Sign in to follow this  
Followers 0
Wazoo

E-Mail spam submittals blocked by your ISP

87 posts in this topic

Some folks have been raising an issue about e-mail submittals not working ... some intermittently, some not at all. It turns out that some ISPs are using an interesting (?) form of the BrightMail filters, scanning the outgoing e-mail from their servers and silently deleting anything that looks like spam ... which of course, most spam submittals to SpamCop would seem to naturally fall into this bucket.

Workarounds include the use of webmail for some of these ISPs, for some reason this seems to bypass the outgoing spam check. The use of IMAP with a SpamCop e-mail account, which then allows the drag-and-drop mode to "move" the e-mail between the ISP and the SpamCop server, then report from the SpamCop account.

ISPs noted thus far for this "neat" feature;

adelphia.net

Alice

aplus.net

Apple Mobileme

Bell Sympatico

BellSouth

Charter

ComCast

Cox (see Note 1)

Hostgator

Hughes.net

iinet.net.au (ref post 76 58954[/snapback])

Juno

NTL/Virgin Media (ref post 78 68747[/snapback])

nuvox.net

RoadRunner (see Note 2)

Valueweb.net

Verizon (see Verizon Residential Support - spam and Outgoing Message FAQs

Videotron.ca

WOW- WideOpenWest 70072[/snapback]

Unfortunately, some other ISP filtering options have come to light which are causing major issues with e-mail spam submittals ... the typical Outlook Express guidance to "forward as attachment" mode results in an e-mail with the attached file(s) with an .eml extension. Due to some viral traffic in the past, there is some filtering software out there that is being placed on the outgoing e-mail servers that makes the decision that certain file extensions are "likely virus traffic" ... some ISPs then configure the system to delete that outgoing e-mail, others allow this filter to do strange stuff, like deleting the attachment, adding in a "viral infection" notification to that e-mail .... result is that if the e-mail does make it out into the world, it is useless as a SpamCop submittal, as the format/content has been totally screwed. This list is going to be harder to develop, as most of these folks don't tell their customers what's actually happening.

Troubleshooting/testing: Try to send another e-mail submittal, but this time include an off-ISP account as a CC: (copy to yourself at Yahoo, HotMail, etc.) ... If that copy arrives, then one can rule out the ISP outbound filtering/deleting being at the root cause, and move on to other issues to try to resolve.

Note 1: May 8, 2007: A Cox user told me this...

"forwarding to Spamcop for reporting is no longer allowed as of 05/03/07. Talking with a Cox representative, they feel this is simply a duplication of their already superior services! I may report suspected errors in their spam filtering to help enhance their system, but from now on things will be done their way only."

May 23, 2007: I got the spam to go through to spamcop by also including Cox's spam report address SpamReport[at]cox.net along with with my submit.xxxxxxxx[at]spamcop.net address. Neat huh?

From the article on Cox's support site: "If this is an email you think is spam, send it to SpamReport[at]cox.net. If you believe this email is not spam (false-positive), send it to ThisIsNotSpam[at]cox.net. If you believe this email has a virus, send it to VirusReport[at]cox.net."

Edited by Miss Betsy

Note 2: Added 14 Mar 2008 by Wazoo

Per commentary seen at http://forum.spamcop.net/forums/index.php?...ost&p=63182 .....

The RoadRunner postmaster advises me that he has punched a hole in their outbound filters that will allow spam submissions to be delivered when they're addressed to our "submit" and "quick" addresses.

- Don D'Minion - SpamCop Admin -

Note 3: Added 22 Dec 2012 by Steve T

Per commentary seen at "My ISP blocks reports to SC," Alice is added to the list.

Edited by turetzsr

Share this post


Link to post
Share on other sites

Noted that those ISPs are also on top of spamming list. Thus those filters may not be totally unintended as far as spam reporting goes.

Share this post


Link to post
Share on other sites
Noted that those ISPs are also on top of spamming list. Thus those filters may not be totally unintended as far as spam reporting goes.

So, does that mean they don't want to send out spam, and are blocking SC reports as a side affect? Or they do want to send out spam and block SC reports to help their other customers, and call it spam filtering when someone complains?

I guess it would depend on hat color.

...Ken

Share this post


Link to post
Share on other sites

Those ISPs (or techs in the mix) have stated that this is for the purposes of stopping spam from their system. Overlooked is that these days, the compromised machines are using their own SMTP engines, therefor not going through the ISP's provided e-mail servers with all this filtering applied. And again, even this data is provided by the few that either know or are allowed to talk about it ... as it turns out, most users don't know that this is going on at all.

You say hat color, but you also have to include some cluelessness.

Share this post


Link to post
Share on other sites

Sounds too silly, I have a hard time believing those techies would not be aware of the technical issues... Even if you buy that they want to prevent spammers within their network, they must be aware the only thing they will ever block is outgoing reports (and not real spam) for reasons Wazoo just mentioned. Smells fishy...

Edited by dra007

Share this post


Link to post
Share on other sites

My question is why is it stopping the stuff on the way out when it seems to have slipped by on the way in???

Share this post


Link to post
Share on other sites
My question is why is it stopping the stuff on the way out when it seems to have slipped by on the way in???

18325[/snapback]

Good question. Now I am having trouble delivering the spam from the postini spam/virus folder to the inbox, even when I approuve the delivery. Frustrating that I cannot report that spam, most of it I get there anyways. I could do it manually from the postini webmail, but it blocks the spamadvertized links.

PS. Dam postini set up to deliver 1 approved spam e-mail every 10 minutes or longer, used to be immediate. Like this it will take me forever just to take the stuff to my held folder.

Share this post


Link to post
Share on other sites
My question is why is it stopping the stuff on the way out when it seems to have slipped by on the way in???

Absolutely no clue ... it was just coming up so often of late, I figured it was time for an entry into the FAQ, so it's at least addressed as a possibility of the "failed e-mail" situation.

Share this post


Link to post
Share on other sites
Those ISPs (or techs in the mix) have stated that this is for the purposes of stopping spam from their system.  Overlooked is that these days, the compromised machines are using their own SMTP engines, therefor not going through the ISP's provided e-mail servers with all this filtering applied.  And again, even this data is provided by the few that either know or are allowed to talk about it ... as it turns out, most users don't know that this is going on at all.

You say hat color, but you also have to include some cluelessness.

18311[/snapback]

Perhaps we need a hat color for the clueless, let's say light orange for the ones that should know better, but miss something, and burnt orange for the folks that do things like put an Exchange server directly on the net without configuring first. ;)

Share this post


Link to post
Share on other sites
Perhaps we need a hat color for the clueless, let's say light orange for the ones that should know better, but miss something, and burnt orange for the folks that do things like put an Exchange server directly on the net without configuring first. ;)

18338[/snapback]

I think the term you're looking for is "Empty Hat".

Cheers, Nick

Share this post


Link to post
Share on other sites

According to Don, Juno is now added to this list. As posted over in the newsgroups and here in another Forum;

Juno has apparently recently started filtering against outgoing spam.

Juno users are reporting that they are no longer getting our responses to their email spam submissions. In all cases so far, the reason for that is because the spam is not getting here.

My testing reveals that our response will be accepted by Juno, but if the spam never gets here to start with, there can't be any response.

The accounts can still be used for manual processing, and for spam sent in from other sources.

- Don -

Share this post


Link to post
Share on other sites

Please add videotron.ca to the list of ISPs that nuke outgoing, spam-related emails (they insist they don't do this, but I've tried forwarding spams to my other private addresses to no avail).

Their brain-dead tech support droid stated that unless I can give them an NDR, they can't help me with the emails that don't get delivered. The left hand doesn't know what the right hand is doing.

According to Don, Juno is now added to this list.  As posted over in the newsgroups and here in another Forum;

18667[/snapback]

Share this post


Link to post
Share on other sites

I see that Cox is named here - could someone be more specific on this?

I use cox...

1st- I'd be mighty pissed that my 60-90 reports are being vaporized w/o my knowledge.

2nd - I just sent a report and cc'd myself - cc was received.

So, is this a hit and miss thing?

Should I use a google acount for reporting?

Or is there something I'm missing (as usual)?

Thanks...

jg

Share this post


Link to post
Share on other sites
I see that Cox is named here - could someone be more specific on this?

I use cox...

1st- I'd be mighty pissed that my 60-90 reports are being vaporized w/o my knowledge.

2nd - I just sent a report and cc'd myself - cc was received.

So, is this a hit and miss thing?

Should I use a google acount for reporting?

Or is there something I'm missing (as usual)?

Thanks...

jg

30001[/snapback]

Since some of the ISP's are not very forthcoming in this area, the list is mostly generated by experience. It is possible Cox was/is trying something in one area before releasing it through their entire network.

If you are submitting via email and getting replies then this is not happening to you. If you are sending email submittals and getting no response and no messages are waiting for reporting, then this may be happening to you.

Share this post


Link to post
Share on other sites
If you are submitting via email and getting replies then this is not happening to you.  If you are sending email submittals and getting no response and no messages are waiting for reporting, then this may be happening to you.

30002[/snapback]

Sorry, not yet used to input format, but I think this is ok...

Just sent 8 reports, got 8 back to me. So, cox ain't doin it here (L. A.) YET...

Share this post


Link to post
Share on other sites

Please note that if you are with an ISP that is filtering out your SpamCop mail submissions, and they allow, say, 1/2 of the single-spam submissions, and you send a submission with, say, 3 spams, that will make the likelihood of them allowing that submission 1/8 or less; for 8 spams in one submission, the likeliihood goes down to 1/256 or less. Therefore, I suggest that people in such a position not try to submit multiple spams per submission.

P.S. I wrote "or less" because the filtering method used may be additive, where individual spams would pass but attached together in one submission they cause that submission to be filtered.

Share this post


Link to post
Share on other sites

Hello ---

Please add Hostgator to the list of misbehaving ISPs. My open ticket number with them is "[HGSales #AHN-13042-988]".

If you are a SpamCop Admin or Moderator, please feel free to email sales at hostgator dot com or support2 at hostgator dot com, with a cc to me - sean at twin-dad dot com, to try to explain to them the error of their ways. I've gone round and round with them and am pretty much fed up with them.

Granted, I'm on a shared hosting plan with these guys, at $14.95/month, but this service is atrocious, IMO. I am already looking for a new host and/or an email service provider. Read on if you want, and you can make up your own mind too ...

Mike Easter on the SpamCop newsgroup recently walked me through the process of troublehooting this problem, and it became quite clear that Hostgator's Exim 4.50 configuration is the issue. Below are the more relevant excerpts from my emails to and from Hostgator support. Enjoy!

Thanks for any help, suggestions or even just commiseration that you can offer,

Sean Sowell

=====

From: "Sean Sowell"

To: "Hostgator Support Team"

Sent: Thursday, July 14, 2005 0951

Subject: Please let me send email a t t a c h m e n t s to S p a m C o p

> > Hello,

> >

> > Ok lets try it again. I am closing this ticket. Please reply me in a new

> ticket. i.e changing the subject line to something else. Let me see if it goes

> through.

> >

> > Best Regards,

> > Joe,

>

> OK. Just so you understand where I'm coming from, this is about the ninth or

> tenth time I have /tried/ to set up a support ticket about this issue. One of

> the attachments is named *-take-4.txt, but that just means that I tried to get

> this issue across to you folks four times on the 13th alone. I have actually

> been trying to get this thing resolved with Hostgator since July 9th.

>

> FAIR WARNING: By now, I am _/VERY/_ frustrated and ticked off. From my point

> of view, all this hassle over what should be a simple fix is TOTALLY

> UNACCEPTABLE.

>

> See the files inside the attached zip file for my questions. Follow the links I

> gave in those files, so you can understand the issue and see how much time I

> have already taken with the folks on the S p a m C o p news groups.

>

> And finally, PLEASE ANSWER MY QUESTIONS!!!! I am trying to learn and understand

> here. DO NOT just keep throwing up one straw-man objection after another and

> ignore my questions.

>

> Thank you.

>

> Sean Sowell

> www.twin-dad.com, et al.

>

> PS: I'm putting the extra spaces in between certain words because apparently my

> previous submissions were triggering one or more Hostgator filters.

=====

From: "Sean Sowell"

To: "Hostgator Support Team"

Sent: Thursday, July 14, 2005 2212

> > Email attachment issue should be fixed now.Please retry.

> >

> > Best Regards,

> > Joe,

>

> Hello Joe ---

>

> Nope, sorry, that didn't work. I tried to submit the 21 spams that got by

> SpamAssassin in the past 48 hours. Below is the full message source, with a few

> things [munged]. I also snipped off all but the first spample.

>

> If you need more info to troubleshoot this, please let me know and I'll help as

> best I can.

>

> Thank you for your effort!!!

>

> Sean

...

=====

From: "Sean Sowell"

To: "Hostgator Support Team"

Sent: Friday, July 15, 2005 0046

> > Hello,

> >

> > The .eml files were being filtered. I removed it. Is it still not

> working ?

> >

> > Best Regards,

> > Joe,

>

> Still not working. The latest attempt is attached, [munged] and snipped

> for brevity.

>

> Sean

...

=====

From: "Hostgator Support Team"

To: [Me]

Sent: Friday, July 15, 2005 0708

> The system filters out eml attachments and for good reason. There is no way to configure/remove this on a per domain basis... and I will not do it globally.

>

> Thank you for allowing me to assist you!

>

> Warm Regards,

>

> L.Foster (GatorLyron)

> Systems Administrator

> Hostgator Support Team

=====

From: "Sean Sowell"

To: "Hostgator Support Team"

Sent: Friday, July 15, 2005 0741

> Good morning ---

>

> Still not working.

>

> Key part of the attached file ----> X-Failed-Recipients:

> submit.[munge][at]spam.spamcop.net

>

> Am still unable to forward .eml attachments to SpamCop. It appears that I

> can now write ".eml" in the body of the email without it being rejected,

> but of course that isn't the solution to this problem.

>

> FWIW, if you simply allow your _known_ _legitimate_ customers to include

> .eml attachments in any message addressed to submit.*[at]spam.spamcop.net,

> then that should work, and still keep the window small enough to prevent

> the propagation of malware to any other address.

>

> The "*" just after the "submit." above is a unique multi-character

> identification code issued by SpamCop to each registered user. For

> example, my unique code is sixteen characters long, contains upper and

> lowercase letters only, and is in the form NRFjzSoSDnLDupEk. This is not

> my actual SpamCop code; I just created this sample to /look/ like it.

>

> I don't know if SpamCop ever issues codes that include numbers or any

> other ASCII characters, or if they are always sixteen characters long. I

> also don't know if Hostgator's outbound mail filters allow for wildcarding

> and/or whitelisting of specific destination addresses in conjunction with

> otherwise blacklisted file attachment extensions. Nonetheless, I offer

> this information in the hope that it helps you to resolve the problem.

>

> Thank you again,

>

> Sean Sowell

=====

From: "Sean Sowell"

To: "Hostgator Support Team"

Sent: Friday, July 15, 2005 0748

...

> That is not an acceptable response. Please escalate this, to the owner of

> the company if necessary. Please also see the message I sent to Support2

> about six minutes ago. The information there may help.

>

> Thank you.

>

> Sean Sowell

> www.twin-dad.com, et al

=====

From: "Sean Sowell"

To: "Hostgator Support Team"

Sent: Saturday, July 16, 2005 1213

> > > The system filters out eml attachments and for good reason. There is

> no

> > way to configure/remove this on a per domain basis... and I will not do

> it

> > globally.

> ...

> > That is not an acceptable response. Please escalate this, to the owner

> of

> > the company if necessary. Please also see the message I sent to

> Support2

> > about six minutes ago. The information there may help.

>

> Yesterday morning at 0748 Pacific time, I asked that this issue be

> escalated. Since then I have not heard anything.

>

> QUESTION: Has it been escalated?

>

> QUESTION: Who at Hostgator has responsibility for this issue now?

>

> QUESTION: When should I expect a response?

>

> Thank you,

>

> Sean

=====

From: "Hostgator Support Team"

To: [Me]

Sent: Monday, July 18, 2005 0736

> The system filters .eml files due to virus and attack concerns. This configuration is set in the interest of system security and will not be unset. If you need to send a .eml file, ensure you enclose it into a zipfile before sending.

>

> Thanks for choosing HostGator!

>

> -David

=====

From: "Sean Sowell"

To: "Hostgator Support Team"

Sent: Tuesday, July 19, 2005 1336

> David, I am sorry that this has gotten to this point, but you really do

> need to READ MY PREVIOUS POSTS. Your reply leads me to believe you do not

> understand the limited scope of my request.

>

> I am NOT asking that .eml attachments be allowed to be sent to any domain.

> All I am asking is that .eml attachments be allowed to be sent to the

> spamcop.net domain. The SpamCop spam parser is specifically designed to

> accept such attachments.

>

> Again, this respone is not acceptable. Please escalate, to the owner of

> Hostgator if necessary.

>

> Thank you.

>

> Sean

=====

From: "Hostgator Sales Department"

To: [Me]

Sent: Tuesday, July 19, 2005 2348

> I am sorry there is nothing more we can do regarding this unless you wish to purchase a dedicated server than we can configure any way you want.

>

> Thank you for allowing me to work with you!

>

> Sincerely,

> Brent

=====

From: "Sean Sowell"

To: "Hostgator Sales Department"; "Hostgator Support Team"

Sent: Wednesday, July 20, 2005 2051

...

> Hello Brent,

>

> If, judging from some of the Forum posts, you are Hostgator's owner, could

> I ask please for the _reason(s)_ that Hostgator is not willing to let me

> fight the good fight against spam and send my spamples to SpamCop by way

> of .eml attachments?

>

> If you are not the owner though, please escalate my request to him/her.

>

> Once you guys make this change all you need to do is get out of the way

> and let me do my thing. I can't see how my request is unreasonable in any

> way. I also can't see how this request would create any risk, liability

> or downside for Hostgator or its other customers.

>

> If I'm wrong, please tell me how and why. Yes, I am clearly frustrated.

> But please also help me understand this seemingly bizarre refusal to make

> an apparently small one-time change to your mail server(s). Unless I am

> completely off-base, it looks to me like you guys would rather shield the

> spammers from active members of the anti-spam community like me!

>

> It just makes no sense to me that you would rather side with the spammers

> against the larger internet community.

>

> And I don't see why I should be asked to spend untold more $s per month

> for a dedicated server, just to obtain this one - apparently simple -

> thing!?

>

> Thank you.

>

> Sean

=====

From: "Hostgator Sales Department"

To: [Me]

Sent: Thursday, July 21, 2005 0003

> The system filters out eml attachments and for good reason. There is no way to configure/remove this on a per domain basis... and I will not do it globally. if we changed this on the server Many of our users would be getting viruses as well as sending them, and we would be blacklisted, much more frequently.

>

> Thank you for allowing me to work with you!

>

> Sincerely,

> Brent

Share this post


Link to post
Share on other sites

Just remember, as long as they're RFC compliant, they can configure their servers however they want to. (just like we can configure ours to not talk to spammers.) They've made their business decision, and usually will only make changes when it affects their business. Assuming you cannot convince them otherwise, you're only recourse (as you've alluded to), and the appropriate one, is to take your business elsewhere. Make sure you let them know why you left. The mighty dollar is the most powerful argument you have.

Share this post


Link to post
Share on other sites

...A [probably very dumb] question for the knowledgeable: is there an alternative to an "eml" file for this purpose? Perhaps providing Hostgator with such an alternative would be more productive.

...FWIW, I think you were overly hard with Hostgator support, Sean -- not because your ultimate goal (submitting spam to SpamCop via e-mail) is not worthy but because you haven't seemed to recognize the validity of their reluctance to allow eml attachments. Their problem, if I understand correctly, is that it just isn't possible for them (or, at least, it isn't possible as far as they know) to allow eml attachments to go to only SpamCop -- they either have to let them go to anyone or to no one and they have (reasonably, IMHO) chosen the latter.

Share this post


Link to post
Share on other sites
... as long as they're RFC compliant, they can configure their servers however they want to.  (just like we can configure ours to not talk to spammers.)  ...you're only recourse ... and the appropriate one, is to take your business elsewhere.  Make sure you let them know why you left.  The mighty dollar is the most powerful argument you have.

30509[/snapback]

Thanks, Jank1887. I guess I lack the rhetorical abilities and/or technical know-how to convince them to let me fight the good fight, so I am definitiely looking for another host.

Share this post


Link to post
Share on other sites
...FWIW, I think you were overly hard with Hostgator support, Sean -- not because your ultimate goal (submitting spam to SpamCop via e-mail) is not worthy but because you haven't seemed to recognize the validity of their reluctance to allow eml attachments.  Their problem, if I understand correctly, is that it just isn't possible for them (or, at least, it isn't possible as far as they know) to allow eml attachments to go to only SpamCop -- they either have to let them go to anyone or to no one and they have (reasonably, IMHO) chosen the latter.

30528[/snapback]

I agree I was hard on them Steve. Also, after getting Brent's reply, I reviewed some of the relevant archive threads of the Exim users mailing list (recall that Exim is Hostgator's mail server). Exim indeed only allows for filtering of attachment types (.eml, .exe etc) for the whole server, and does not permit custom settings for each sender or each recipient. So I better understand their predicament now. Even so, I thought I did a decent job of limiting the scope of my request but maybe not. Like I noted for Jank1887 above, maybe my persuasive abilities and/or technical know-how were not up to snuff.

Had I known about the limitations of my ISP's mail server software beforehand, I probably would not have raised such a ruckus with them. I suspect that ANY ISP which uses Exim will suffer from this same limitation, and would therefore probably choose not to allow any .eml attachment, just as you described above.

Also, if Thunderbird, Pegasus or another mail/news reader allows me to save full message source in a format other than .eml, GREAT!!! I am still on this learning curve and am definitely open to suggestions. I have heard that .mbox files are more of a Unix standard for email data files, but as you asked above, I do not know if SpamCop can parse .mbox attachments just as it can parse .eml attachments. I don't know if the .mbox extension can be used under my Win2K os, or if it's only used in Unix/Linux land. And I don't know if a similar 'forward as attachment' mechanism exists in either the TBird or Pegasus MUAs, as it does in Outlook Express.

Will definitely keep reading and learning as best I can.

Many thanks again for your post Steve.

And, thank you WazOO, for adding Hostgator to the list at the very top of this thread.

Best regards,

Sean Sowell

Share this post


Link to post
Share on other sites

In addition to the advice I offered in my post http://forum.spamcop.net/forums/index.php?...findpost&p=2294, you may also want to tell them simply "Since you insist that you are better at protecting me and the Internet from spam, starting tomorrow morning I will be sending you all the spam that you won't let me report via email to SpamCop, so that you may do a better job at reporting and filtering using that spam." I wrote a similar statement some time ago, but can't find it at present.

Edited by Jeff G.

Share this post


Link to post
Share on other sites
Thanks, Jank1887.  I guess I lack the rhetorical abilities and/or technical know-how to convince them to let me fight the good fight, so I am definitiely looking for another host.

30531[/snapback]

Rhetorical abilities or technical know how can work with a white hat; nothing works with a black hat; and an 'empty hat' (that's a great way to describe incompetence) simply gets confused and spouts canned responses.

Don't be so hard on yourself. You didn't lack anything.

Miss Betsy

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0