Constantcontact.com Mail Servers Cannot Send mail to servers using Greylisting!

We have recently started using Constantcontact.com to keep our customers up-to-date with the goings on at our company and have been very happy with the service until today when we looked at the number of invalid email addresses that were being reported. Upon investigation, we even discovered that the emails to our own servers that use Vamsoft ORF for Anti-Spam filtering, with Greylisting configured, was not receiving any of the emails being sent from Constantcontact.com.

For those of you that don’t know what Greylisting is, it is a method used by Anti-Spam software to reject the first send attempt from an email address that the server has not received mail from before. Because most spammers will only try to send a message once, then move on to the next target, they don’t usually come back to try again. As an anti-spam tool, this technique is incredibly effective. If the sending mail server tries to send the message again, then the receiving server using Greylisting will not reject the second connection attempt unless it has other issues with the sender, the sending server or the sender’s IP Address etc.

Getting back to Constantcontact.com – having contacted their support team, it was determined that their servers only ever send a message the once and if they encounter a server that uses Greylisting, their servers cannot distinguish between an invalid email address rejection message (550 5.1.1 Unknown User Error) and a Temporary Rejection Message (451 4.7.1 Temporary Rejected – Try Again Later), so they fail the send attempt and class this as an invalid email address. They advise that an email will get tried again 16 days later, but most Greylisting software has a timeout of 24 hours, by which time if they haven’t heard back from the sending server, they then temporarily reject the next connection attempt and then start the 24-hour countdown again. With a 16-day retry interval, the mail from Constant Contact will NEVER reach a mail server using Greylisting.

The support team at Constant Contact’s advice was to contact the recipients and request that they Whitelist (expressly allow mail from their mail servers) the Constant Contact IP Addresses. Considering that we had about 150 “Invalid Email Address” rejections out of about 500 messages, we didn’t find the suggestion that we should contact every customer who they couldn’t email to ask them to Whitelist the Constant Contact mail server addresses a very helpful or indeed practical solution.

As an Exchange Administrator – I am reluctant to Whitelist IP Addresses / mail servers as this can open up the receiving server to problems should the sending server that is Whitelisted become infected. As the problem would appear to be an issue with the mail server configuration at Constant Contact not retrying an email, we have decided to look for an alternative provider that can work properly with servers using Greylisting.

If you send out messages using Constant Contact and have plenty of “Invalid Email Addresses” in your mailing list, then you need to think about using a different provider until they change their working practises because the chances are your email addresses are perfectly valid, but you won’t ever be able to send them emails using Constant Contact.

You have been warned.

****** UPDATE *******

Further to the above information, it now appears that Constant Contact can work happily with Greylisting servers, but the bigger problem that they face at the moment is being blacklisted on pretty much all their servers by UCEProtect Level 1.

British Telecom (BT) Bureaucracy Over Reverse DNS Record without MX Record

During a recent installation of an Small Business Server server for a customer whose mail we currently host, I requested the customer arranged for a fixed IP Address with their Internet Service Provider (ISP) who was British Telecom (BT Broadband) and this was quickly and easily implemented.

Once the fixed IP Address had been registered on their Firewall / Router and I had determined it was Blacklist free, I asked my customer to request that BT setup Reverse DNS on the fixed IP Address so that we could move their mail from our servers to their new server. Our customer not being very technical, asked me to send the email request to BT and gave me the email address that BT had given to them to email a request. That email address was reverse.dns@btbroadbandoffice.com. I sent my original request to BT on the 7th January, chased them again on the 12th January and then finally sent a 3rd request on the 20th January. Having heard nothing at all and still not having Reverse DNS setup, on the 26th January I asked my customer to give them a call and ask them what the problem was and why do they not even bother to reply to any emails that they are sent.

After lengthy phone calls between my customer and BT, my customer and myself and BT and myself, BT advised me that they can’t or won’t setup Reverse DNS records without first having an MX record pointing to the IP Address. I advised them that there won’t be an MX record pointing to the IP Address until they configure Reverse DNS. This was standard policy for BT and apparently the same with all other ISP’s. I advised them that they were the only ISP that had ever requested anything like this and that I would probably be advising my customer to use a different ISP, one that doesn’t make such ridiculous requests.

So – at a stale-mate situation and after advising BT what I thought of them – something I regularly do when it comes to BT and their ridiculous policies – I asked them if the addition of an additional MX record would meet their needs and allow them to setup Reverse DNS. They advised me (after putting me on hold again for another eternity), that this would unlock their handcuffs and allow the record to be setup.

So, having waited 48 hours for the new MX record to be propagated in DNS, I asked my customer to talk to BT again and request that Reverse DNS is setup.

With any luck – they will have actioned this and I can complete the mail migration from our servers to their own server.

It has only taken 3 weeks to get something simple setup – something that would take out ISP (www.bethere.co.uk) about 5 minutes to implement – although I am still checking to see if the record has been configured and as of now (00:52 hrs on the 1st February), still no Reverse DNS record is configured as per the latest request.

I am meant to be seeing my customer today to complete the mail migration – somehow I think I am going to have to postpone it yet again.

So – if you ever want BT to setup Reverse DNS – make sure you have an MX record pointing to the IP Address or you will get incredibly frustrated as I have with them (yet again).

Alternatively, don’t bother using BT Broadband in the first place. Find a decent ISP that can accommodate your simple requests without putting up hurdles for you to jump over.

Once upon a time – when I wanted a fixed IP Address with BT – they asked me for £100 to set it up ad £10 a month. Needless to say I moved ISP’s very quickly after I had picked myself up from the floor and had stopped laughing : )