Plusnet server on Trend blacklist

198kHz · ‎30-07-2008

Update: It seems the problem I outlined above re "Deleted Not Read" is something different.
Despite the contrary indication, it appears that the recipient did in fact successfully receive the email, and all is normal today.

Murphy was an optimist
Zen FTTC 40/10 + Digital Voice FRITZ!Box 7530
BT technician (Retired)

nal2008 · ‎01-03-2008

Any idea why PlusNet are on the list in the first place?
Nigel

snozboz · ‎27-07-2007

I've just had one of the Trend Micro blocked & bounced messages after sending to an NHS address.
Is there anything we can do to help resolve this? Should we keep contacting the CSC? Should we keep posting examples on this forum thread? Or should we stop contacting CSC about it? What would help most to keep the urgency level high, while freeing people to actually solve the problem?

HPsauce · ‎02-02-2008

There's usually little or nothing you as a user can do once the mail host (PN in this case) are aware and involved, these blacklists work to their own rules and timescales.

bobpullen · ‎04-04-2007

Quote from: nal2008
Any idea why PlusNet are on the list in the first place?

Yes, Trend will have seen spam originating from our relay servers. This could have been messages hitting the honeypots they have set up or emails that have been reported to them. Either way, they considered it sufficient enough to warrant a place on their blacklist. We have outbound spam filtering and throttling controls in place (courtesy of Cloudmark), however no solution is perfect and an element of manual housekeeping is always required. Customers' accounts can get compromised where they respond to phishing emails etc. and when this happens spammers can use Webmail or SMTP authentication to send out shed-loads of unsolicited messages. It looks like a few instances have slipped through the net recently.

Quote from: Simon
... the MAPS entry (?) at http://www.mail-abuse.com/cgi-bin/show_listing.cgi?5188052 shows that abuse@plus.net were sent a notification on Fri, 4 May 2012 at 01:48:07.
I raised a ticket yesterday and was told that they "appear to have noticed 2 examples at present", then told they had requested RBL removal at 16:40 yesterday and to allow at least 24 hours then retest.
Do Plusnet ignore messages from what would seem to be major black lists(Trend Micro in this case)?

No, although that's a busy mailing list and whilst we do our best to respond to messages, we don't typically reply to them all even where we do take action. You'll notice this mentioned in the auto-responder if you send a message to the address. There's a possibility we didn't pick the message up until after the bank holiday if I'm honest.

Quote from: snozboz
Is there anything we can do to help resolve this?

Send your email using a non-Plusnet SMTP server. I can't vouch for how reliable it is but Rich posted about one such service here.

Quote from: snozboz
Should we keep contacting the CSC?

Absolutely not. There's nothing they can do to speed up resolution and it will increase wait times for those with problems they can help with.

Quote from: snozboz
Should we keep posting examples on this forum thread?

No, you don't need to. Interested in hearing from people when the problem ceases to exist though. Otherwise we'll update this thread if/when we receive confirmation from Trend that we've been removed from their list.

Quote from: snozboz
What would help most to keep the urgency level high, while freeing people to actually solve the problem?

The urgency is already high, thus the Service Status thread.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

cdsheldon · ‎11-05-2012

I have been informed that trend started blocking PlusNet emails on 4th May. It is only in the last 48hrs that I have received rejection emails, however users should be made aware that any emails sent in the last week may have been blocked. This might explain why I haven't received replies to some emails I have sent to government organisations.
I suggest PlusNet advise customers that this problem may have been present for a week so emails can be resent once the problem is fixed (which at present it isn't).

orbrey · ‎18-07-2007

Hi cdsheldon,
Thanks for that, it's a great idea and we'll make sure to mention it when we update/close off the service status thread so people are advised to check and resend as required.

MrToast · ‎31-07-2007

Quote from: Bob
Customers' accounts can get compromised where they respond to phishing emails etc. and when this happens spammers can use Webmail or SMTP authentication to send out shed-loads of unsolicited messages.

How can this happen when 'Tar pit' and daily limits are in place. Or are there shed loads of compromised accounts?
A thought for the future: When IPv6 is implemented for the outgoing relays would it be possible to assign a different host address for each user account? Then when an address shows up on a block list it relates to the compromised account rather than the whole platform.
I don't know if block lists have caught up with IPv6 yet....

Anteaus · ‎02-08-2007

Just had a conversation with Romina Susaya of Trend about this, and it seems that at least some of the spam emails are being relayed from a North African IP address:
Received: from [212.159.14.19] by <removed> via sendmail with smtp;
> for 2 recipients; Wed, 09 May 2012 23:05:08 -0700
> Received: from localhost ([41.96.33.241])
> by avasout04 with smtp
> id 7z4z1j0015C98zM01z57nk; Thu, 10 May 2012 00:05:08 +0100
If this is the case then there might be some kind of security problem.
Just thought I'd pass this on.
Though, IMHO it's past time the Law took an interest in the activities of these DNSBL list operators. The same law that says you may not take the law into your own hands, and that it is impermissible to issue blanket punishments which catch innocent people as well as crooks.
The bottom line is that people who get spammed do so mainly because they have posted their email address on a webpage somewhere. If we could only get that message across, it would serve far more purpose in controlling spam that any blacklist. Security starts with prevention, not with ~~cure~~ symptom treatment.

MrToast · ‎31-07-2007

Still not able to send email to Optusnet accounts due to this RBL. Wonder if ISPs who are so aggresive in the way that they use RBLs ever end up on them themselves .

Anteaus · ‎02-08-2007

Quote from: MrToast
Wonder if ISPs who are so aggresive in the way that they use RBLs ever end.

Don't think it's the ISPs, more likely the recipient companies have a massive spam problem because their email addesses are harvestable from the company website. They install heavier and heavier spamfiltering in an attempt to control the flood of junk. Eventually they start losing a substantial number of valid messages. At that point, management start asking questions.
On one such site over 99.9% of ~10k emails a day were spam. The company had numerous regional websites, all with harvestable addresses. The website maintainer was contacted about this, and claimed he'd never heard of harvesting.

After being told to fix the sites pronto or be sacked

the spam problem gradually reduced.

MrToast · ‎31-07-2007

Optusnet is an ISP aimed at the low end of the Australian retail market. Maybe that pushes them towards crude SPAM management.

MrToast · ‎31-07-2007

Plusnet Relays appear to have dropped off Trend RBL now

Minxymoo · ‎22-07-2009

I hope this will be sorted soon as I've had four of these error messages, two on Thursday while trying to e-mail the NHS (our GP have an e-mail service) and two today while trying to e-mail my local leisure centre. I contacted the company via their on-line contact form and this is the response I received:
“Hello,
This IP is listed because we have seen spam activity from it. It is possible that the IP address hosting your mail server was compromised and was used by malicious third parties to send spam. We still see very recent spam activity from this IP.
You may need to contact your ISP or your mail administrator, as they may have the fix to the mail servers affected to stop the spamming. After they stop the spam, only then can we remove it from the list.”
Will this be sorted soon?

Minxymoo · ‎22-07-2009

I've just tried e-mailing NHS address and it's been blocked with same error message as before.

Plusnet server on Trend blacklist

Re: Plusnet server on Trend blacklist

Re: Plusnet server on Trend blacklist

Re: Plusnet server on Trend blacklist

Re: Plusnet server on Trend blacklist

Re: Plusnet server on Trend blacklist

Re: Plusnet server on Trend blacklist

Re: Plusnet server on Trend blacklist

Re: Plusnet server on Trend blacklist

Re: Plusnet server on Trend blacklist

Re: Plusnet server on Trend blacklist

Re: Plusnet server on Trend blacklist

Re: Plusnet server on Trend blacklist

Re: Plusnet server on Trend blacklist

Re: Plusnet server on Trend blacklist

Re: Plusnet server on Trend blacklist