ISPs cop customer angst over outbound emails


Anti-spam blacklist bombs.

Email users Australia-wide spent the past 24 hours receiving bounce-back notices after anti-spam blacklist operator SORBS mistakenly listed vast IP address ranges as spammers.

Customers of ISPs including Internode, Adam Internet and Telstra have reported problems with sending emails since 10am yesterday.

The problems were not caused by any of the ISPs. 

Instead, emails from these customers were blocked by any email recipient (or their provider) that chose to use the SORBS blacklist to weed out spam.

SORBS' mistake caused legitimate incoming emails to be labelled as spam, resulting in a large volume of messages being returned to senders as undeliverable.

"We have received reports that Adam Internet IP address ranges are incorrectly appearing in SORBS blacklist RBL's [real-time blacklists]," an Adam Internet advisory said.

"This may impact the delivery of email to select destinations that make use of these blacklists."

A Telstra spokesman confirmed the carrier's platforms weren't affected.

"Some of our customers might have reported an impact if mail they had sent to an affected recipient bounced back," he said.

Internode managing director Simon Hackett told iTnews the SORBS malfunction meant the blacklist had "started painting something close to everyone as being bad.

"The trouble with the way these blacklists work is that they are designed to generate messages that blame the messenger (a customer's local ISP) for a decision by the server at a remote ISP (or corporate) to reject perfectly legitimate email for flawed reasons," Hackett told iTnews.

"Customers often seem to believe these unfair diagnostic messages rather than believing the human beings at their local ISP's helpdesk.

"The ISP who is trusting SORBS has no idea, initially, that there is a problem because they don't get the incoming email - and their customers take a long time to figure out that they've stopped receiving email from people because the absence of new email is less obvious for a while than the experience of the senders (getting reject messages)."

Globally, IP address ranges used by Google's Gmail, Rackspace and Amazon were also mistakenly blacklisted, according to reports by uTest, but a SORBS spokesman disputed the reports in UK publication The Register.

SORBS creator Michelle Sullivan said the problem was caused by a migration between versions of the blacklist application, which corrupted a database containing millions of IP address records.

Flags "that were used to indicate that a listing was historical were deleted, causing the addresses to be considered current", according to a post-mortem published by The Register.

SORBS was unreachable following the database corruption error after the site allegedly succumbed to an unrelated distributed denial-of-service (DDoS) attack.

The problems seemed to have been largely resolved.

Adam technicians reported improvements in outbound email traffic at 3am, while Internode technicians listed the issue as resolved at 9.30am.

A "bad, bad idea"

Hackett was critical of the "blame the sender/messenger approach" taken by blacklist operators like SORBS, which resulted in ISPs bearing the brunt of customer anger, despite being blameless.

He said it created "huge angst, unfairly, for all legitimate and diligent ISPs".

Hackett was also critical of businesses and service providers that relied only on lists like SORBS to filter out spam.

"The reality is that the use of these externally run, often sole-trader operated listing services can mean your entire ability to receive email is entrusted to them," he said.

"It's a really bad idea to trust an entity like SORBS in isolation to let you stop your customers getting email, but some surprisingly large ISPs still do that.

"The era of trusting a single third party blacklist to do anti-spam work is past. It's not unreasonable to use them to add some bias toward spam determination, but allowing them to have so much weighting in anti-spam systems that they can single-handedly wreck incoming email flow is a bad, bad idea."

Hackett said Internode ran "high quality spam and virus filtering using a cluster of high end Cisco IronPort appliances, which work with a number of sophisticated anti-spam mechanisms including a very well developed reputational database called SenderBase.

"Those systems detect and clamp down on any compromised customer systems that send spam - all automatically," he said.

He urged businesses that did not use "professional grade solutions" to consider using anti-spam systems hosted by ISPs.

"Internode can, and does, offer this to business customers, for instance - we have an available 'Email protection' service that vectors incoming email to a customer domain via our IronPort cluster," he said.

"This cluster already protects our free customer mailboxes, of course - and generates a level of spam in peoples mailboxes that is a tiny fraction of the total that is flying around out on the Internet.

"Blocking legitimate email is much worse that letting the odd spam message in."

Optus, it was alleged in the Whirlpool broadband forums and on Twitter, was one of several Australian companies to filter incoming email using SORBS, resulting in emails bouncing. An Optus spokesman has been contacted for comment.

Copyright © . All rights reserved.

ISPs cop customer angst over outbound emails
Top Stories
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
Photos: Unboxing the Magnus supercomputer
Pawsey's biggest beast slots into place.
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
Sign up to receive iTnews email bulletins
Latest articles on BIT Latest Articles from BIT
Pass on carbon tax savings, warns ACCC
Jul 24, 2014
The ACCC is warning businesses that supply "regulated goods" to pass on any cost savings ...
Have customers that won't pay debts?
Jul 10, 2014
The ACCC and ASIC have updated their advice when it comes to collecting debts.
Carpet cleaner faces court over online testimonials
Jul 4, 2014
The ACCC has initiated proceedings against A Whistle (1979) Pty Ltd, the franchisor of Electrodry...
You can now get 15GB of free online storage using Microsoft OneDrive
Jun 25, 2014
Cloud storage has reached both the capacity and price where it's a viable alternative to local ...
Another clever trick you can perform with Xero
Jun 25, 2014
Here is another way to reach out to particular subsets of your customers using Xero.
Latest Comments
What is delaying adoption of public cloud in your organisation?

   |   View results
Lock-in concerns
Application integration concerns
Security and compliance concerns
Unreliable network infrastructure
Data sovereignty concerns
Lack of stakeholder support
Protecting on-premise IT jobs
Difficulty transitioning CapEx budget into OpEx