We recently got alerted that we were listed on this site. The way they list mail servers is if your mail server tries to use the VRFY feature to try and validate the senders email address. I tested Ironport and does not seem to be doing this unless my tests are wrong. The other way they list you on their BL is if your mail server sends bounces or NDR and does not reject on SMTP conversation. I suspect this is why we are listed, we are doing LDAP look-ups on workqueue and then bouncing if recipient not found, back when we implemented our tests showed that the bounces would only respond according to the DHAP count which in our case it is 5. But apparently backscatterer.org does not want to detect it at all or they list you. Our preference would be to reject on SMTP conversation but we ran into some issues with a big ISP Verizon.net. We found that their servers were being abused and were probing our address books so we would limit them via DHAP and eventually throttle them. So when legitimate users trying to communicate with our users would send us email they would be throttled as well. Of course Verizon did not want to do anything about it so we had to!!! Does anyone have any experiences with backscatterer.org and how did you go about it? What were you able to find out? Thanks
BV is on already. The issue is responses to invalid addresses. Apparently they have servers out on the net probing. They send our servers emails to "firstname.lastname@example.org" and we process in queue and then send and NDR because user does not exist. They want to force everyone to reject on conversation of SMTP, which I would like to have enabled but like I mentioned on original post. Had issues with a big ISP, and us rejecting on SMTP conversation. Aside from this I think this PBL does not even want mail servers to bounce any type of email at all. I just wanted to see if any one had experienced some issues with them as well and how did they go about solving them. Thanks
Backscatter.org uses a system that is administered by UCEProtect and I have been having a nightmare with them for the last month or so.
I won't go into too much detail, as this will only encourage the admin from UCEProtect from coming on this forum and starting to flame (as has happened on numerous other forums that have had issues with Backscatter).
For anyone that wants a good laugh at the details of their system take a look at http://www.uceprotect.net/en/index.php
Basically what happens is if their spam trap detects a NDR or SV request they will blacklist your IP address for 7 days (after the last NDR or SV is received). the only way to get it delisted quicker than 7 days is to pay a 50 Euro charge.
Of course they also have 2 other levels that you can be put onto where they can block you entire Subnet, or you AS.
Oh yes and if you threaten them with legal action they will put your IP address on a permanent block until such time that the legal proceedings have concluded and then you will have to pay a percentage of the legal costs (and then proudly boast about it).
If you want further info then just Google "UCEProtect and Extortion".
I am for any person or organization that attempts to stop SPAM. The number of days being listed and the money they request to get you an express delisting is a bit ridiculous thought. There isn't a guarantee that you will not get listed right back after you pay!!
What do you guys think about what they are trying to enforce or accomplish? Rejecting emails on SMTP conversation and not generating NDR's etc? You guys think it is a good thing? Trying to stop joe-jobs and such?
Thanks for suggestion, we do use LDAP recipient validation but in the workqueue not on SMTP conversation. This is the reason why they list us because when used in the workqueue it generates a separate email indicating that the user does not exist. My original post indicates why we had to move to use in the workqueue instead of SMTP conversation. A different bounce profile would only be possible per listener correct? And it is global correct? Even if I could set a different bounce profile per external domain, that means I would have to know ahead of time which domains use backscatterer.org to add them to that profile. Our users want to be able to send NDR's to our legitimate customers when ever possible. Thanks
Sounds like UCEProtect has the same attitude as SpamCop: you either do it exactly the way we want or you're a total screw-up and we'll penalize you for it (and yes, I know that IronPort owns SpamCop). It's typical zealotry, as illustrated by this quote from their website: "Some people tell lies and myths about us. Most of them run into trouble with us, because they were, or still are, learning resistant." Translation: "If you don't agree with us then you're stupid." When you know that you're 100% right about something, there's no need to entertain arguments from anyone else. Minor things like technical issues just don't matter.
SPAMHater: it's a shame that you had to cave in to Verizon's bad behavior. The 1000 pound gorillas out there know they don't need to waste time and money policing their networks because they're too big and important for anyone to penalize. In your situation, I would have preferred to tell my customers, "Tell your correspondents to find a different ISP (or at the very least a different mail provider), because Verizon sucks and can't send mail reliably." I realize that's not always possible.
Wargot, these forums are for IronPort customers only, so I don't think you need to worry about the sysadmin of UCEProtect coming here and staring a flame war. I have to agree, their website is laughably amateur. Phrases like "abusers should NOT be given a chance to get their crap out," and the above quote about being "learning resistant" demonstrate their high level of professionalism. More displays of professionalism are available at http://www.uceprotect.org/.
It occurs to me that rouge anti-spam outfits are as much a threat to e-mail as spammers. I'm surprised that there isn't a "rogue anti-spammer blacklist" out there that lists all the servers and/or spamtrap addresses used by outfits like UCEProtect. It sure would be handy to be able to identify their mail when it comes in and throw it in the bit bucket.
your solution (or atleast definitive answer) is likely going to need a formal support case to revisit your details. there are too many variables to figure out what you need without logs and such to back it up.
since i'm not familiar with your original support case, or with your configurations and such, i'd err on the side of caution and ask you to reopen the support case if you feel the solution is inadequate in any way. if you have any trouble doing that, just drop me a line with the support case ID and i'll make sure it's getting the love it needs.
while, i somewhat agree with all the ISP and hosted mail bashing on a personal level, i don't believe it has too much credence here IMHO. every place like spamcop or verizon or any other policing or hosting agency has people there doing the best they can with what they've got, just like our IronPort customers are. just keep that in mind ;) .
every place like spamcop or verizon or any other policing or hosting agency has people there doing the best they can with what they've got
Agree with you 100% dlnash we should not have to cave in or be forced to comply with someone else view of how things should be done. Of course there should be guidelines and recommended parameters but that is a far cry from being forced to do things a certain way. Unfortunately I tried my hardest to not cave into Verizon but when the pressure starts coming down directly from the CEO's office sometimes one has no choice but to comply!!
awurster I never had a support ticket open, don't think there really is much you guys can do. I know that LDAP rejection on SMTP conversation would alleviate most if not fix the issues I am having with UCEprotect.org but it is something that I cannot revisit since the Verizon client complaints are still kind of fresh. I just wanted to throw this post out there, to learn of some experiences that other IronPort admins might of had with UCEProtect and maybe some one implemented something that I did not think of, to alleviate their issue. In the meantime I am telling my users to relay back to their clients to inform their mail admins not to use UCEProtect.org and or backscatterer.org!!
Thanks for your time guys. ;-)
I had a lot of problems in the last month with that blacklist because I'm using my C300 to relay e-mail from and to many e-mail servers on private networks and it's not possible for me to get the whole set of e-mail addresses of those servers. When spam comes is for an internal domain it is marked and transferred to the final e-mail server, which would eventually generate a delivery failure it the address is not valid; when this delivery failure reaches the backscatterer.org servers I get blacklisted.
At first I tried setting up the "sender verification exception table" to block e-mail from the domains for which I was listed, but the blacklist maintainers register many domains each month, so it's impossible to keep the table up to date.
My current approach is to block delivery to their mailservers with a reject policy on our firewall; it seems much more effective since they have only a few mail servers that are used for spam traps (I thought is was only one but today I found out that there are at least 2 :( ).