June 20, 2007

Blackholed!

Apparently my home IP address is listed on the DSBL blackhole list. I first discovered this when a friend who runs his own mailserver helpfully informed me (during a test we were running) that mail I sent him via my own offsite mail server or my work Exchange server got junkfiltered by his SpamAssassin setup; poking about, it turns out it's because my dynamic IP is on DSBL.

This confused me a bit, since I don't send mail directly. Both of those messages were sent through SMTP servers, one I run privately from a colo facility and one run by my employer in the NY Metro area. As far as I could tell after checking, neither of those servers was listed on the DSBL. However, the SA module that does the checking apparently checks the first hop in the mail headers, and sure enough, there's the IP that the message originates at in both of them, and it's my Comcast IP.

So. Doesn't matter that I'm sending through SMTP servers, I'm blacklisted. How to get removed? Ah, there's the rub. DSBL will remove you if you can respond to a confirmation email they will send to you. That email can be sent to one of four possible email addresses, and their site tells you flatly that there are no exceptions. Those addresses are:

  • postmaster@(your reverse dns FQDN)
  • postmaster@(your toplevel reverse dns) - in my case, postmaster@comcast.net
  • abuse@(your FQDN)
  • abuse@(your reverse DN) - in my case, abuse@comcast.net

Now, obviously, the @comcast.net addresses are useless to me. The problem is that the others, which accurately point out the IP address of my cable modem, are equally useless. This is because I don't run an SMTP mail server out of my house. Even if I did, Comcast, in its attempt to help prevent SPAM, actively blocks that port on my segment or perhaps modem, I'm not sure (I use secure SMTP on a different port to reach my outbound servers). So what the DSBL is saying, essentially, is that the only thing I can do is to have their system generate an 'annoyance' email to comcast's abuse address which will be ignored.

I'm generally a proponent of blackhole lists. However, I'm also a proponent of responsible administration of them. The problem here is that (as DSBL acknowledges) the range of IP addresses that mine falls into is dynamic and public access. This means it is both a high-threat range and one which churns, meaning that harsh measures taken against addresses in the range will in time impinge on other, innocent customers as the addresses 'turn over.'

Realizing I might be overreacting, I went to check the report on my IP address to determine what, in fact, it was being blacklisted for.

Turns out that there was an open SOCKS4 proxy on my IP sometime back in November of 2005, approximately seven months before I was assigned this IP. Um. Okay. So here's my question - why is there no way to retest - or request a retest - of an IP? I understand that an automated retest would simply invite gaming. I also understand (and have some sympathy) with the notion of 'let the customer tell the ISP to fix itself.' However in this case, the ISP isn't the problem; the problem is what some unknown person did with this IP before I had it, and there's no way for the confirmation process to reach me because I don't control the DNS or the abuse/postmaster accounts for this domain. I do control the IP address, but I don't (and probably can't) run a mailserver on it. Hence I can't receive an email addressed to its specific reverse FQDN, because there is no internet mail service at that address.

Admittedly, part of my particular problem seems to be that the site I'm sending to is penalizing me for being on the 'single hop' DSBL list when I'm clearly not sending single-hop - I'm sending through SMTP servers. I'm not on the multi-hop list, although I am on the 'unconfirmed' list. However, I know for a fact that site is using standard SpamAssassin filtering, which means whatever it's doing can't be that esoteric.

So what am I to do?

The fucking system's broken, boys.

Posted by jbz at June 20, 2007 2:01 AM | TrackBack

Comments
Post a comment









Remember personal info?