About
From time to time we (Tufts) spam the outside world when an account or accounts gets compromised. There are a number of outcomes that can result in the tufts mail domain being temporarily or permanently blocked from being able to send mail to recipient domains as part of this.This article describes some of them.
Tufts also may block some emails to recipients outside of the university, if the recipient is blacklisted on an external blacklist service we reference. (discussed below)
Different types of reactions from recipient domain
- Nothing - Some mail domains will not get enough spam for us, or will not have thresholds set to block the tufts domain (or we may be on their whitelist!) and no action is taken
- Temporary Blacklisting - some mail services will place us on a brief hold (anywhere from 24hrs to 4 weeks) and then we are automatically allowed to email them again
- Time shift temporary blacklisting - This works similarly to temporary listing, but we're only blacklisted for a shorter period of time from the LAST spam event, so it may be 24 hours after the last spam event is recieved
- Blacklist (single host) some services will blacklist JUST the smtp relay that sent to them, which gives the impression that "some mail goes through, some doesn't"
- Blacklist via service - some recipient domains are members of trust organizations, that will monitor their receipts. Getting whiteliested or de-listed from those trust organizations will return service
- Blacklist via recipient domain - some recipient domains keep their own black-list or augment their trust organizations with their own list.
Services to check if we are blacklisted:
1. http://MultiRBL.Valli.org
2. http://www.senderbase.org/
3. http://JustSpam.org
4. http://BlacklistAlert.org/
IPs to Check:
130.64.213.204
130.64.213.205
130.64.19.52
130.64.19.53
130.64.113.6
130.64.213.196
Keep it Simple ways to check
Read the bounce messages, often it will be an error in the 500's sometimes 544, like the below example:
> > SMTP error from remote mail server after initial connection: > > host MX.nyu.edu [128.122.119.206]: 554-r1.home.nyu.edu > > 554 Your access to this mail system has been rejected due to the > > sending MTA's poor reputation. If you believe that this failure is in > > error, please contact the intended recipient via alternate means. > >
Generally the next steps are to visit the recipient domain's website, contact their support desk or abuse@domain.com or postmaster@domain.com to try to find out what their de-listing process is.
Road to remediation
Most services simply make you submit a human-intervention request. Most services these days do NOT allow whitelisting.
Potential Better Permanent solutions
- We could begin scanning our mail on outbound, but this can cause false positives of mail we don't allow to go out to skyrocket.
- We could rate-limit the amount of mail any one account can send over a period of time, this could also have adverse effects based on current business practices.
Frequent Flier Domains that Block Tufts
- tuftsmedicalcenter.org very regularly is the target of compromised accounts and blocks the Tufts Domain. Unfortunately in our discussions with them they are unwilling to whitelist tufts, and often can take 24-96 hours to
- respond to unblock requests.
Tufts blocking outgoing email to blacklisted recipient
If an email address is blacklisted on an international internet blacklisting service, Tufts may be blocking outgoing emails to the recipient. Our email relays reference some of these lists to update our local blacklists on an hourly basis. Tufts has no control over the external service. All we can do locally is exclude the email address on our relays.
After removing the offending email address from our relays, next step is to send some test emails to the previously blocked address and check if they have been delivered. We have no way of verifying what was the original blacklist issue and if it can be corrected. That is the responsibility of the email administrators at the recipient organization.