ISPs cop customer angst over outbound emails

 

Anti-spam blacklist bombs.

Email users Australia-wide spent the past 24 hours receiving bounce-back notices after anti-spam blacklist operator SORBS mistakenly listed vast IP address ranges as spammers.

Customers of ISPs including Internode, Adam Internet and Telstra have reported problems with sending emails since 10am yesterday.

The problems were not caused by any of the ISPs. 

Instead, emails from these customers were blocked by any email recipient (or their provider) that chose to use the SORBS blacklist to weed out spam.

SORBS' mistake caused legitimate incoming emails to be labelled as spam, resulting in a large volume of messages being returned to senders as undeliverable.

"We have received reports that Adam Internet IP address ranges are incorrectly appearing in SORBS blacklist RBL's [real-time blacklists]," an Adam Internet advisory said.

"This may impact the delivery of email to select destinations that make use of these blacklists."

A Telstra spokesman confirmed the carrier's platforms weren't affected.

"Some of our customers might have reported an impact if mail they had sent to an affected recipient bounced back," he said.

Internode managing director Simon Hackett told iTnews the SORBS malfunction meant the blacklist had "started painting something close to everyone as being bad.

"The trouble with the way these blacklists work is that they are designed to generate messages that blame the messenger (a customer's local ISP) for a decision by the server at a remote ISP (or corporate) to reject perfectly legitimate email for flawed reasons," Hackett told iTnews.

"Customers often seem to believe these unfair diagnostic messages rather than believing the human beings at their local ISP's helpdesk.

"The ISP who is trusting SORBS has no idea, initially, that there is a problem because they don't get the incoming email - and their customers take a long time to figure out that they've stopped receiving email from people because the absence of new email is less obvious for a while than the experience of the senders (getting reject messages)."

Globally, IP address ranges used by Google's Gmail, Rackspace and Amazon were also mistakenly blacklisted, according to reports by uTest, but a SORBS spokesman disputed the reports in UK publication The Register.

SORBS creator Michelle Sullivan said the problem was caused by a migration between versions of the blacklist application, which corrupted a database containing millions of IP address records.

Flags "that were used to indicate that a listing was historical were deleted, causing the addresses to be considered current", according to a post-mortem published by The Register.

SORBS was unreachable following the database corruption error after the site allegedly succumbed to an unrelated distributed denial-of-service (DDoS) attack.

The problems seemed to have been largely resolved.

Adam technicians reported improvements in outbound email traffic at 3am, while Internode technicians listed the issue as resolved at 9.30am.

A "bad, bad idea"

Hackett was critical of the "blame the sender/messenger approach" taken by blacklist operators like SORBS, which resulted in ISPs bearing the brunt of customer anger, despite being blameless.

He said it created "huge angst, unfairly, for all legitimate and diligent ISPs".

Hackett was also critical of businesses and service providers that relied only on lists like SORBS to filter out spam.

"The reality is that the use of these externally run, often sole-trader operated listing services can mean your entire ability to receive email is entrusted to them," he said.

"It's a really bad idea to trust an entity like SORBS in isolation to let you stop your customers getting email, but some surprisingly large ISPs still do that.

"The era of trusting a single third party blacklist to do anti-spam work is past. It's not unreasonable to use them to add some bias toward spam determination, but allowing them to have so much weighting in anti-spam systems that they can single-handedly wreck incoming email flow is a bad, bad idea."

Hackett said Internode ran "high quality spam and virus filtering using a cluster of high end Cisco IronPort appliances, which work with a number of sophisticated anti-spam mechanisms including a very well developed reputational database called SenderBase.

"Those systems detect and clamp down on any compromised customer systems that send spam - all automatically," he said.

He urged businesses that did not use "professional grade solutions" to consider using anti-spam systems hosted by ISPs.

"Internode can, and does, offer this to business customers, for instance - we have an available 'Email protection' service that vectors incoming email to a customer domain via our IronPort cluster," he said.

"This cluster already protects our free customer mailboxes, of course - and generates a level of spam in peoples mailboxes that is a tiny fraction of the total that is flying around out on the Internet.

"Blocking legitimate email is much worse that letting the odd spam message in."

Optus, it was alleged in the Whirlpool broadband forums and on Twitter, was one of several Australian companies to filter incoming email using SORBS, resulting in emails bouncing. An Optus spokesman has been contacted for comment.

Copyright © iTnews.com.au . All rights reserved.


ISPs cop customer angst over outbound emails
 
 
 
Top Stories
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
The CISO’s dilemma: Do you trust your partner’s partner?
[Blog post] How far down the chain do you check?
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Do you direct debit customers? Read this
Oct 10, 2014
Authorities have been targeting direct debit practices with iiNet and Dodo receiving formal ...
Optus expands 4G coverage
Oct 10, 2014
If you rely on an Optus phone for work you might be interested to know that there are now 200 ...
Microsoft Office is now free for some charities
Oct 10, 2014
Microsoft has announced that eligible Australian non-profit organisations and charities can now ...
Vodafone lights up 4G in Adelaide
Oct 9, 2014
Live and work in Adelaide? Vodafone has switched on its 4G network in the city and suburbs.
Next year tradies will be able to take payments using ingogo
Oct 3, 2014
Ingogo is going to provide a card payment service for Xero users.
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  25%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  22%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  26%
TOTAL VOTES: 320

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  57%
 
No
  43%
TOTAL VOTES: 125

Vote