Monday, January 30, 2006

Spam mail policies at ISPs

I had some trouble with my internet provider, destiny cable internet last week. Emails being sent out their their mail were not getting sent. I use a local postfix server with the local server sending mail out through the ISP's official smtp server using relayhost. This, because, like most large internet providers, destiny blocks outgoing port 25 (as they should).

I was getting error messages like this:

Jan 24 22:31:25 my-laptop postfix/smtp[4704]: CA13C270A9:
to=, relay=smtp.mydestiny.net[202.8.224.8],
delay=4, status=bounced (host smtp.mydestiny.net[202.8.224.8] said:
554 : Client host rejected: Access denied (in
reply to RCPT TO command))

After getting in contact with destiny, I was told that their server though that my IP was spamming and so had decided to block everything from me.

I think this is a mistake. It's a convenient thing to do, notice a few emails outbound that seem spammy and block the IP completely, but it's too prone to error. And users are going to be confused. I'm lucky I have an inside pipeline to the destiny technical people. users who don't have that access would have trouble even figuring out what was going wrong, let alone explaining it so that it could be correctly diagnosed and fixed.

The right thing to do is to check every email going out, and if it's spammy, deny it with a useful error message (e.g., Destiny Internet has determined that this email is spam, please contact technical support if you think it isn't spam [plus some verbiage on how the ISP was protecting the user from spam and apologizing for inconvenience if the spam classifier got it wrong]). That way, emails that are clearly not spam don't get blocked.

Don't block IPs, block individual emails.

I suppose it's possible that that's what their spam classifier was doing. It had seen too much spam from my IP (when the IP was still used by someone else) and the bayesian learning system in there had locked on to the IP so that anything coming from that IP would be spam even if the rest of the email was innocuous. I don't think that's the case though. and it's something they should fix.

To be sure, blocking an IP after a whole bunch of spams have gone out is a cheap way to minimize load on the spamassassin cluster (or whatever they use), but it's still a mistake. Add servers to the cluster if necessary, but don't block an IP (which might have been spamified by someone else and now has been inherited by some innocent subscriber) just because of a history of spamming.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)