Jump to content
Sign in to follow this  
dontcare

Are you blocking google???

Recommended Posts

I am an exchange administrator at my company. My girlfriend who has gmail seems to have all her mails bounce in the last day.

Technical details of permanent failure:

Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 5.7.1 This email has been blocked by the Spamcop.net blacklist filter. (state 14).

I would think that this is blocked by you guys, but no one else is complaining so maybe the problem is in our configuration? can you let me know if you are aware of any issues?

thanks

Share this post


Link to post
Share on other sites

I am an exchange administrator at my company. My girlfriend who has gmail seems to have all her mails bounce in the last day.

I would think that this is blocked by you guys, but no one else is complaining so maybe the problem is in our configuration? can you let me know if you are aware of any issues?

thanks

It's quite possible that one of google's many, many smtp servers has found its way onto the blocklist but without an IP no-one here can help further. The blocklist is entirely automatic and de-lists when the spam stops.

Share this post


Link to post
Share on other sites

This is all the info i have.. Those are local ip addresses for the most part so not sure what you can do with them:

----- Original message -----

MIME-Version: 1.0
Received: by 10.182.73.71 with SMTP id j7mr823536obv.55.1326318767864; Wed, 11
   Jan 2012 13:52:47 -0800 (PST)
Received: by 10.60.22.169 with HTTP; Wed, 11 Jan 2012 13:52:47 -0800 (PST)
In-Reply-To:
<D1061DFEABCDE342AE99A42E048BF5271DE0D60745[at]---COMPANYMAILSERVER--->
References:
<CABJW4xTAx0tLKD_RGy9ST7KnE5mA_evh=npV2Dfi-WFTBBeCQQ[at]mail.gmail.com
<mailto:npV2Dfi-WFTBBeCQQ[at]mail.gmail.com>>
<D1061DFEABCDE342AE99A42E048BF5271DE0D60745[at]---COMPANYMAILSERVER--->
Date: Wed, 11 Jan 2012 13:52:47 -0800
Message-ID:
<CABJW4xRcibRmgKALwj0HEbhsiEdA5+6E6RnrgJxY3oVMMyyu9g[at]mail.gmail.com
<mailto:CABJW4xRcibRmgKALwj0HEbhsiEdA5%2B6E6RnrgJxY3oVMMyyu9g[at]mail.gmail.com>>

But looking through message tracking logs, looks like it was 209.85.214.174 which is in your database currently. That explains that one.

I guess i will wait the 14 hours. I assumed naively that google would have the same ip address for all mailboxes.

Share this post


Link to post
Share on other sites

SpamCop of course blocks nothing (and recommends users not use it that way) but yes, it looks like SC reporters are being spammed like crazy through abusive Google accounts. You can search through the IP addresses when you query SenderBase - http://www.senderbase.org/senderbase_queri...ring=google.com - I just did that and came up with a current list (which will be changing all the time):

209.85.212.57

209.85.214.41

209.85.214.48

209.85.214.49

209.85.214.54

209.85.214.57

209.85.214.58

209.85.214.63

209.85.214.66

209.85.214.68

209.85.214.172

209.85.214.174

209.85.214.175

209.85.214.180

209.85.214.185

209.85.214.190

209.85.214.191

209.85.214.195

209.85.214.196

209.85.214.199

209.85.214.202

That's 21 of 761 servers currently. As Derek notes, delisting is automatic. Feed in any of those currently listed however and you will find a list of others, not necessarily currently listed, but for which reports have recently been received - http://www.spamcop.net/w3m?action=checkblo...=209.85.214.202 and, an overlapping but mostly different list - http://www.spamcop.net/w3m?action=checkblo...p=209.85.212.57

That's a heck of a lot of abuse going on. Even so, your girlfriend must have been unlucky - I don't think she would be stuck on a listed server for long and I don't think the ESPs of most recipients would be using the SCbl contrary to recommendation (well, that's just a guess, but you'd think not).

Share this post


Link to post
Share on other sites

Yes, i wasn't trying to blame spamcop at all. It is of course googles fault and the people that use gmail, and of course spammers, but thats another topic...

We do block the mail (i assume you mean best practices would be to simply tag it as spam) because users do not ever want to see any spam period. not in a spam folder, not in the trash, not anywhere!

block too much, people complain. Block not enough, people complain even louder!

It is the lesser of two evils. Just one of the psychological battles that I fight daily. The users have spoken oh so many times. They would rather miss an important email, then have to click and delete one spam message a day. I've tried it both ways and I cannot win.

Share this post


Link to post
Share on other sites
<snip>

I assumed naively that google would have the same ip address for all mailboxes.

...In general, mailboxes don't matter to SpamCop, only the sending e-mail server at the point GMail goes outside Google and hits the public internet.
<snip>

We do block the mail (i assume you mean best practices would be to simply tag it as spam) because users do not ever want to see any spam period. not in a spam folder, not in the trash, not anywhere!

block too much, people complain. Block not enough, people complain even louder!

It is the lesser of two evils. Just one of the psychological battles that I fight daily. The users have spoken oh so many times. They would rather miss an important email, then have to click and delete one spam message a day. I've tried it both ways and I cannot win.

...Is it feasible to allow users to determine what happens to suspected spam -- allow them to specify that either it should all be rejected or that it should all come to their "suspected spam" folder?

Share this post


Link to post
Share on other sites

The users have spoken oh so many times. They would rather miss an important email, then have to click and delete one spam message a day.

Until there is an important email that they did not get... :)

I too am in your shoes and you are right, you can't win. We do use a white list feature for our company so we can let our bigger clients messages come through without problem.

Share this post


Link to post
Share on other sites

I can appreciate the frustration. I run my own private email server, which uses a combination of techniques to decide what to do with incoming mail. Finding a good balance between rejecting unwanted mail outright (with the risk of false positives), quarantining and/or tagging mail where something doesn't seem quite right, and letting through the rest (with the risk of false negatives) has its challenges.

Share this post


Link to post
Share on other sites

We are also experiencing trouble from this.

I'm the System Admin and we have a number of customers and contracted employees that use Gmail. We've had about 10 people call us with this issue this so far, and looking at the logs it looks like there have been a lot more that simply haven't said anything.

At this point the way I see it we really only have a few options:

- Completely drop Spamcop and use a different DNS Block List provider

- Safelist all the blacklisted google IP addresses (which in turn would fill our mailboxes up with spam from hacked accounts.)

- Wait it out and hope it eventually gets resolved on the back end.

It's been happening for nearly a full week now. I've dealt with getting myself off of a blacklist numerous times in my time, and even had to work with a number of external companies to help them get off of blacklists, but this is Google. What am I supposed to do here?

Are there any other more reasonable options? I hate to abandon spamcop from this particular incident, (if even only temporarily,) but it seems out of all the places that could have blacklisted them, SpamCop is the only place that has Google listed, and there are dozens of their SMTP servers in the list.

Thoughts?

Share this post


Link to post
Share on other sites

Are there any other more reasonable options? I hate to abandon spamcop from this particular incident, (if even only temporarily,) but it seems out of all the places that could have blacklisted them, SpamCop is the only place that has Google listed, and there are dozens of their SMTP servers in the list.

Thoughts?

Any "blacklist" needs to be used with a customer inputted "whitelist".

A whitelist overrides any blacklist. Bit pointless in using a blacklist to delete email it should always go to a "potential spam folder" with an ability to whitelist. Email providers that don't have this need to give up.

Gmail will do it for you low cost (sometimes free) and they have no trouble effectively sorting spam from ham/ There may be disadvantages to this such as Gmail "Data Mine" all email going through their system (electronically read). There are also many positives.

Sample story here

Share this post


Link to post
Share on other sites

Any "blacklist" needs to be used with a customer inputted "whitelist".

A whitelist overrides any blacklist. Bit pointless in using a blacklist to delete email it should always go to a "potential spam folder" with an ability to whitelist. Email providers that don't have this need to give up.

Gmail will do it for you low cost (sometimes free) and they have no trouble effectively sorting spam from ham/ There may be disadvantages to this such as Gmail "Data Mine" all email going through their system (electronically read). There are also many positives.

Sample story here

While I agree with you, you also have to consider the fact of what type of end users you have.

Do your end users understand that email in the "Junk mail" folder should not have links clicked on? If so, you are probably good to implement what you're talking about.

However for much of the rest of the world, many users still don't understand the concept of junk and common safe-practices.

Some higher-ups complain when they get a lot of junk mail in their junk-mail folder.

Some lower-downs click on links in their junk mail folder because they may have won a lottery they never signed up for.

So the solution to this is to not allow junk-mail through if it's spam-score is above a certain threshold, which is why Exchange implemented the SCL ratings, and other devices have done the same.

However, in this case, if we white-listed these IP addresses (all 2 dozen or so of them,) we would also catch ALL junk-mail coming from those servers, which looking in our logs, is a pretty substantial amount.

Share this post


Link to post
Share on other sites

While I agree with you, you also have to consider the fact of what type of end users you have.

Do your end users understand that email in the "Junk mail" folder should not have links clicked on? If so, you are probably good to implement what you're talking about.

All individual emails held in Googles spam folder and inbox (webmail) has external links disabled by Google. They have to be deliberately "enabled" by user. As I said Googles spam filter is extremely accurate, rarely false positives or negatives.

Not seen any NEW email program that doesn't disable external links also. I'm using Thunderbird Portable with a USB drive I leave my email on server, once I have 4 gig on USB I burn everything to a Data DVD disk. And delete the Email on server (Google allow 8 Gig on server).

With whitelisting it needs to be individual email addresses not IP addresses (although it can be)

Edited by petzl

Share this post


Link to post
Share on other sites

All individual emails held in Googles spam folder and inbox (webmail) has external links disabled by Google. They have to be deliberately "enabled" by user. As I said Googles spam filter is extremely accurate, rarely false positives or negatives.

Not seen any NEW email program that doesn't disable external links also. I'm using Thunderbird Portable with a USB drive I leave my email on server, once I have 4 gig on USB I burn everything to a Data DVD disk. And delete the Email on server (Google allow 8 Gig on server).

With whitelisting it needs to be individual email addresses not IP addresses (although it can be)

I think you are drastically overestimating the end user. Have you worked as an IT Person at any business? :P

In my case I'm talking about an Exchange environment with users using Outlook. Yes Outlook says links are disabled and there is a box that you have to click on to enable them. But that doesn't mean anything to a number of users. All that box is, is one extra step before they claim their "prize money."

But at this point that's neither here nor there. My request was to see if there was a better solution and apparently the answer is no. So I think at this point switching to a DNS Blacklist that doesn't blacklist Google is probably my best option.

Share this post


Link to post
Share on other sites

So I think at this point switching to a DNS Blacklist that doesn't blacklist Google is probably my best option.

By all means remove the SCBL. Not sure what Blocklists you use? The CBL (cbl.abuseat.org) is a good replacement unlikely to block Gmail (all this to get email from a girlfriend, true tradition of a BOFH, better to get Gmail to handle your email). My company takes the use of it's computers serious, we use "Cisco IronPort" devices which mean no-spam or virus's. User's (well over 4000) that screw-up on use of our computers are escorted off site without warning. They are trained and tested before use, rarely a problem (twice in 20 years).

Try adding the Gmail IP range to your whitelist (if you can work out what they are? they change don't know how often).

Try the DOS command

nslookup -type=txt _spf.google.com

There is a webpage that does it for you

http://network-tools.com/nslook/Default.as...x=26&go.y=4

Edited by petzl

Share this post


Link to post
Share on other sites

Maybe it's just me, but I don't have any sympathy for people who would rather allow Google servers to send spam than have our blocking list interfere with their email.

- Don D'Minion - SpamCop Admin -

- service[at]admin.spamcop.net -

Share this post


Link to post
Share on other sites

Maybe it's just me, but I don't have any sympathy for people who would rather allow Google servers to send spam than have our blocking list interfere with their email.

- Don D'Minion - SpamCop Admin -

- service[at]admin.spamcop.net -

Gmail definitely don't have your sympathies and see nothing wrong with flooding DOS attacking others with spam (porn to minors, fraud and all sorts of filth). They are now in a position to force one to use them or be attacked. It's working! At least by reporting SpamCop does inform any provider of a security problem. But it's up to them if they bother to check it out (most do)

Share this post


Link to post
Share on other sites

Sometimes it's a judgement call about what to reject outright and what to quarantine in a junk folder. What makes it to the junk folder can always be reviewed manually, reporting & adjusting ACLs as required. If there's a false postive, a quick review of the system logs will usually pick it up if your server isn't too busy.

The dangers of sending out bounces when a rejection during the SMTP transaction is pretty well known these days, and I mention it in passing without further comment.

Edited by lisati

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×