Why does the Spamhaus spam filter reject ntlworld and virginmedia?

  • 0
  • 1
  • Problem
  • Updated 6 years ago
  • Acknowledged
Merged

This conversation has been merged. Please reference the main conversation: I'm still having problems with my email. What should I do?

Since the new spam filter was introduced my email account does not receive emails from anyone with ntlworld.com based emails. I have tracked this to spamhaus. For some reason spamhaus is blocking all email from ntlworld.com when they are used in conjunction with Outlook Express 6. This is the message:

This is the mail system at host know-smtprelay-10-imp. I am sorry to have to inform you that your message could not be delivered to one or more recipients. The message is attached below. The remote mail system said: 5.7.1 Service unavailable; Client host [80.0.253.74] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=8...

It is not a blacklisted IP address. I believe that there is a misconfiguration on the spam filter that is causing the rejection.

Any ideas?

Kev
Photo of computare

computare

  • 326 Points 250 badge 2x thumb
  • worried

Posted 6 years ago

  • 0
  • 1
Photo of Drew N

Drew N, Alum

  • 262,826 Points 100k badge 2x thumb
Hello, When I went to mxtoolbox.com and entered ntlworld.com. I did a blacklist check on each MX record and that domain did come up as blacklisted by Spamhaus in one case. Here are the reasons Spamhaus might block messages.

I am sharing this thread with the mail admin, for further research. One or more of these issues may need to be addressed with the mail provider of ntlworld.com.

More Information About Spamhaus Zen

Inclusion in the Spamhaus-ZEN Blacklist results from sub-listings in one more the following Blacklists:

CBL - You have contracted a Virus or Malware that is operating a Botnet, either on your email server on a workstation behind the NAT - Continual delisting requests without eliminating the virus will result in permanent blacklisting;
XBL (Spamhaus Exploits Block List) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies;
PBL - Spamhaus PBL is a DNSBL database of end-user IP address ranges which should not be delivering unauthenticated SMTP email to any Internet mail server except those provided for specifically by an ISP for that customer's use.

Spamhaus Zen Reports Dynamic Ip Addresses

Dynamic-based Blacklists will list many DHCP ranges of IP Addresses from Internet Service Providers. You could be listed if your IP Address was previously dynamically assigned, or if your ISP gave you a static assignment and did not assign a distinguished PTR-Record, aka a "Reverse DNS Entry."
Spamhaus Zen Reports Open Relays

Relay/Proxy-based Blacklists typically list email servers and/or hostnames that are sending Unsolicited Bulk Email (UBE) that is clearly from email addresses that are not hosted on the server or that do not match the SMTP Banner/Hostname of the Email Server, commonly referred to as an Open Relay. An Open (Mail) Relay is an SMTP server configured in such a way that it allows anyone on the Internet to send e-mail through it, not just mail destined to or originating from known users.
Spamhaus Zen Reports Sources Of Spam

Spam-based Blacklists are those that will list either single IP Addresses or entire ranges that have actually received Spam, i.e. Unsolicited Bulk Email (UBE) in their Spamtraps from an IP-Address. This could be a result of a compromised email account, an Open Relay, or simply sending mass emails / marketing and not following best practices according to the "CAN-SPAM Act of 2003" (ref: http://en.wikipedia.org/wiki/CAN-SPAM...)
Spamhaus Zen Reports Virus Infected Sources

Virus-based Blacklists are those that will list single IP Addresses (or hostnames) of email servers that have sent Spam traffic that is generated by some form of a Virus, Malware, Trojan, or "botnet" infection in a network. This is often a result of a user visiting a webpage that houses an infection and downloads malware on a PC which then creates a "mini SMTP" server used to hijack account information, and send bulk email to recipients in the Users' email address book. It can affect the actual machine housing the "Email server platform" or on a local PC which is allowed to connect to the Email Server IP Address on SMTP port 25.
Spamhaus Zen Requires A Manual Delisting Request

This blacklist does support a manual request to remove or delist your IP Address from their database. Please note that removal requests that are submitted without addressing the core problem will likely result in your IP Address being relisted in that database, which can cause subsequent problems and extended listing periods without release.
Photo of computare

computare

  • 326 Points 250 badge 2x thumb
Hello Drew

Thanks for your comprehensive reply.

The change to spamhaus has been the cause of the issue as the original spam filter did not block me.

If I use the email directly through virginmedia.com it works fine but it is always bounced back when I use OEv6. This narrows down the reason for the problem but still doesn't give me a solution.

I narrowed it down further to the dynamically assigned IP address reason for rejection so I have now manually configured my connection.

Does this mean that my IP address can be removed from the blacklist? If so, how? I am confident that it won't get blocked again now that I have used a manual configuration.

Excuse my lack of understanding (I am just an accountant): The blocked address 80.0.253.74 is not the IP address on my PC which is 192.168.1.10.

Thanks
Photo of Drew N

Drew N, Alum

  • 262,826 Points 100k badge 2x thumb
I am still gathering information on Spamhaus specifics, but the IP you need to check is not the one on your PC, but your Public IP. This is what they would see. In any case the IP 80.0.253.74 is owned by Virgin media.

I will post more as I find out information.

Drew
Photo of computare

computare

  • 326 Points 250 badge 2x thumb
I have read some more information on this and I see that virgin media has a dynamic IP configuration. For some reason the new spam filter Spamhaus regards this as worthy of blacklisting. That is very unfair as I think using a dynamic IP address is regular practice. It certainly unfairly blacklists perfectly legitimate email addresses and in turn blocks business contacts from sending emails to us. I consider this to be a worrying state of affairs which, if left unresolved could well see some of your customers migrating away from homestead based email.

Please keep working on a solution.

Kev
Photo of Drew N

Drew N, Alum

  • 262,826 Points 100k badge 2x thumb
Thanks for the information. For mail servers using a dynamic IP would allow spammers to constantly reassign their IP thus foling the efforts of anti spam people. By using static IPs on their servers, they would be telling Spamhaus, here we are and we are legit. I am not saying they aren't, just that I believe that to be the thinking of Spamhaus and other blacklists.

Drew
Photo of computare

computare

  • 326 Points 250 badge 2x thumb
The trouble is that virginmedia and ntlworld are two very popular email domains in England so Spamhaus is unfairly blocking several of our customers from contacting us.

The change of spam filter has caused this problem where no issue previously existed. There must be a way of putting this right otherwise we'll have to move our business email address to ntlworld to avoid this problem.

Surely you have some way of exerting pressure on Spamhaus so that they can treat virginmedia and ntlworld users fairly?
Photo of Drew N

Drew N, Alum

  • 262,826 Points 100k badge 2x thumb
I am not sure yet what we can do. The change is so new and the mail admins are going to be fine tuning it, but I will try to find out more.

Drew
Photo of computare

computare

  • 326 Points 250 badge 2x thumb
I think there is a related issue when we attempt to send an email to a gmail.com address.

421 4.7.0 smtp4.homesteadmail.com space Error: too many errors.

Keeps getting bounced back.

Any ideas?
Photo of computare

computare

  • 326 Points 250 badge 2x thumb
This problem is far worse that I had at first imagined.

We are getting several reports from clients telling us that they have sent or replied to our emails and none of these have come through thanks to Spamhaus. The spam filter settings are all wrong and blocking anyone who uses a dynamic IP address.

Many of the other faults reported in this community are related to this.

Do you have the option of reverting back to the original spam filter which was working properly?

It has to be wrong for Spamhaus to blacklist anyone using a dynamic IP address as this set up is popular here in the UK. Maybe Spamhaus is a business that is not worth doing business with - they are certainly damaging your reputation.

You have to take some action soon others I am sure that you will lose a lot of customers as they migrate to more reliable email providers.

This conversation is no longer open for comments or replies.