12Wonder
March 1st, 2007, 01:16 PM
We have been having issues recently with mail being rejected from one of our servers due to its main IP being listed, de-listed, and re-listed within a matter of hours in the Spamhaus/XBL or CBL (Composite Blocking List) blacklist. Many major ISP's use this blacklist to filter and reject mail. If you have had mail rejected with a link to cbl.abuseat.org or spamhaus.org/xbl, this is the cause.
We have been over everything with a fine-toothed comb and determined the server is NOT the source/origination of any mass spam mailings. However, it turns out that there were a couple of "small" issues which together were enough to get the server blacklisted and will continue to keep it listed if not resolved pronto and permanently:
Setting the Default Address in Mail -> cPanel, OR setting up ANY Email Forwarders, to forward mail through the server to any off-server email address destination. When you forward email or set your default address to an email address, ALL mail is forwarded, including spam. I've yet to find an ISP with the ability to differentiate from actual spam and forwarded spam, nor one that likes it when their customers forward spam to them. All those forwarded spams made it appear to the ISP/recipient addresses that OUR SERVER was the source of the spam.
Use of Mail -> Email Domain Forwarding to forward email to any off-server address. Same end result as above.
Use of Boxtrapper Spamtrap: Spam comes in with a forged return address, Boxtrapper responds to the email, and that response gets tagged as spam. We were also having problems with people starting Boxtrapper loops by sending to another email address which also used Boxtrapper, and they just continually email each other back asking for a verification reply.
The CBL has this to say about delisting:
We don't like listing your IP any more than you do, but compromised machines must be fixed. Our "compromise detection" techniques are extremely accurate, and almost never makes mistakes. Hence, detections must be taken seriously, and you should do whatever you can to understand and fix (or at least avoid) the problem. Repeated detections/delistings should be taken even more seriously, because: The CBL will refuse to delist an IP if the problem continues after multiple delistings. The CBL's users expect us to list compromised machines, and we cannot in good faith continue delisting an IP when it's known to be compromised: no exceptions.
Again, keep in mind that the CBL's users (companies which subscribe to the blacklist to filter out incoming emails) include most major ISP's around the globe, and include verizon, comcast, and many others, even yahoo & hotmail. Getting blacklisted effectively means you are blocked from sending email from any domain hosted on that server to just about any email address. Getting blacklisted repeatedly has serious consequences. So we are taking this SERIOUSLY, as you should, if you want to be able to continue using your domain email address to send mail.
SOLUTION:
Effective immediately and applicable to all accounts on all servers, Boxtrapper has been disabled, and we will allow NO OFF-SERVER EMAIL FORWARDING. This ban includes:
NO use of the Default Email address in cPanel -> Mail -> Default Address to send email to an off-server address.
NO use of cPanel -> Domain Email Forwarding to forward email to any off-server address.
NO use of cPanel-> Mail -> Email Forwarders to forward mail to an off-server address.
NO use of cPanel-> Mail -> Email Filters to direct mail to any off-server location.
Instead, you must use POP3 (in your own email client such as Outlook etc), or Webmail/IMAP, to retrieve your email directly from YOUR ACTUAL DOMAIN EMAIL ACCOUNT. You may use email forwarders, but only if you forward to another email address you own within your same hosted domain's account.
Example:
OK: admin@yournewsitename.com forwards to joe@yournewsitename.com or to joe@yournewsitename.net IF the .net address is an addon domain INSIDE this same hosting account.
NOT OK: admin@yournewsitename.com forwards to joe@hotmail.com or to any email address that is not part of your actual hosting account.
I regret having to implement these measures. But 1-2-Wonder remains committed to combatting spam, and we cannot continue to allow incoming spam to be relayed off our servers and giving us a black eye.
If you have any off-server forwarders set up, you need to get into your cPanel ASAP and remove them. This also includes the free NPCS accounts: Although access to Forwarder management in cPanel was disabled on the free NPCS hosting accounts last month, we are re-enabling its management temporarily for you in order to enable everyone to make the necessary deletions of off-server forwarders.
We will be inspecting all accounts and will delete any off-server forwarders we find which fit any of the items listed in red above.
Anne
We have been over everything with a fine-toothed comb and determined the server is NOT the source/origination of any mass spam mailings. However, it turns out that there were a couple of "small" issues which together were enough to get the server blacklisted and will continue to keep it listed if not resolved pronto and permanently:
Setting the Default Address in Mail -> cPanel, OR setting up ANY Email Forwarders, to forward mail through the server to any off-server email address destination. When you forward email or set your default address to an email address, ALL mail is forwarded, including spam. I've yet to find an ISP with the ability to differentiate from actual spam and forwarded spam, nor one that likes it when their customers forward spam to them. All those forwarded spams made it appear to the ISP/recipient addresses that OUR SERVER was the source of the spam.
Use of Mail -> Email Domain Forwarding to forward email to any off-server address. Same end result as above.
Use of Boxtrapper Spamtrap: Spam comes in with a forged return address, Boxtrapper responds to the email, and that response gets tagged as spam. We were also having problems with people starting Boxtrapper loops by sending to another email address which also used Boxtrapper, and they just continually email each other back asking for a verification reply.
The CBL has this to say about delisting:
We don't like listing your IP any more than you do, but compromised machines must be fixed. Our "compromise detection" techniques are extremely accurate, and almost never makes mistakes. Hence, detections must be taken seriously, and you should do whatever you can to understand and fix (or at least avoid) the problem. Repeated detections/delistings should be taken even more seriously, because: The CBL will refuse to delist an IP if the problem continues after multiple delistings. The CBL's users expect us to list compromised machines, and we cannot in good faith continue delisting an IP when it's known to be compromised: no exceptions.
Again, keep in mind that the CBL's users (companies which subscribe to the blacklist to filter out incoming emails) include most major ISP's around the globe, and include verizon, comcast, and many others, even yahoo & hotmail. Getting blacklisted effectively means you are blocked from sending email from any domain hosted on that server to just about any email address. Getting blacklisted repeatedly has serious consequences. So we are taking this SERIOUSLY, as you should, if you want to be able to continue using your domain email address to send mail.
SOLUTION:
Effective immediately and applicable to all accounts on all servers, Boxtrapper has been disabled, and we will allow NO OFF-SERVER EMAIL FORWARDING. This ban includes:
NO use of the Default Email address in cPanel -> Mail -> Default Address to send email to an off-server address.
NO use of cPanel -> Domain Email Forwarding to forward email to any off-server address.
NO use of cPanel-> Mail -> Email Forwarders to forward mail to an off-server address.
NO use of cPanel-> Mail -> Email Filters to direct mail to any off-server location.
Instead, you must use POP3 (in your own email client such as Outlook etc), or Webmail/IMAP, to retrieve your email directly from YOUR ACTUAL DOMAIN EMAIL ACCOUNT. You may use email forwarders, but only if you forward to another email address you own within your same hosted domain's account.
Example:
OK: admin@yournewsitename.com forwards to joe@yournewsitename.com or to joe@yournewsitename.net IF the .net address is an addon domain INSIDE this same hosting account.
NOT OK: admin@yournewsitename.com forwards to joe@hotmail.com or to any email address that is not part of your actual hosting account.
I regret having to implement these measures. But 1-2-Wonder remains committed to combatting spam, and we cannot continue to allow incoming spam to be relayed off our servers and giving us a black eye.
If you have any off-server forwarders set up, you need to get into your cPanel ASAP and remove them. This also includes the free NPCS accounts: Although access to Forwarder management in cPanel was disabled on the free NPCS hosting accounts last month, we are re-enabling its management temporarily for you in order to enable everyone to make the necessary deletions of off-server forwarders.
We will be inspecting all accounts and will delete any off-server forwarders we find which fit any of the items listed in red above.
Anne