ATT and Verizon DNSBL Problems.
Posted on Feb 13, 2010 by Paul White
Verizon and AT&T yesterday started bounced emails from my server. This was very unexpected, as non of my websites
do any kind of spam. Afew of them do send a newsletter but this is to a double Opt inMaillist. Everyone getting the newsletter signed up for it. So inthis blog I will chronicle my journey to get this resolved with bothISPs. If this turns out good, then fine. If it turns out bad, then atleast I will have documented it for the rest of the world.
My Mail Server Setup
Before I get into the actual removal process, I want to clarify a few things about my setup. I am very anal about spam. I don't send it, and I don't like to receive it. My Server is a 1U supermicro rack server, that I custom built with some very high performance hardware. 256 MB RAID
10 across 4 x 15k RPM SAS
drives, plus an 320 GB SATA
drive for daily backups. It runs dual Xeons at 3.6 Ghz, and sits on a 100 Mbit port. I also have it colocated at one of the best data centers in Houston. Its not the best because of size, but because of the people. This is not some huge corporate entity. Its a small group of advanced nerds / network admins, that own and run the place. These guys take their network very seriously. If you want to colocated by the best in Houston visit Acronoc
Each of the websites
I run on my server gets their own IP address. This IP is then dedicated
for their Web Server, Stats Server, and Mail Server. Each Domain is setup with Domain Keys, DKIM, SPF, and the IP has its RDNS setup to the appropriate value. All my clients have Double Opt in Mail and Text Lists. I am using every technology that exists to authenticate my mail server as legit. To prevent spam I run a 5 minute grey list, and a variety of DNS RBL checks. The result is I only get maybe 1 spam a week.
AT&T Blacklist and IP blocking
AT&T is not just a wireless carrier, they also are SBCglobal.net, Bellsouth and a few other ISPs. SBCglobal is the dominate residential DSL carrier in Houston. So when I get blocked by AT&T its almost as bad as getting blocked by yahoo.
When your server IP gets blocked by AT&T you will get a bounce message similar to
Could not deliver message to the following recipient(s):
Failed Recipient: Email@sbcglobal.net
Reason:Remote host said: 553 5.3.0 flpi193 - o1D1wddr028278, DNSBL:ATTRBL521< 188.8.131.52>_is_blocked.__For_information_see_http://att.net/blocks
So we visit http://att.net/blocks
Which redirects to http://worldnet.att.net/general-info/block_inquiry.html
On this page we have list of options
Of course we want to learn why we got blocked so we goto the first link
This takes us to http://wn.att.net/cgi-bin/block_admin.cgi
On this page its a questionaire asking for our information.
I filled it out and clicked submit
And it thanks me and says to wait 2 days for a response.
This was on 2/12/2010 around 12 PM
I am now waiting for a response.
Verizon Blacklist and IP blocking
For those of you that don't know Verizon is one of the fastest growing residential internet providers
. Their FIOS servers which takes Fiber Optics to your door is one of the most sought after connections by the nerd community. with Speeds ranging from 20Mbit/s to 50Mbit/s. You would have enough power to run a few servers out of your home. Their prices are also competitive with Cable and DSL. The only problem is they are not available in all areas. Because of this I am stuck with Comcast
. Not that I am complaining because I feel my quality of service has been good. Plus I got a neighbor ( Kevin ) that works for them, and he is a real nice guy. So basically as Verizon starts to saturate the market we are destined to see they members join our mail lists. Now after doing some reading, it would seem that Verizon has had similar problem in the past. Their anti spam technology goes wild, and starts blocking everyone. This cause a huge mail outage a few years back on their network. I suspect that this could be a repeat of what happend years ago. As the block is not affecting just one IP, its bouncing every IP I have pointed at my server. Its possible that they are using a Class C IP block which blocks your IP and the 255 neighbors in your neighborhood. A class C IP block would be when they do this. 64.72.125.FU I only have a couple dozen IPs on that Class C, so if they are doing this its not right.
After you get the bounce messages from Verizon, you have to apply for removal.
Here is the response I got from them
On 2/12/2010 12:00 PM, firstname.lastname@example.org
> After investigation, Verizon Online Security
has determined that e-mail from your IP address will not be allowed access to the Verizon Online e-mail domain due to one or more of the following reasons:
> Your IP has been blocked because of spam issues or because your ISP indicates that it is dynamically assigned
> Once you have addressed any security
-related issues on your network, you should contact Verizon Online Security
via this form. At that time, we will work with you to restore normal e-mail traffic or to take other action as we deem appropriate.
> Verizon Online Security
First of all my IP is static, and we don't spam. So I responded to themSend to them at 2/12/2010 1:25PM
My IP address is not Dynamic, Its Static.
My Mail Server does not send spam. Is this a Class C IP block? Because
it seems all the IPs pointed at my server for various client's websites
are getting the same blocked messages. If you have received spam from
any IP, within 64.72.125.x please specify which ones. I only have a
limited number of IPs from that Class C. The rest belong to other
servers / customers of Acronoc.
Their response 2/12/2010 4:28 PM
Dear Paul White,
Thank you for contacting Verizon Online Abuse.
Please provide you IP addresses or IP Blocks.
Verizon Online Abuse
The fact that they responded within just a few hours is hopeful
So I responded to them with a list of IPs and domains my server runs
I will update this later when I get a response from them.Update 2/15/2010
I check my server's automated email accounts, and I haven't seen a single bounce message since Saturday.
I also haven't received any notifications from AT&T or Verizon about my IPs being cleared. So for now it looks I am in the clear. Hopefully this was just a glitch.