rgvodden Posted January 29, 2004 Share Posted January 29, 2004 My Issue: I am the Support Department lead for a software company, and we use the RightNow Web knowledgebase and ticketing system. Yesterday, Rightnow's email server was blacklisted. This server is their primary email gateway for all of their hosted customers (see http://www.rightnow.com/customers/ for some of their clients), and as a result, my support department can not send email to anyone using the Spamcop as a blacklist agent. Now here's the kicker... WE use Spamcop as one of our blacklist agents, so my support team can not even receive notification of new incidents which require their attention. My Point: I am all for anti-spam. I just think that there also needs to be a registry, or a setting with higher tolerance for systems like RightNow's. Their primary product is a support system, and is relied on by companies like British Airways, Electronic Arts, AT&T, and the US Social Security office). Currently, we have to wait 48 hours before we can trust that our emails are reaching their recipients (people we are contractually obligated to respond to within 24 hours). The Discussion: What can be done to create a list of "approved" servers? Your thoughts are appreciated. Link to comment Share on other sites More sharing options...
Merlyn Posted January 29, 2004 Share Posted January 29, 2004 My Issue: I am the Support Department lead for a software company, and we use the RightNow Web knowledgebase and ticketing system. Yesterday, Rightnow's email server was blacklisted. This server is their primary email gateway for all of their hosted customers (see http://www.rightnow.com/customers/ for some of their clients), and as a result, my support department can not send email to anyone using the Spamcop as a blacklist agent. Now here's the kicker... WE use Spamcop as one of our blacklist agents, so my support team can not even receive notification of new incidents which require their attention. My Point: I am all for anti-spam. I just think that there also needs to be a registry, or a setting with higher tolerance for systems like RightNow's. Their primary product is a support system, and is relied on by companies like British Airways, Electronic Arts, AT&T, and the US Social Security office). Currently, we have to wait 48 hours before we can trust that our emails are reaching their recipients (people we are contractually obligated to respond to within 24 hours). The Discussion: What can be done to create a list of "approved" servers? Your thoughts are appreciated. What IP number are you talking about? rightnow.com resolves to 216.136.229.9 www.rightnow.com resolves to 216.136.229.9 Mail for rightnow.com is handled by postalinspector.rightnow.com (10) 64.79.34.35 gallatin.rightnow.com (20) 64.79.34.10 I do not see any of the above IP's in the blocklist. Link to comment Share on other sites More sharing options...
Chris Parker Posted January 29, 2004 Share Posted January 29, 2004 Yesterday, Rightnow's email server was blacklisted. Can you post the IP or error message? Now here's the kicker... WE use Spamcop as one of our blacklist agents, so my support team can not even receive notification of new incidents which require their attention. YOU should whitelist them in that case. Link to comment Share on other sites More sharing options...
rgvodden Posted January 29, 2004 Author Share Posted January 29, 2004 Wow! Response within 2 minutes... Here's the report: Query bl.spamcop.net - 216.136.168.81 216.136.168.81 is utilsc01.rightnowtech.com (Help) (Trace IP) (Senderbase lookup) 216.136.168.81 listed in bl.spamcop.net (127.0.0.2) Since SpamCop started counting, this system has been reported about 10 times by about 10 users. It has been sending mail consistently for at least 93.8 days. In the past 720.2 days, it has been listed 22 times for a total of 21.7 days In the past week, this system has: Been reported as a source of spam less than 10 times Been witnessed sending mail about 140 times A sample sent sometime during the 24 hours beginning January 27, 2004 4:00:00 PM -0800: Link to comment Share on other sites More sharing options...
Chris Parker Posted January 29, 2004 Share Posted January 29, 2004 216.136.168.81 listed in bl.spamcop.net (127.0.0.2) From looking at some of the posts in news.admin.net-abuse.sightings concerning that IP address it appears that their system is spitting out support tickets to people's email addresses that have been forged as the from address in spam. Something you'll need to take up with them. They may need to change some of the email addresses those that use the service are using. Link to comment Share on other sites More sharing options...
Merlyn Posted January 29, 2004 Share Posted January 29, 2004 Wow! Response within 2 minutes... Here's the report: Query bl.spamcop.net - 216.136.168.81 216.136.168.81 is utilsc01.rightnowtech.com (Help) (Trace IP) (Senderbase lookup) 216.136.168.81 listed in bl.spamcop.net (127.0.0.2) Since SpamCop started counting, this system has been reported about 10 times by about 10 users. It has been sending mail consistently for at least 93.8 days. In the past 720.2 days, it has been listed 22 times for a total of 21.7 days In the past week, this system has: Been reported as a source of spam less than 10 times Been witnessed sending mail about 140 times A sample sent sometime during the 24 hours beginning January 27, 2004 4:00:00 PM -0800: I do not believe in this day and age of spam that any server/site/isp could be marked as approved. No one should have to. If there is no spam there is no problem. You might want to ask the deputies as I cannot see what was reported. Looking in NANAS this server does not have a good past and you are in other blocklists. If you can't wait 48 hours I suggest you get help from a deputy. deputies at Spamcop dot Net If this was spam and not something misreported you will have to wait. Link to comment Share on other sites More sharing options...
rgvodden Posted January 29, 2004 Author Share Posted January 29, 2004 Hi Chris, Thanks for the heads-up. I'll pass that along to the support team at rightnow tech. The support system assigns an incident tracking number to every email it receives, and auto responds with that tracking number. If the original email contains a forged address (from a spammer, or as the result of a virus), how can they tell that they should not respond? Basically, you can't always compare the reply address to the email server, and expect them to line up. Many organizations legitamely relay through a single unified server which does not match the domain of the reply address. For example, our product is web-based, and emails are sent from our server, on belalf of our clients (using a reply address that they specify). So for 100% of the email sent to our clients' customers, the reply address does not match the server domain. This is a bit of a pickle.... -Graham Link to comment Share on other sites More sharing options...
rgvodden Posted January 29, 2004 Author Share Posted January 29, 2004 Chris, I'll have our sysadmin whitelist this IP as soon as he returns from vacation (in Mexico). -Graham Link to comment Share on other sites More sharing options...
Ellen Posted January 29, 2004 Share Posted January 29, 2004 I am discussing this with Richard B from your organization in email at this moment. Ellen Link to comment Share on other sites More sharing options...
rgvodden Posted January 29, 2004 Author Share Posted January 29, 2004 Thanks Ellen, Point of Claification. I am not a Rightnow Technologies employee. I run a support department that uses their software, and is hosted on their servers. Cheers! -Graham Link to comment Share on other sites More sharing options...
rgvodden Posted January 30, 2004 Author Share Posted January 30, 2004 I just want to thank everyone for their time and assistance. -Graham Link to comment Share on other sites More sharing options...
Merlyn Posted January 30, 2004 Share Posted January 30, 2004 Looks like Ellen's discussion worked as you are not listed anymore. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.