Demon’s (Thus Telecom) Response about their mail server’s being Blacklisted – Do they give a damn?

A customer of ours was having trouble sending us emails recently and the usual reason is that the IP Address of the mail server that was sending the mail to us is blacklisted (our servers check against various blacklists to cut down on spam just like every other good mail server should).

So, after receiving a copy of the email headers from our customer, we checked the sending server’s IP Address 195.173.77.148 and sure enough, on checking on MXToolbox we discovered that they were on 3 blacklists (Lashback / Redhawk and SORBS).

So we asked our customer to get in touch with their ISP (Demon / Thus) and ask them to request that the IP address gets de-listed. That was when the fun started!

After a couple of emails back and forth between us, our customer and Demon (Thus), we received the following response:

—————————————————————————————————————
“It appears that it-eye.co.uk are using SORBS to filter their mail.

There are many blacklists available on the Internet but not all blacklists are created equal. We actively monitor a number of the larger public ones to ensure that we are aware of problems with both our service machines and our customers.

However, it is our opinion that this particular list is a rather aggressive one and sees abuse teams as the enemy rather than an ally.

They also do not appear to provide any evidence for their listings so we will not be submitting any removal requests.

Recipients must understand that if they use such lists, they may very well be losing legitimate mail.

If this is causing you difficulties then there are 2 options available to you:

1. Alter your configuration to send mails directly rather than via our smarthost (if your systems are able to support this).
2. Send your mails to one of the smarthost machines that aren’t presently listed; this is a list of the current machines:

195.173.77.132
195.173.77.133
195.173.77.134
195.173.77.148
195.173.77.149
195.173.77.150

Please note that this is only given as a possible fix for a temporary problem and that you generally should only refer to the smarthosts as ‘post.demon.co.uk’.


Network Abuse Team
THUS
a Cable&Wireless Worldwide business”

—————————————————————————————————————
Having picked myself up off the floor, I decided to check out the IP addresses that they listed and guess what, here are the results!

195.173.77.132 – Blacklisted on Backscatterer.org – (badly configured server) plus Lashback & Sorbs
195.173.77.133 – Blacklisted on Lashback & Sorbs
195.173.77.134 – Blacklisted on Backscatterer.org – (badly configured server) plus Lashback & Sorbs
195.173.77.148 – Blacklisted on Lashback, Redhawk & Sorbs
195.173.77.149 – Blacklisted on Lashback & Sorbs
195.173.77.150 – Blacklisted on Backscatterer.org – (badly configured server) plus Lashback & Sorbs

Now you don’t get listed on Backscatterer.org unless your servers are badly configured and send out Non-Delivery Reports to spammers, so it is very clear that Demon do not have a clue about configuring mail servers and clearly don’t care that their IP Addresses are blacklisted and are not prepared to do anything about it. Please read the Wikipedia explanation of what Backscatter is.

So – ask yourself – are you going to use Demon as your ISP? I certainly know that they won’t be appearing on my top 1 million ISP’s 🙂

Advertisements

4 Responses

  1. I disagree Backscatter is a pain to setup properly, and to blacklist becuase of that is nuts!

    • To prevent backscatter (and subsequent listing on Backscatterer.org), all you need to do is turn on Recipient Filtering. With this enabled, your server is no longer responsible for sending Non-Delivery Reports, the sending server is. With Recipient Filtering enabled, emails that are destined for your domain but have invalid email addresses in the To, CC or BCC fields,will be turned back and your server will not generate a Non-Delivery Report.

      If a spammer is sending you emails (probably with the sender address spoofed – made up or harvested from the internet or other sources), with Recipient Filtering enabled, their server (or probably a PC) is responsible for sending the NDR. Without it being enabled, your server is responsible and will send a Non-Delivery Report to the supposed sender of the message, which in the case of a spoofed email, is an innocent recipient who had not emailed you in the first place, or if you are very unlucky, a spam trap designed to catch spam emails (an email address that has never been advertised) which will get your server added to the Backscatterer.org blacklist.

      So, if you get listed on Backscatterer.org – it is because of poor configuration and nothing else. If you are listed on Backscatterer.org – enable Recipient Filtering or install some good Anti-Spam software such as Vamsoft ORF which can easily handle Recipient Filtering (if your server is Windows / IIS based). Then you can request de-listing from Backscatterer.org and you won’t be blacklisted any longer.

  2. Dear Alan, I am one of your craziest follower in Experts-exchange, i need your valuable guidiance to write on EE…

    i have a issue…. I installed microsoft exchange2003 server with all updates and Mcafee Groupshield on it … and with public ip on a lan i published through smallbusiness.yahoo.com…. (where in dns i change Mx, A, Cname point to my domain exchange name, and dns is same of yahoo domains i left it as it is ) few days exchange works fine…. one day i got mail return back from 1 mail ..to hotmail… whcn i check it the message appers that reverse DNS issue…. when i contact yahoo regarding this issue they said they’ll not support for external publishing… so they’ll not help…again after few day’s we got again an error that your ip is listed in spamhaus… when i cehck spamhaus.org ” 93.178.24.104 is listed in the XBL” i make a request to blacklist removal… but again and again it’s appearing… so i need your valuable guidiance regarding this issue…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: