customer’s outbound mails, and that you might like to look into it, I expect a polite “Thank you’ not: an invitation to buy a support ticket before you will open my email.

Your reply:

Thank you for contacting BlackBerry Technical Support. The email you submitted has not been delivered. Please find many alternative support options below.

is just rude, and worse I suspect it was generated by the group that handle your consumer devices who wouldn’t comprehend what I was writing about, rather than the infrastructure group that need the information.

Comments Off on Colossal Arrogance : more...

50 E-mails: 49 are SPAM

by on Aug.14, 2010, under E-Mail hosting, Operations

It’s a very sad milestone.  As of this week we mark over 98% of the messages we are offered as SPAM.  The press has some catching up to do — they report 92% — a figure we were at back in February.

This does include a very small percentage of messages which we later re-classify as ‘ham,’ and the slightly larger set that we have mistakenly believed to be legitimate, but the percentage is scary.  Handling it would require 1 processor per 750 mailboxes running flat out (on average — the peaks and troughs are of course rather fractal), meaning that a large multi-processor system is required in practice.

So less than 1 message in 50 is legitimate.

When I look at this figure, I realise we do something really worthwhile for our customers.

Comments Off on 50 E-mails: 49 are SPAM : more...

Change of policy, SPF bypass for whitelisted senders

by on May.25, 2010, under E-Mail hosting, SPF the Sender Policy Framework

Sometimes you have to give up, and take the hit of extra SPAM.  For me personally, one of the more valuable features of ASSP’s SPF checks was to apply the check to incoming addresses that are otherwise whitelisted, so that no-one can hijack a genuine contact’s email address to send one spam.

But there is always the wilfully ignorant customer of one’s customers who refuses to believe that their IT provider has not authorised the way they are sending mail.  “Lots of other places receive my mail”  — well yes but they’re not checking, “Well it must be your fault, and no I can’t talk to my IT department, you fix it” — phone slams down.

When the person who will not listen is controlling a significant spend some form of smiling compliance is forced.

We still have a list of domains where we force SPF checks, and let’s say a big “THANK YOU’ to HSBC, PayPal and RBS who actually care enough for their customers to protect them from phishing with SPF.

In contrast one ought to hold up to ridicule Barclays, NatWest, Santander, Bank of Scotland, Lloyds, Halifax etc who (as of today) still leave their customers open to attack.

Comments Off on Change of policy, SPF bypass for whitelisted senders :, more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Visit our friends!

A few highly recommended friends...