ISPs cop customer angst over outbound emails

 

Anti-spam blacklist bombs.

Email users Australia-wide spent the past 24 hours receiving bounce-back notices after anti-spam blacklist operator SORBS mistakenly listed vast IP address ranges as spammers.

Customers of ISPs including Internode, Adam Internet and Telstra have reported problems with sending emails since 10am yesterday.

The problems were not caused by any of the ISPs. 

Instead, emails from these customers were blocked by any email recipient (or their provider) that chose to use the SORBS blacklist to weed out spam.

SORBS' mistake caused legitimate incoming emails to be labelled as spam, resulting in a large volume of messages being returned to senders as undeliverable.

"We have received reports that Adam Internet IP address ranges are incorrectly appearing in SORBS blacklist RBL's [real-time blacklists]," an Adam Internet advisory said.

"This may impact the delivery of email to select destinations that make use of these blacklists."

A Telstra spokesman confirmed the carrier's platforms weren't affected.

"Some of our customers might have reported an impact if mail they had sent to an affected recipient bounced back," he said.

Internode managing director Simon Hackett told iTnews the SORBS malfunction meant the blacklist had "started painting something close to everyone as being bad.

"The trouble with the way these blacklists work is that they are designed to generate messages that blame the messenger (a customer's local ISP) for a decision by the server at a remote ISP (or corporate) to reject perfectly legitimate email for flawed reasons," Hackett told iTnews.

"Customers often seem to believe these unfair diagnostic messages rather than believing the human beings at their local ISP's helpdesk.

"The ISP who is trusting SORBS has no idea, initially, that there is a problem because they don't get the incoming email - and their customers take a long time to figure out that they've stopped receiving email from people because the absence of new email is less obvious for a while than the experience of the senders (getting reject messages)."

Globally, IP address ranges used by Google's Gmail, Rackspace and Amazon were also mistakenly blacklisted, according to reports by uTest, but a SORBS spokesman disputed the reports in UK publication The Register.

SORBS creator Michelle Sullivan said the problem was caused by a migration between versions of the blacklist application, which corrupted a database containing millions of IP address records.

Flags "that were used to indicate that a listing was historical were deleted, causing the addresses to be considered current", according to a post-mortem published by The Register.

SORBS was unreachable following the database corruption error after the site allegedly succumbed to an unrelated distributed denial-of-service (DDoS) attack.

The problems seemed to have been largely resolved.

Adam technicians reported improvements in outbound email traffic at 3am, while Internode technicians listed the issue as resolved at 9.30am.

A "bad, bad idea"

Hackett was critical of the "blame the sender/messenger approach" taken by blacklist operators like SORBS, which resulted in ISPs bearing the brunt of customer anger, despite being blameless.

He said it created "huge angst, unfairly, for all legitimate and diligent ISPs".

Hackett was also critical of businesses and service providers that relied only on lists like SORBS to filter out spam.

"The reality is that the use of these externally run, often sole-trader operated listing services can mean your entire ability to receive email is entrusted to them," he said.

"It's a really bad idea to trust an entity like SORBS in isolation to let you stop your customers getting email, but some surprisingly large ISPs still do that.

"The era of trusting a single third party blacklist to do anti-spam work is past. It's not unreasonable to use them to add some bias toward spam determination, but allowing them to have so much weighting in anti-spam systems that they can single-handedly wreck incoming email flow is a bad, bad idea."

Hackett said Internode ran "high quality spam and virus filtering using a cluster of high end Cisco IronPort appliances, which work with a number of sophisticated anti-spam mechanisms including a very well developed reputational database called SenderBase.

"Those systems detect and clamp down on any compromised customer systems that send spam - all automatically," he said.

He urged businesses that did not use "professional grade solutions" to consider using anti-spam systems hosted by ISPs.

"Internode can, and does, offer this to business customers, for instance - we have an available 'Email protection' service that vectors incoming email to a customer domain via our IronPort cluster," he said.

"This cluster already protects our free customer mailboxes, of course - and generates a level of spam in peoples mailboxes that is a tiny fraction of the total that is flying around out on the Internet.

"Blocking legitimate email is much worse that letting the odd spam message in."

Optus, it was alleged in the Whirlpool broadband forums and on Twitter, was one of several Australian companies to filter incoming email using SORBS, resulting in emails bouncing. An Optus spokesman has been contacted for comment.

Copyright © iTnews.com.au . All rights reserved.


ISPs cop customer angst over outbound emails
 
 
 
Top Stories
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Xero prepares for key feature coming in 2015
Dec 19, 2014
Xero users will be able to track how their business is comparing to other Xero users.
More 4G from Optus in Darwin
Nov 21, 2014
Click to see where Optus has expanded coverage to the suburbs near Darwin.
Optus steps up regional 4G coverage
Nov 20, 2014
Once 700Mhz services are working, Optus claims regional users will have a "faster and more ...
This Huawei 4G phone costs $99
Nov 12, 2014
The $99 Huawei Ascend Y550, available through Vodafone, enters the budget market as one of the ...
4G smartphones: Microsoft's Lumia 830
Nov 7, 2014
Microsoft has announced its flagship Windows Phone, the Nokia Lumia 830 4G, will be available in ...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1792

Vote
Do you support the abolition of the Office of the Information Commissioner?