The Dreaded Blacklist
Have you ever found yourself in the position when you send out that critical, time sensitive e-mail to a trusted colleague, that you have communicated with for years only to have the e-mail come back to you with some cryptic message? You call up your IT guy and he mutters those dreaded works, “You have been blacklisted.” But what does it really mean to be blacklisted?
Out in cyberspace, some people have made their living by monitoring e-mail traffic with the goal of determining what e-mail servers, or more accurately which IP addresses send e-mail messages that look like viruses or SPAM. Once they identified these IP addresses they put them into a database and spam filtering organizations like MX Logic, Postini, Microsoft’s Big Fish and even Forefront can then subscribe to these lists to help prevent SPAM and viruses from being received by their users. This all sounds like a great deal and for the most part they do work pretty well, until you are a valid e-mail server and have been listed. These Blacklist services don’t always provide a lot of resources to IT staff trying to determine why a network is listed and some even charge you to be removed. The good part is that most legitimate mail servers tend to get listed for one of three reasons:
1) The e-mail server is an open relay. What this means is that your e-mail server will accept an e-mail message from any computer and pass it on to the recipient. This means that someone sending SPAM can find your e-mail server and use it send out as many messages, as it can force through your server. That all sounds bad, doesn’t it? But if you are using an older MPF Scanners, then you most likely need to have open relay configured, so the scanner can send newly scanned documents via e-mail. This is where your e-mail administrator needs to step in and lock down that open relay to only allow the MPF scanners or whatever network device to relay messages while blocking everyone else.
2) You have a virus lose on the network. This is probably more common the number one and is even more difficult to track down. Unless you have rules on your company firewall that only allow traffic from your e-mail server to go out of the network, any workstation, laptop or wireless device that can attract a virus can start sending out e-mail messages. These don’t come from the e-mail server and any device on the network is a potential threat and the only good way to track this down is to run a fresh virus scan on EVERY device on the network.
3) Your passwords have been compromised and a spammer is using your username and password to send out SPAM messages. Do you have an easy to guess password on your user account? Is your network’s Administrator password, “password”? Spammers can search out e-mail servers and try to log into your account using dictionary attacks. This means that they will try every word in the dictionary trying to find your password and once they do, they can start to flood the e-mail system. This fix to this, well, change all your passwords and make them more complex. Then scan your systems to see if the spammer did anything more than send e-mail.
Up until about a month ago, these were the three main issues that we have seen organizations getting blocked. However, over the past month one blacklist service changed the rules that they leverage to identify networks as SPAM senders. We have found the best solution to prevent these blacklist occurrences is to use something called a SMART HOST. A Smart host is a service that is provided by a hosted anti-spam company like Postini. When you send an e-mail from your network, it doesn’t go directly to the recipient but instead goes through the Smart host where it can be scanned for viruses and SPAM before it gets send on to your clients or customers. This means that if your server is breached, the SPAM is still blocked and you can avoid getting blacklisted.
E-mail has become a critical component to many businesses and when e-mails stop flowing, we might as well shut the lights off. Taking certain security measures can help keep you off the blacklist but the use of a hosted anti-spam service and a smart host can help add to your confidence that when you click that send button, that message will get to the correct inbox without delay.
Scott Hirschfeld is the President of CTaccess, an Elm Grove IT support company that has been helping small businesses stop focusing on IT and getting back to doing business since 1990. Under his leadership CTaccess provides the business minded approach of larger IT companies with the personalized touch of the smaller ones. Connect with Scott on LinkedIn.