Can't send E-mails to CompuServe, AOL, and Comcast
March 22, 2006 2:46 PM   Subscribe

E-mails from my small business are slowly starting to get blocked by AOL, CompuServe, and now Comcast. It appears my ISP (WildBlue) has lots of IPs on some blacklists. What can I do?

Basic background: my business (scientific programming and consulting) is on a hosted server at Dreamhost. The setup is pretty simple. I use the PocoMail client. Outgoing messages go from my WildBlue business account (wildblue.com) via SMTP to my domain at Dreamhost, which sends the E-mail under my TLD (me@mycompany.com).

AOL and CompuServe troubles started intermittently in 2004. Now most addresses bounce with this error:
host mail.mx5.compuserve.com[149.174.40.183] said: 550 5.7.1 IP address denied-4 (in reply to MAIL FROM command)

Comcast problems started this week. Messages now bounce with this error:
host gateway-r.comcast.net[ 216.148.227.126] said: 550-208.97.132.5 blocked by ldap:ou=rblmx,dc=comcast,dc=net 550 Comcast does not support the direct connection to its mail servers from residential IPs. Your mail should be sent to comcast.net users through your ISP. Please contact your ISP or mail administrator for more information. (in reply to MAIL FROM command)

Source of trouble. The trouble appears to be my home WildBlue connection. Its IP (12.213.80.xx) appears as shown below. However I tried a bunch of random addresses by varying the last group (12.213.80.16, 12.213.80.142, etc) and get the same blocked results.
all.rbl.kropka.net http://all.rbl.kropka.net all.rbl.kropka.net LISTED
dnsbl.sorbs.net http://www.dnsbl.nl.sorbs.net/ dnsbl.sorbs.net LISTED - Aggregate zone (contains all DNS zones)
dul.dnsbl.sorbs.net http://www.dnsbl.nl.sorbs.net/ dul.dnsbl.sorbs.net LISTED - Dynamic IP Address ranges (NOT a Dial Up list!)
dynablock.njabl.org http://dynablock.njabl.org dynablock.njabl.org LISTED
ip.rbl.kropka.net http://ip.rbl.kropka.net ip.rbl.kropka.net LISTED
l1.spews.dnsbl.sorbs.net http://l1.spews.dnsbl.sorbs.net l1.spews.dnsbl.sorbs.net LISTED
l2.spews.dnsbl.sorbs.net http://l2.spews.dnsbl.sorbs.net l2.spews.dnsbl.sorbs.net LISTED
spews.dnsbl.net.au http://spews.dnsbl.net.au spews.dnsbl.net.au LISTED


My SMTP server is probably not important, but is 208.97.132.5. According to this blacklist compilation, there is no problem.

My workaround so far has been to use GMail.
posted by hodyoaten to Computers & Internet (15 answers total)
 
You say outgoing messages go via SMTP to your Dreamhost account. How exactly is that set up?

Can you send a message to another address, and post the full headers?

In the short term, there is an easy workaround, which you may already be using. In Gmail, go to settings, then accounts. Add another e-mail address. Use whatever your primary business address is. Gmail will send a confirmation link to you. Click it.

Now that you've done that, you can use Gmail to send mail as yourself (from your business account), AND use Gmail as an outgoing SMTP server. Go back to Gmail, go to settings, click on Forwarding and POP. Read the instructions, and you will be able to relay your outgoing mail through Gmail, and it can look like it came from you.

This works better with an infrequently used Gmail account, as you have to authenticate (and usually download your Gmail messages) to send mail. But I've used this as a workaround for a few people with no problems.
posted by bh at 3:00 PM on March 22, 2006


Change your ISP.
posted by unSane at 3:08 PM on March 22, 2006


My SMTP server is probably not important

On the contrary, it's what's being blocked.
posted by kindall at 3:29 PM on March 22, 2006


208.97.132.5 = a dreamhost IP. Comcast is plonking *that IP* as being in a residential IP block. Comcast is wrong in doing so.

"host gateway-r.comcast.net[ 216.148.227.126] said: 550-208.97.132.5 blocked by ldap:ou=rblmx,dc=comcast,dc=net"

That's Comcast screwing stuff up.

Generally SPEWS and SORBS both suck ass but in this case, they're blocking residential IP addresses. Your WildBlue connection is in fact in a residential IP block. So for it to be blocked by AOL/etc is not unexpected.

Focus on why they're plonking your *Dreamhost* IP address.

Big question: What do you have set as your SMTP server right now?
posted by drstein at 3:32 PM on March 22, 2006


This thread at DreamHost's forum implies that the issue may be back at the ISP level, even though Comcast is showing a reject for a DreamHost IP. That having been said, my parents started having almost the same problems you describe when we switched to Dreamhost, and although their ISP doesn't have the best spam reputation, it doesn't make sense that the issues started when we moved to Dreamhost. I almost wonder if Dreamhost's SMTP servers are passing the originating IP address in a different way than others.

Probably worth submitting to DreamHost's tech deam, as I've had good luck with their level of experience in the past. If you do, I'd love to hear what they say... I just tried enabling SPF on our doman, and will see if that makes any difference.
posted by VulcanMike at 4:47 PM on March 22, 2006


I'm wondering why people seem to think this is an SMTP problem when I've clearly shown that my ISP connection address is blacklisted and the SMTP server is not. Has anyone read what I've written?
posted by hodyoaten at 4:57 PM on March 22, 2006


Hody:
It isan SMTP problem. One of the data points used to validate mail is the sending IP - its included in your email headers and it's put there by your mail client. If the sending IP - that's your computer or comcast router - is in a blacklist, your mail delivery will be blocked. Why? Because spambots (trojan horse programs aka spyware) are commonly used on residential computers and therefore, since you have a sending machine inside a blacklisted range, you're blocked.

The quick answer: in your email program, set your outbound SMTP server to be the one Dreamhost recommends - that IP address isn't in the blocked range, and by sending your mail through it (called relaying) your IP will be stripped from the header and your mail will be delivered.
posted by disclaimer at 5:22 PM on March 22, 2006


This would be a lot easier to sort out if you would post a full message, with all headers intact, sent from your normal account to an outside account (Gmail would be good for this).

Have you checked to see if you might have any malware installed?

Normally, your IP address won't be a factor as long as you are having your mail accepted by a legitimate SMTP server. If you are unknowningly sending spam out, however, you might end up on some lists.

Since you say you have been having intermittent problems for a while, I would think there is another problem.

Drstein appears to be right about Comcast, they are screwing up. But that does not explain the other problems.

Is Wildblue known to harbor spammers?
posted by bh at 5:23 PM on March 22, 2006


I'm wondering why people seem to think this is an SMTP problem when I've clearly shown that my ISP connection address is blacklisted and the SMTP server is not. Has anyone read what I've written?

Yes I read what you wrote, and after reading it I disregarded it entirely, because it is clearly not the cause of your problem. Whether or not your ISP connection is blacklisted is irrelevant because you're not trying to send mail directly from there -- i.e., you are not running your own SMTP server. If you are, stop, but I am pretty sure you would have mentioned it, so I assumed you are not. I also downloaded a copy of PocoMail to see if it does the trick Eudora can do, of acting like its own mini-SMTP server and trying to send mail directly to recipients' mail exchangers. It doesn't seem to.

Anyway, now that we've got that straightened out, on to the issue of why your ISP address is blacklisted. Pretty much every ISP connection that uses a dynamic address is going to be in one blacklist or another, because there are blacklists specifically for dynamic/residential ISP connections. And wonder of wonders, these are exactly the kinds of lists you find yourself in (e.g. "dynablock" or the "all zones" blacklist which includes EVERY ADDRESS ON THE INTERNET). This is absolutely normal and not a problem if you are not running your own SMTP server off the DSL line, which you should not be trying to do anyway. Since home users tend to get infected with viruses and worms and spambots and often lack outbound firewalls, mail server admins want them to be forced to send mail through their ISP's SMTP server. If they are running their own SMTP server it is a good sign that they are sending junk.

If you look at the message you are getting from Comcast it is clearly Dreamhost's SMTP server, not your ISP address, that is being blocked. Have you read what Comcast has written?
posted by kindall at 5:40 PM on March 22, 2006


One of the data points used to validate mail is the sending IP - its included in your email headers and it's put there by your mail client.

Well, no, it's put there by the first SMTP server, usually your ISP's, but it is easy to spoof. I'm unaware of there being much blacklisting based on Received: headers because 1) blacklisting is most effective if done when the connection is made, usually before any data is sent and 2) there is absolutely no guarantee that any of the data is accurate.
posted by kindall at 5:44 PM on March 22, 2006


My outgoing mail server is mail.[mydomain].com. This is exactly what Dreamhost recommends.
posted by hodyoaten at 6:18 PM on March 22, 2006


At the risk of sounding like a broken record, could you post some message headers?

Some ISPs will intercept all outgoing SMTP traffic and route it through their own servers. We can't tell if that is the case, or if there is something else going on unless you post headers.
posted by bh at 6:32 PM on March 22, 2006


I agree with "change ISP" but that may or may not be easy. One thing you can try in the interim is SPF, a mechanism for determining what IP addresses mail from a nominated domain may emanate from. This is only useful if you control your DNS (you do control your DNS, right?).

On the assumption that AOL/Comcast/whoever aren't total bastards, they may be allowing messages from arbitrary IP addresses if those addresses match the SPF records for the domain you're sending from. Certainly I'd give this a go; it has no cost and won't break anything for you if you do it right. It might even work :)

On the other side, you can use SPF to reject quite a bit of spam: if someone is joe-jobbed (spam with fake From) and they have an SPF record, you can bin the bad messages immediately. Checking SPF in your own MTA or even MUA will help your spam problem. If you have an SPF record, spam sent with your name on it can be discarded immediately by MTAs that understand SPF. As you can tell, I'm a new convert to the whole thing :)
posted by polyglot at 8:26 PM on March 22, 2006


"My outgoing mail server is mail.[mydomain].com. This is exactly what Dreamhost recommends.
posted by hodyoaten at 6:18 PM PST on March 22 [!]"

Could you skip the [mydomain] crap and give us some useful information? Obfuscating information is not going to help your situation at all.

Perhaps Dreamhost is screwing around with SMTP redirects. Perhaps they only recently obtained this IP block, and this IP block was previously a dialup block for some podunk ISP.
Either way, post some headers, and don't obfuscate anything.

This IS an SMTP problem. It very likely has nothing to do with your current ISP, if you're using a box at Dreamhost for an SMTP server. If you're using a box at Dreamhost for an SMTP server and the mail gets there successfully, then your ISP is out of the loop.

So, what is "mail.[mydomain].com" exactly? What's the domain? HELP US HELP YOU.
posted by drstein at 10:45 PM on March 22, 2006


As I mentioned above, my parents have been having the same sort of issues via PTD.net via Dreamhost, despite being configured in the same exact way as my completely working machines via RCN (and previously Comcast). We didn't have the issues with any previous host, and they've all been the same general setup as Dreamhost.

hodyoaten, I enabled SPF for my domains via the DreamHost control panel after posting last night, and it seems to have have some impact for my parents. Perhaps try it and see...
posted by VulcanMike at 11:23 PM on March 24, 2006


« Older Pop Song Analogies   |   Favourite non-fiction? Newer »
This thread is closed to new comments.