[OT] IronPort Blacklists Google

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[OT] IronPort Blacklists Google

Paul McNett ∅
I noticed that my mailserver was rejecting some incoming messages from
gmail users, and then realized that IronPort may be involved in the
blocking:

http://www.spamcop.net/w3m?action=checkblock&ip=66.249.92.169

At the time of this posting, I get a page that says:

66.249.92.169 listed in bl.spamcop.net (127.0.0.2)
[snip]

If you are the administrator of ug-out-1314.google.com and you are sure
it will not be the subject of any more reports of spam, you may cause
the system to be delisted without waiting for us to review the issue.

[snip]
In the past 29.9 days, it has been listed 7 times for a total of 3.3 days
Other hosts in this "neighborhood" with spam reports
66.249.92.168 66.249.92.170 66.249.92.171 66.249.92.172 66.249.92.173
66.249.92.174 66.249.92.175
[snip]
Copyright (C) 1998-2005, IronPort Systems, Inc. All rights reserved
[snip]

I only post this here because I thought it interesting that there is
another connection, besides meeting locations, between the two
companies. Sorry if it is considered clutter by some.

I presume that someone malicious is submitting gmail addresses to cause
trouble, not that IronPort or Google are at direct fault.

--
Paul McNett
http://paulmcnett.com
http://dabodev.com

_______________________________________________
Baypiggies mailing list
[hidden email]
http://mail.python.org/mailman/listinfo/baypiggies
Reply | Threaded
Open this post in threaded view
|

Re: [OT] IronPort Blacklists Google

Marilyn Davis
On Thu, 11 May 2006, Paul McNett wrote:

> I noticed that my mailserver was rejecting some incoming messages from
> gmail users, and then realized that IronPort may be involved in the
> blocking:
>
> http://www.spamcop.net/w3m?action=checkblock&ip=66.249.92.169
>
> At the time of this posting, I get a page that says:
>
> 66.249.92.169 listed in bl.spamcop.net (127.0.0.2)
> [snip]
>
> If you are the administrator of ug-out-1314.google.com and you are sure
> it will not be the subject of any more reports of spam, you may cause
> the system to be delisted without waiting for us to review the issue.
>
> [snip]
> In the past 29.9 days, it has been listed 7 times for a total of 3.3 days
> Other hosts in this "neighborhood" with spam reports
> 66.249.92.168 66.249.92.170 66.249.92.171 66.249.92.172 66.249.92.173
> 66.249.92.174 66.249.92.175
> [snip]
> Copyright (C) 1998-2005, IronPort Systems, Inc. All rights reserved
> [snip]
>
> I only post this here because I thought it interesting that there is
> another connection, besides meeting locations, between the two
> companies. Sorry if it is considered clutter by some.
>
> I presume that someone malicious is submitting gmail addresses to cause
> trouble, not that IronPort or Google are at direct fault.

No, but it does show how vulnerable all ip's, i.e., all of us, are to
attack via blacklists.

I note that deliberate.com is still blacklisted by Paul's
intersight.com system, even though I went to the url and filled in the
form long ago, and, even though there can not be any legitimate claims
of spam against deliberate.com.  

Blacklisting is not a good idea.

Or, if you want to use a blacklist, use it for an additional piece of
information to factor into your heuristic, not as a sole reason for
blocking mail.

OK.  I'll try to be quiet now and do my work.

Marilyn


>
>

--

_______________________________________________
Baypiggies mailing list
[hidden email]
http://mail.python.org/mailman/listinfo/baypiggies
Reply | Threaded
Open this post in threaded view
|

Re: [OT] IronPort Blacklists Google

Paul McNett ∅
Marilyn Davis wrote:

> On Thu, 11 May 2006, Paul McNett wrote:
>> I only post this here because I thought it interesting that there is
>> another connection, besides meeting locations, between the two
>> companies. Sorry if it is considered clutter by some.
>>
>> I presume that someone malicious is submitting gmail addresses to cause
>> trouble, not that IronPort or Google are at direct fault.
>
> No, but it does show how vulnerable all ip's, i.e., all of us, are to
> attack via blacklists.

Yes it does.


> I note that deliberate.com is still blacklisted by Paul's
> intersight.com system, even though I went to the url and filled in the
> form long ago, and, even though there can not be any legitimate claims
> of spam against deliberate.com.  
>
> Blacklisting is not a good idea.

I think it is a good idea in that it makes mail server administrators
more careful regarding the mail they relay. If you run a mailserver for
many businesses and individuals, and one individual's email can result
in your whole server getting blacklisted, then you are going to make
damn sure you do some automated checking of outgoing email, or all your
users could move elsewhere.

But in general, black/white absolutes are certainly evil.


> Or, if you want to use a blacklist, use it for an additional piece of
> information to factor into your heuristic, not as a sole reason for
> blocking mail.

I've changed my incoming rules to add 1.5 to the Spam score if the
sender is blacklisted, instead of rejecting the mail out of hand like I
was doing before.

--
Paul McNett
http://paulmcnett.com
http://dabodev.com

_______________________________________________
Baypiggies mailing list
[hidden email]
http://mail.python.org/mailman/listinfo/baypiggies
Reply | Threaded
Open this post in threaded view
|

Re: [OT] IronPort Blacklists Google

Danny Yoo
In reply to this post by Marilyn Davis
>> I presume that someone malicious is submitting gmail addresses to cause
>> trouble, not that IronPort or Google are at direct fault.
>
> No, but it does show how vulnerable all ip's, i.e., all of us, are to
> attack via blacklists.
>
> I note that deliberate.com is still blacklisted by Paul's intersight.com
> system, even though I went to the url and filled in the form long ago,
> and, even though there can not be any legitimate claims of spam against
> deliberate.com.
>
> Blacklisting is not a good idea.

Hi Marilyn,

I also wanted to add that this issue heavily affects Stanford too, enough
so that they've had to write a FAQ about it:

     http://www.stanford.edu/services/email/antispam/blacklist.html

When I was working at Carnegie, SpamCop often blocked us enough that it
was causing some major headaches.  I agree with you: the problem is that
some email admins depend solely on a blacklist, which ends up a fragile
solution to spam.
_______________________________________________
Baypiggies mailing list
[hidden email]
http://mail.python.org/mailman/listinfo/baypiggies