Using RBLs for email security can bite when you least expect

 

A situation that arose today illustrates the problematic nature of RBL use for spam filtering: A business owner who had been using the same email address to correspond with a client for the past seven years suddenly got a bounceback message from that client stating that she is being blocked by a public blacklist (SORBS). Further research on that site revealed that her IP address was contained in a range of addresses owned by her ISP host that have sent spam in the past.


Our intrepid communicant then tried to contact her customer using her Yahoo email account instead. She was bounced back again, but this time the message stated that her email had been blocked by yet another blacklist (SPAMCOP) in another spamming netblock. At this point, she picked up the phone and called her customer instead. As you can see, the use of blacklists can create high false positive rates…with the capacity to interrupt and damage your business communications with trusted customers.


On another note, many of the reports over the past two days have involved SBC, QWEST, VERIO and BellSouth customers — both hosted and non-hosted — who have been included in ISP spammer netblocks by JAMMDNSBL, SORBS, SPEWS, NOMOREFUNN and DNSBL. Once again, the blacklist companies are not saying that these companies’ specific domains and IP addresses have been spamming…but they are still suffering the consequences.


Reverse DNS issues have expanded again…and include missing PTR (domain name) or “A” (IP address) records…multiple PTR record listings for the same IP…with other checks showing upstream host PTR records instead of the user’s. Keep in mind that while these scenarios don’t usually create NDRs (Non Delivery Reports), they can make it difficult to get de-listed from various RBL sites.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s