Yahoo and Spamhaus

Yahoo has updated and modified their postmaster pages. They have also put a lot of work into clarifying their response codes. The changes should help senders identify and troubleshoot problems without relying on individual help from Yahoo.
There is one major change that deserves its own discussion. Yahoo is now using the SBL, XBL and PBL to block connections from listed IP addresses. These are public blocklists run by Spamhaus. Each of them targets a different type of spam source.
The SBL is the blocklist that addresses fixed spam sources. To get listed on the SBL, a sender is sending email to people who have never requested it. Typically, this involves email sent to an address that has not opted in to the email. These addresses, known as spamtraps, are used as sentinel addresses. Any mail sent to them is, by definition, not opt-in. These addresses are never signed up to any email address lists by the person who owns the email address. Spamtraps can get onto a mailing list in a number of different ways, but none of them involve the owner of the address giving the sender permission to email them.
Additionally, the SBL will list spam gangs and spam supporters. Spam supporters include networks that provide services to spammers and do not take prompt action to remove the spammers from their services.
The XBL is a list of IP addresses which appear to be infected with trojans or spamware or can be used by hackers to send spam (open proxies or open relays). This list includes both the CBL and the NJABL open proxy list. The CBL list machines which appear to be infected with spamware or trojans. The CBL works passively, looking only at those machines which actively make connections to CBL detectors. NJABL lists machines that are open proxies and open relays.
The Policy Block List (PBL) is Spamhaus’ newest list. Spamhaus describes this list as

The Spamhaus PBL is a DNSBL database of end-user IP address ranges which should not be delivering unauthenticated SMTP email to any Internet mail server except those provided for specifically by an ISP for that customer’s use. The PBL helps networks enforce their Acceptable Use Policy for dynamic and non-MTA customer IP ranges.
PBL IP address ranges are added and maintained by each network participating in the PBL project, working in conjunction with the Spamhaus PBL team, to help apply their outbound email policies.
Additional IP address ranges are added and maintained by the Spamhaus PBL Team, particularly for networks which are not participating themselves (either because the ISP/block owner does not know about, is proving difficult to contact, or because of language difficulties), and where spam received from those ranges, rDNS and server patterns are consistent with end-user IP space…

Generally, email service providers and bulk senders only need to be concerned about the SBL. Being listed on the SBL is a sign that your subscription processes allow addresses to be subscribed by people who do not own those addresses. Removal from the SBL involves fixing subscription processes and verifying that all recipients do actually want to receive your email.
Generally ESPs and bulk senders should not be listed on either the XBL or the PBL. I am aware of a couple cases where senders were listed on the XBL, but in all these cases there was a Windows machine inside the company infected with a trojan sending spam. Once the machine was cleaned, the listing was removed promptly. Senders listed on the PBL should talk to their ISP for resolution.

Related Posts

Blogroll

I added a few blogs to my blogroll today.
Terry Zink works at Microsoft handling spam blocking issues for one of their platforms. His posts offer insight into how recipient administrators view spam filtering. He has a long, information dense series of posts on email authentication.
E-mail, tech policy, and more is written by John Levine, a general expert on almost everything internet, especially spam and abuse issues. He posts somewhat irregularly about interesting things he sees and hears about spam, abuse, internet law and other things.
Justin Mason’s blog contains information from the primary SpamAssassin developer. Like Terry’s blog, it gives readers some insight into the thought process of people creating filters.
Al Iverson’s blogs have been on my blogroll for a while now. His DNSBL resource contains information about various DNSBL and how they work against a single, well defined mail stream. His spam resource blog provides information about delivery and email marketing from someone who has been in the industry as long as I have.
Email Karma is Matt Verhout’s blog and contains a lot of useful delivery information.
No man is an iland provides practical information on marketing by email. Some of the information is delivery related, a lot more of it is solid marketing information. Mark often points to useful studies and information posted around the net.
MonkeyBrains has always entertaining and informative articles about delivery, email marketing and practical ways to make your email marketing more effective.

Read More

ISP Postmaster sites

A number of ISPs have email information and postmaster sites available. I found myself compiling a list of them for a client today and thought that I would put up a list here.

Read More

Changes at Comcast

I can usually tell when one of the ISPs makes some change to their incoming spam filtering just by my call volume. The past few weeks the ISP in most of my calls has been Comcast. And, what do you know, they have made changes to how they are filtering email.
According to their bounce message, Comcast is using ReturnPath’s proprietary SenderScore product to filter mail. Reports on thresholds vary, but IPs with SenderScores of 70 and below have been blocked with messages similar to:

Read More