Email blocking, the "MX preference record", and snooty techs...
September 25, 2007 10:20 PM   Subscribe

I work for a tiny non-profit where I'm the "IT department" by default. Trying to investigate further why our website/emails are being blocked by certain of our clients/relationships/partners, and I'm hopelessly in need of some guidance.

Although I'm generally tech savvy enough to deal with most of the IT issues around the (3-person) office, I'm pretty much stumped. Trying to read up on the issue isn't helping much, and I want to know more so I can decide what to do.

Problem:
Recently, some of our relationships have complained that our website is being blocked, and in some cases emails from us won't go through. I made some direct inquiries to the IT staff of the affected organizations, and in all but a few cases we were able to easily solve the problem - using whitelists mostly. But there are still a few very important exceptions, and they concern me.

Basic Setup:
Our primary domain is registered at and hosted by catalog.com/webhero.com [I know, I know. Set up BCS - before current staff.] Our very few (5 or so total) POP3 mailboxes are also hosted by them. We send our mail through the SMTP server at our ISP - Speakeasy. Fairly simple and straightforward.

Here is the gist of what I was told by an Information Assurance tech in one of the offices who do not have access to our website and can't receive our emails:
Your domain is aliased to the catalog.com domain, and we are currently blocking catalog.com domain traffic for security reasons because the domain has been suspicious for malware, SPAM and phishing traffic. Since catalog.com and your domain are registered under the same IP group, it will be difficult to whitelist just you, since you are using the same DNS as the other registered folks in the catalog.com IP/domain that sends out SPAM, phishing and malicious malware to the Internet. We are not targeting your domain for the problem, it is just that you are registered behind an untrusted catalog.com domain. This was then followed by a suggestion to switch web hosts.

Question 1 (a,b,c, etc.):
For three years, I have monitored - on a bi-monthly basis or so - all the IP addresses in the MX record for our domain on various RBL/DNSBL, as well as against the Bleeding Edge BlackHole DNS list and list of "Known Compromised Hosts". From what I have gathered, I disagree with their assessment of catalog.com/webhero.com. But it's entirely possible that I'm wrong. What evidence is there to support this claim above of catalog.com needing to be blocked? I don't even know enough to say that his explanation sounds plausible - is it? What else should I be doing to check for possible issues cropping up with my domain registrar/web host?

Question 2:
Given their block of all things catalog.com, is it normal that it would also affect an email that we send to them through the Speakeasy SMTP server? I understand that the catalog.com domain/IP addresses are tied to the "MX preference record" for our domain name. So because our domain name is included in the "sent from" headers in the email, it ties the email to our domain name, ties it on to the catalog.com domain/IP addresses, and therefore the email gets blocked?
That logic seems really weird to me. Say that someone spoofs the "from" header, pretending to be from a user at my domain. Would that email then be blocked too? Or if I change my "from" information in Outlook to a different domain, would the email then be able to go through? I was under the impression that the server that the email actually comes from matters, doesn't it?

My non-profit is tiny, but has a big footprint in the specific community where we work. We deal with a number of very large and security-conscious organizations and with the U.S. government. This is merely an annoyance right now, easy enough to work around, but it could become a real issue for us moving forward. I want to try to understand what is happening and what we can do about it. Catalog.com/Webhero.com have been great to us over the last six years or so. Is switching web host really going to make a difference? Aren't most web host susceptible to these kinds of issues?

Any thoughts, help, or suggestions you would be willing to offer would be much appreciated. Thanks!
posted by gemmy to Computers & Internet (17 answers total) 2 users marked this as a favorite
 
They sound like jerks. Usually they can whitelist the domain and that will allow all the mail from that domain through regardless of IP or host. They dont seem to want to do that and prefer you switch hosts. They seem incredibly lazy in this regard. I would pushback on this.

Also, you should specifically ask this admin what blacklist he is using and ask catalog.com to get itself removed from it.
posted by damn dirty ape at 10:39 PM on September 25, 2007


I recommend that you not beat your head against the wall trying to solve a problem that isn't yours to solve.

You write that catalog.com have been very good to you over the years. My recommendation is that you make this their problem, and if they don't solve it, change providers. It's not about being nice, it's about taking care of yourself. You didn't cause catalog.com to be in so many networks' bad books and you're not required to suffer the consequences.

This is not a problem that you personally can have any reasonable expectation of solving, because you didn't cause it. You're collateral damage. Your provider isn't giving you what you need, which is a clean path to other people on the net. Even if catalog.com's reputation is undeserved, it's still not your problem to solve. It's your problem to get yourself away from.
posted by George_Spiggott at 11:58 PM on September 25, 2007


You're wasting your time, and the time of the administrators at the other sites. If your provider can't solve this for you, move.
posted by stereo at 2:17 AM on September 26, 2007


Yep, move. Getting whitelisted by current contacts does nothing to help you communicate with new contacts.
posted by Idcoytco at 2:34 AM on September 26, 2007


You're not giving us enough information - what is the IP address for your mx? catalog.com doesn't have an mx record, which sounds very fishy to me, and their website IP is not blacklisted. By the way, you can use that link to check your own ip address as well.
posted by DreamerFi at 3:05 AM on September 26, 2007


Best answer: Your domain is aliased to the catalog.com domain, and we are currently blocking catalog.com domain traffic for security reasons because the domain has been suspicious for malware, SPAM and phishing traffic

To me this reads as if the company is using some type of proxy software which is blocking your site because of the aforementioned reasons.

It seems unlikely that they would manually firewall off your site by themselves for that reason, although keep in mind that if they did they may be using an IP-based blocking solution and so cannot differentiate between your site and others hosted at catalog.com (different domain names but same IP, virtual hosting setup).

Either way I see nothing that you or your hosting company can do to resolve this except convince your client that the domain is safe. To me the first thing you should do is establish HOW your web site is being blocked; a filtering proxy server, a firewall rule, something else?

Trying to make it your provider's problem as suggested by some is bound to be futile as your provider does not control the filtering decisions taken by individual users, which is what this seems to be to me. Your provider cannot wave a magic wand and force their traffic down the throats of anyone on the internet, regardless of their filtering and firewalling solutions.
posted by splice at 3:06 AM on September 26, 2007


Trying to make it your provider's problem as suggested by some is bound to be futile as your provider does not control the filtering decisions taken by individual users

If this is true, then any solution other than moving to a new, more reputable provider will be futile.
posted by grouse at 3:57 AM on September 26, 2007


Here. Your MX domain records' nameservers use catalog.com. It looks like it's due to your spamfilter. Is that something on your end or your ISP?

(non-profit was linked to from the poster's website in their MeFi profile)
posted by jwells at 4:41 AM on September 26, 2007


Do what we did, sign up for google hosted, www.google.com/a , and never look back. Still downloadable via pop3, has its own smtp---I suspect some filters are blocking your mail out because your IP and your name don't match, it's secure and its spam filter is secksay.

I switched a couple NPO's over---0 downtime if you do it right.
posted by TomMelee at 4:45 AM on September 26, 2007


none of the ip addresses listed as mx (thanks jwells, how did I miss that) are listed on any of the blacklists, so it is really unclear why people would block you. So two things remain:

1. there may be something wrong with the *outbound* mail server you have set up in your installation of outlook. Check the ip address of that via the link above.

2. there's some unknown weird reason catalog.com is in some private blacklists. Neither you not catalog.com is going to do much about it. It would be interesting to see the exact error message you get when your mail bounces back to you.
posted by DreamerFi at 6:47 AM on September 26, 2007


Neither you not catalog.com

neither you nor catalog.com. I should have clicked preview...
posted by DreamerFi at 6:48 AM on September 26, 2007


Response by poster: Thanks for all the thoughts/suggestions.

- I have checked the IP of our outbound speakeasy mail server against the blacklists at dnsstuff.com, and come up blank there as well.

-The spamfilter that shows on the MX record is supposed to be for our inbound mail, it’s the “spam shark” service run by catalog.com. Is this an issue?

- We are currently blocked in two places that I know of – one of them is an office within the U.S. Navy, although other branches of DoD is fine. Neither of them will disclose exactly what is causing them to block us (or I would already be on the phone with catalog.com to try to get them to deal with it), and there are no error messages received back for emails sent to them.

I suspect that you are right DreamerFi - there is some private blacklist that they are using. If their techs won’t tell me which one or how/why we are blocked, is there any way to figure it out? Anyone know of a U.S. Department of Defense blacklist listing of some kind, since I think the issue probably stems from the same source with both.

none of the ip addresses listed as mx ... are listed on any of the blacklists, so it is really unclear why people would block you.

See, this is why I am reluctant to "move to a new, more reputable provider". Does catalog.com have a bad reputation in general? It doesn't seem to have a particularly bad reputation as far as I can tell from googling, looking at forums, etc. If it did, OK fine - the only solution is to move hosts. If not, though, there is no guarantee that moving hosts will help in the long term. What are the criteria for being “more reputable” if the reputation of our current host seems fine? Is there a host out there that is always going to be 100% clean and clear in every single instance?

Right now it’s not enough of a problem for us to move hosts, but I’ll be reading up on it for sure, as well reading up on what TomMelee suggested on the Google hosted solution. Suggested “reputable” hosts would be welcome as well.

Thanks!!
posted by gemmy at 9:39 AM on September 26, 2007


Best answer: Try this link. Catalog.com is mentioned in all of those, and they are relatively recent. What's probably happening is spammers are signing up with catalog.com since they are fairly affordable, others are tracing the spam back to accounts hosted by catalog.com, and so they are banned. It's possible the blacklists are coming from the Usenet list alone.

A reputable provider won't have it be so easy and/or cheap to sign up, so you won't see these problems. I use aplus.net but my email volume is fairly low so I can't guarantee no problems. I do get website visits and email from all of the branches of the military though.
posted by jwells at 10:09 AM on September 26, 2007


Best answer: 1. Your MX records probably have nothing to do with you being blocked. Most of the time at a provider that's large enough to have more than one mail server, your mail is sent by different servers than those that show in your MX records. If your mail is going through your ISPs mail servers, then it has nothing to do with catalog.com.

2. That said, a mail server can block your mail at any time for any reason. Unfortunately, there are a lot of mail server administrators who are antisocial shitheads, incompetent, or both. Even if catalog.com effectively deals with spammers and isn't on any blacklist, the recipient administrator might block them because someone who used to work for catalog.com said something on Usenet in 1990 that they took offense to (true story). If they don't want to let your mail through, there's nothing you can do to make them.

The good news is, it isn't your responsibility to make sure that your ISPs mail is deliverable, it's theirs. It's unclear if your outgoing mail is going through catalog.com or Speakeasy's servers without being able to see the headers of one of the rejected emails, you mention Speakeasy but it may be more complicated than you think. If I were you, I would get one of the bounced messages with complete headers and contact catalog.com support. If it's their server that's being rejected, you can politely ask them to deal with the recipient's administrator. Just keep in mind that ultimately, they can't force the guy to accept your mail. If he wants to be a jerk about it, there's nothing you or anyone else can do other than switch providers.
posted by TungstenChef at 10:16 AM on September 26, 2007


Best answer: If their techs won’t tell me which one or how/why we are blocked, is there any way to figure it out?

I'm afraid not. I'd suggest TungstenChef's advice next: get one of the bounced messages with complete headers and contact catalog.com support. (or me if you can't get a response, my email is in my profile)
posted by DreamerFi at 10:26 AM on September 26, 2007


Response by poster: Thanks so very much to everyone. I feel like I have a much better grasp of what's happening, and why, than I did before. Thanks jwells for that usenet link. Very interesting, and not something I ran into while researching this. Also, thanks DreamerFi for even offering! ;)

I totally realize that it's not an issue I can "solve" by myself, as it were, but I prefer to have some knowledge before getting others involved. Y'alls answers gives me some good info that I can use to make decisions, which is exactly what I needed. Thanks again!!!
posted by gemmy at 3:50 PM on September 26, 2007


Response by poster: BTW. It's a sad state of affairs when a company being "fairly affordable" is a strike against them...
posted by gemmy at 4:04 PM on September 26, 2007


« Older Where to find pink stoneware bowls?   |   IE7 CSS background mayhem Newer »
This thread is closed to new comments.