Spam No More! How do I convince gmail of this?
May 1, 2009 8:53 PM Subscribe
How Do I Get Hosts to Stop Labeling My Email As Spam?
For the last five years or so, spammers have been systematically spoofing my domains, and sending out the usual Viagra and whatnot emails under my name. I finally asked my hosting service the right question, in the right way, and they finally uncovered the misconfiguration that apparently allowed this to happen. Since my domain name rep is now so shredded that even my actual emails to myself get automatically routed into my Spam Box, I'm curious: How do I go about reversing this, so that my actual emails get sent to my customers' inboxes, instead of their spam boxes?
For the last five years or so, spammers have been systematically spoofing my domains, and sending out the usual Viagra and whatnot emails under my name. I finally asked my hosting service the right question, in the right way, and they finally uncovered the misconfiguration that apparently allowed this to happen. Since my domain name rep is now so shredded that even my actual emails to myself get automatically routed into my Spam Box, I'm curious: How do I go about reversing this, so that my actual emails get sent to my customers' inboxes, instead of their spam boxes?
Two things you can do with your domains is to set up both SPF and DomainKeys/DKIM entries. They won't guarantee delivery, but they do help a lot. If your hosting service's servers were misconfigured, they may be on a blacklist. Getting a mail server off of those blacklists can range from easy to very hard, so you may have to change providers.
posted by zsazsa at 9:12 PM on May 1, 2009 [1 favorite]
posted by zsazsa at 9:12 PM on May 1, 2009 [1 favorite]
If you're on a bunch of blacklists, you could try systematically appealing to ones that have you listed, explaining your situation. Other than that, I don't think you have a lot of options (dnsbl's are highly controversial for this reason) beyond using a different domain for your outgoing business email.
If you're not on DNSBL, the problem might be the contents of your email is triggering the Bayesian algorithms anti-spam products use. SpamAssassin has some general advice about avoiding false positives.
posted by cj_ at 9:14 PM on May 1, 2009 [1 favorite]
If you're not on DNSBL, the problem might be the contents of your email is triggering the Bayesian algorithms anti-spam products use. SpamAssassin has some general advice about avoiding false positives.
posted by cj_ at 9:14 PM on May 1, 2009 [1 favorite]
Response by poster: Useful answers, all. Thanks!
To fill things in a bit, I just had SPF and Domain Keys put in a few days ago. (Apparently, there was an SPF in place before, but it was a bit off...)
>If you have either an open relay or no Reverse DNS set, you have a problem.
Hmm. An Open Relay was indeed reported by mxtoolbox... I remember reporting an Open Relay to my host before, and being told that no, there was no such problem. I may bring this up to them again.
>SpamAssassin has some general advice
Good reminder-- thanks.
posted by darth_tedious at 9:35 PM on May 1, 2009
To fill things in a bit, I just had SPF and Domain Keys put in a few days ago. (Apparently, there was an SPF in place before, but it was a bit off...)
>If you have either an open relay or no Reverse DNS set, you have a problem.
Hmm. An Open Relay was indeed reported by mxtoolbox... I remember reporting an Open Relay to my host before, and being told that no, there was no such problem. I may bring this up to them again.
>SpamAssassin has some general advice
Good reminder-- thanks.
posted by darth_tedious at 9:35 PM on May 1, 2009
Is this server dedicated to just your organization or is it a shared server?
You can test if you indeed have an open relay by following the steps here. Basically, look at the statements you're going to type and play spammer-- use a bogus FROM address and attempt to send yourself some e-mail. You can report your findings to your provider to get a resolution or excuse as to why you (yourself) would be able to do that.
posted by ijoyner at 9:56 PM on May 1, 2009 [1 favorite]
You can test if you indeed have an open relay by following the steps here. Basically, look at the statements you're going to type and play spammer-- use a bogus FROM address and attempt to send yourself some e-mail. You can report your findings to your provider to get a resolution or excuse as to why you (yourself) would be able to do that.
posted by ijoyner at 9:56 PM on May 1, 2009 [1 favorite]
It may be time to change addresses. The reputation of the existing one may be beyond repair.
posted by Chocolate Pickle at 9:57 PM on May 1, 2009
posted by Chocolate Pickle at 9:57 PM on May 1, 2009
Blacklists don't go by domain names because it's trivially easy to fake email from any domain. Changing your domain name probably isn't going to help your deliverability. It would be helpful to know the domain you're sending from, it's been a few years since I've supported email servers but I could check a few things out.
posted by TungstenChef at 10:46 PM on May 1, 2009 [1 favorite]
posted by TungstenChef at 10:46 PM on May 1, 2009 [1 favorite]
Actually, domain names often do feature strongly in Bayesian filters, just as do any other consistent strings appearing in spam. My Bayesian filter, for example, gives an extremely high spam score to the string "yahoo" because I get a lot of spam from there, or pretending to be from there, and no one I care about uses it. It doesn't matter if the yahoo mail address is spoofed, or if it's real. All that matters is that the string appears in much of my spam, and none of my good emails. So these days it's a nearly foolproof market to indicate that a given email is spam, and my Bayesian filter has learned to use it that way.
Given the way that Bayesian filters are so seriously decentralized, once your domain has been poisoned, there's no way to get it back. There are tens of thousands of individual Bayesian filters out there which probably now have your domain name tagged as a spam indicator. The only thing you can do is abandon that domain name and switch to another.
posted by Chocolate Pickle at 11:19 PM on May 1, 2009 [1 favorite]
Given the way that Bayesian filters are so seriously decentralized, once your domain has been poisoned, there's no way to get it back. There are tens of thousands of individual Bayesian filters out there which probably now have your domain name tagged as a spam indicator. The only thing you can do is abandon that domain name and switch to another.
posted by Chocolate Pickle at 11:19 PM on May 1, 2009 [1 favorite]
That should have been "foolproof marker".
posted by Chocolate Pickle at 11:19 PM on May 1, 2009
posted by Chocolate Pickle at 11:19 PM on May 1, 2009
No one would write a spam filter that went by email hostnames, because spoofing is so easy. in fact, for years and years there was no way to prevent it.
But thing is, there is nothing you can do to prevent anyone from spoofing spam emails. If your host was misconfigured, it sounds like you had actually been forwarding spam. That would actually cause your host to get blacklisted. But you might be able to fix that simply by changing mail servers.
On the other hand, what Chocolate Pickle is saying is ridiculous. I mean, do you seriously think many mail servers filter "yahoo.com" email addresses for their users due to spoofing? Obviously not. It wouldn't work at all for anyone who had friends who used yahoo's email service, and since a server administrator doesn't know whether their users would or wouldn't, it wouldn't make sense for them to filter that domain.
On the other hand, a small domain with just a few users would probably only account for a tiny percentage of spam, and therefore probably not make much of an impression on spam lists.
posted by delmoi at 12:30 AM on May 2, 2009
But thing is, there is nothing you can do to prevent anyone from spoofing spam emails. If your host was misconfigured, it sounds like you had actually been forwarding spam. That would actually cause your host to get blacklisted. But you might be able to fix that simply by changing mail servers.
On the other hand, what Chocolate Pickle is saying is ridiculous. I mean, do you seriously think many mail servers filter "yahoo.com" email addresses for their users due to spoofing? Obviously not. It wouldn't work at all for anyone who had friends who used yahoo's email service, and since a server administrator doesn't know whether their users would or wouldn't, it wouldn't make sense for them to filter that domain.
On the other hand, a small domain with just a few users would probably only account for a tiny percentage of spam, and therefore probably not make much of an impression on spam lists.
posted by delmoi at 12:30 AM on May 2, 2009
You need to sort out whether this 'misconfiguration' really was something that was allowing spammers to send messages from the server; the fact that you detected an open relay indicates that's likely.
SPF and DomainKeys may help, but if you've been relaying spam the most important thing is to get your mail server onto a different IP range (otherwise all the SPF is saying is "yep, this message definitely comes from that dodgy blacklisted IP"). If I was in your situation the first thing I'd do is change hosting firm to disassociate the domain with the affected IP address(es) (and to get away from a hosting firm that can't even secure a mail server).
posted by malevolent at 1:21 AM on May 2, 2009 [1 favorite]
SPF and DomainKeys may help, but if you've been relaying spam the most important thing is to get your mail server onto a different IP range (otherwise all the SPF is saying is "yep, this message definitely comes from that dodgy blacklisted IP"). If I was in your situation the first thing I'd do is change hosting firm to disassociate the domain with the affected IP address(es) (and to get away from a hosting firm that can't even secure a mail server).
posted by malevolent at 1:21 AM on May 2, 2009 [1 favorite]
First, fix the problems. You've probably been contributing to spam proliferation, and are being blacklisted accurately. If you appeal the blacklisting, and continue to contribute to the problem, it will be even harder to fix.
In my experience, mail from yahoo.com/hotmail.com is more likely to be tagged as spam. Good filtering considers a wide variety of factors.
posted by theora55 at 7:28 AM on May 2, 2009
In my experience, mail from yahoo.com/hotmail.com is more likely to be tagged as spam. Good filtering considers a wide variety of factors.
posted by theora55 at 7:28 AM on May 2, 2009
do you seriously think many mail servers filter "yahoo.com" email addresses
I maintain some pretty big mail servers. I used to run one that you've probably used. And yes, a message that contains yahoo.com is generally marked as being more spammy than a message that doesn't. But, that doesn't mean all yahoo.com addresses are blocked.
The text "yahoo.com" rates pretty highly in most Bayes databases. What you're not realizing is that spam blocking is much more complicated than "Yahoo.com == block it!", but if you combine "yahoo.com" with other spam indications, like a bad SPF lookup or the presence other suspect words (Acai comes to mind), then it's a VERY good indication that you're looking at spam.
This sort of filtering is in use quite widely. Many many many mail servers mark "@yahoo.com" email addresses as being more likely to be spam than @metafilter.com. It's (hopefully) not enough to block mail by itself.
But... that's not the point. If the OP's mail server was an open relay (which means it'll accept mail from anywhere, addressed to anywhere else, and happily deliver it) then it was blacklisted (quite legitimately) for that. If mxtools says you're still on an open relay, then the problem is not fixed, and you are (likely) still legitimately on blocklists.
If your outbound mail was on an open relay for any length of time, then you should change providers. Not only should you not support one that displays such incompetence, but IP-based blocklists have (intentionally) long memories, especially if the problems come back, or aren't completely fixed.
posted by toxic at 11:22 AM on May 2, 2009 [1 favorite]
I maintain some pretty big mail servers. I used to run one that you've probably used. And yes, a message that contains yahoo.com is generally marked as being more spammy than a message that doesn't. But, that doesn't mean all yahoo.com addresses are blocked.
The text "yahoo.com" rates pretty highly in most Bayes databases. What you're not realizing is that spam blocking is much more complicated than "Yahoo.com == block it!", but if you combine "yahoo.com" with other spam indications, like a bad SPF lookup or the presence other suspect words (Acai comes to mind), then it's a VERY good indication that you're looking at spam.
This sort of filtering is in use quite widely. Many many many mail servers mark "@yahoo.com" email addresses as being more likely to be spam than @metafilter.com. It's (hopefully) not enough to block mail by itself.
But... that's not the point. If the OP's mail server was an open relay (which means it'll accept mail from anywhere, addressed to anywhere else, and happily deliver it) then it was blacklisted (quite legitimately) for that. If mxtools says you're still on an open relay, then the problem is not fixed, and you are (likely) still legitimately on blocklists.
If your outbound mail was on an open relay for any length of time, then you should change providers. Not only should you not support one that displays such incompetence, but IP-based blocklists have (intentionally) long memories, especially if the problems come back, or aren't completely fixed.
posted by toxic at 11:22 AM on May 2, 2009 [1 favorite]
« Older A hip hop spoofish song that played on alternative... | What are the very best hard candies? Newer »
This thread is closed to new comments.
If you don't know your mail server, enter your domain name. It will tell you what your mail server(s) is.
From there, go to diagnostics and run diagnostics on said mail server.
If you have either an open relay or no Reverse DNS set, you have a problem.
You can also compare your mail server to blacklists on the Internet with the blacklists tab.
Report back what you get so we know what the issue is exactly.
posted by ijoyner at 9:06 PM on May 1, 2009 [3 favorites]