| Re: BACKSCATTERER problem... We are an ISP |
|
 |
|
 |
|
 |
|
 |
Author: Herb Oxley Date: Jan 31, 2008 06:43
> On Jan 30, 2:27 am, restr...@fastmail.fm (Herb Oxley) wrote:
>> Parthe gmail.com> wrote:>>> Whilst I fully appreciate the issues that backscatterer.org and other
>>> RBLs have, what can ISPs like my company do? You won't delist us but
>>> we don't control our customers mail servers. >>
>> If you're an Internet service provider you SHOULD have Terms of Service
>> which address issues such as backscatter and other spam issues resulting
>> from inadequate customer security and configuration and contract terms
>> which allow you to suspend outgoing SMTP traffic from any customer
>> by filtering their Port 25 after you notify them and
>> give them a chance to correct the abusive email traffic.
[regarding good T&C and enforcement of same regarding email abuse]
> We have those T&Cs and we do suspend companies who are poorly
> configured. The issue here is that by the time we know a company has a
> poorly configured mail server so does the rest of the Internet. As we
> are the next hop it is our IP that is blacklisted. We give the
> customer a chance to sort themselves out and they are monitored
> afterwards to ensure compliance. Unfortunately by that time our IP is
> blacklisted.
The next step then is to identify all IP addresses you rent/provide to
your customers which have an SMTP server on them.
If your T&C allows you to do security scanning,
you could send specially-crafted emails with invalid recipients
with a spoofed source address on another network you have access to.
Those emails which get sent to the "spoofed" addresses show the server
they were sent to has a problem with backscatter.
Just make sure the network you direct backscatters to doesn't have any
spam filtering on the account you use.
If your T&C doesn't give you the right to do security audits on your
customers unannounced, then contact them and make arrangements and get
their permission to send these test emails.
That's the only way I can think of where you can find problems before your
network gets blacklisted.
Keep in mind public blacklists may be a tip-of-the-iceberg situation;
there are quite a few server admins who don't use public lists but simply
maintain their own internal lists of addresses and networks which they've
received excessive amounts of "junk" email from.
Those lists are much harder to get out of!
Now this won't cover the more esoteric conditions (such as when an
Exchange server behind a non-MS gateway server rejects for "mailbox full")
however the gateway server SHOULD be able to tell whether an address is
valid or not at SMTP-time.
Those who use something like an older Cisco PIX or early Barracuda
appliance need to upgrade to something which supports LDAP.
--
The published From: address is a trap.
| 
