Demon’s (Thus Telecom) Response about their mail server’s being Blacklisted – Do they give a damn?

A customer of ours was having trouble sending us emails recently and the usual reason is that the IP Address of the mail server that was sending the mail to us is blacklisted (our servers check against various blacklists to cut down on spam just like every other good mail server should).

So, after receiving a copy of the email headers from our customer, we checked the sending server’s IP Address 195.173.77.148 and sure enough, on checking on MXToolbox we discovered that they were on 3 blacklists (Lashback / Redhawk and SORBS).

So we asked our customer to get in touch with their ISP (Demon / Thus) and ask them to request that the IP address gets de-listed. That was when the fun started!

After a couple of emails back and forth between us, our customer and Demon (Thus), we received the following response:

—————————————————————————————————————
“It appears that it-eye.co.uk are using SORBS to filter their mail.

There are many blacklists available on the Internet but not all blacklists are created equal. We actively monitor a number of the larger public ones to ensure that we are aware of problems with both our service machines and our customers.

However, it is our opinion that this particular list is a rather aggressive one and sees abuse teams as the enemy rather than an ally.

They also do not appear to provide any evidence for their listings so we will not be submitting any removal requests.

Recipients must understand that if they use such lists, they may very well be losing legitimate mail.

If this is causing you difficulties then there are 2 options available to you:

1. Alter your configuration to send mails directly rather than via our smarthost (if your systems are able to support this).
2. Send your mails to one of the smarthost machines that aren’t presently listed; this is a list of the current machines:

195.173.77.132
195.173.77.133
195.173.77.134
195.173.77.148
195.173.77.149
195.173.77.150

Please note that this is only given as a possible fix for a temporary problem and that you generally should only refer to the smarthosts as ‘post.demon.co.uk’.


Network Abuse Team
THUS
a Cable&Wireless Worldwide business”

—————————————————————————————————————
Having picked myself up off the floor, I decided to check out the IP addresses that they listed and guess what, here are the results!

195.173.77.132 – Blacklisted on Backscatterer.org – (badly configured server) plus Lashback & Sorbs
195.173.77.133 – Blacklisted on Lashback & Sorbs
195.173.77.134 – Blacklisted on Backscatterer.org – (badly configured server) plus Lashback & Sorbs
195.173.77.148 – Blacklisted on Lashback, Redhawk & Sorbs
195.173.77.149 – Blacklisted on Lashback & Sorbs
195.173.77.150 – Blacklisted on Backscatterer.org – (badly configured server) plus Lashback & Sorbs

Now you don’t get listed on Backscatterer.org unless your servers are badly configured and send out Non-Delivery Reports to spammers, so it is very clear that Demon do not have a clue about configuring mail servers and clearly don’t care that their IP Addresses are blacklisted and are not prepared to do anything about it. Please read the Wikipedia explanation of what Backscatter is.

So – ask yourself – are you going to use Demon as your ISP? I certainly know that they won’t be appearing on my top 1 million ISP’s 🙂

Advertisements

Why Am I Blacklisted?

The most common reason for being blacklisted is because one or more computers on your network has become infected with a mass-mailing virus and is sending out spam.

Check to see which blacklists you are on and also why you are blacklisted by visiting http://www.mxtoolbox.com/blacklists.aspx and click on the link under the reason column to find out why.

If you can – lock down your firewall to block all outbound traffic on TCP port 25 from all computers except your mail server. Most spammers will try to use this post to send mail, so blocking the port will stop most spam immediately.

Check your computers with a tool such as Malwarebytes http://www.malwarebytes.org and download / install their free software and run a basic scan after updating the software online. Remove anything that it finds.

Once you have located and removed any infections on your computers, re-visit the blacklist sites and request de-listing. Some will do this immediately and others will wait a short while. Some sites will ask you to pay for express de-listing – this is up to you, but do make sure you are infection free before paying as you will quickly get listed again if you have not resolved the problem.