Brief DBL false positive


Spamhaus are rolling out a new subzone of the DBL, for domains whose webservers have been compromised and used to host spam landing pages, often via mass compromises of their management control panels. There was a brief mistake that caused all of .net to be listed in the new subzone, meaning that mail sent with URLs in it that used hostnames in .net may have been rejected or spam-foldered by early adopters or careless users of the DBL.
If you’re using one of the reputation services that wraps many different sorts of listing in a single zone, differentiating between different listing reasons by return code, you should be aware of what all the subzones are and what listings of each type mean. Unless the blacklist operator has a published policy about what sort of sublists might be added in the future, you should never configure your mailservers to take action on any returned value, rather you should check for specific return values and ignore any response that you don’t explicitly intend to use.
If your MTA supports it, logging unrecognized responses and alerting based on them is a good idea – both so you know when a new category is added, and so you know if you’ve been blocked from accessing the blacklist, or the blacklist has been shut down and is listing the entire Internet. It’s not unusual for blacklists to see very high query volumes for months or years after they’ve been shut down, presumably from users who are using the data as part of  a scoring system and who haven’t noticed that it’s no longer providing any useful data.
 

Related Posts

Images, again

It’s a new year, but an old problem. Email with unloaded images.
Sure, you should be including critical content as text, and/or including alt-text as a normal part of your creative design process, but at the bare minimum you should look at what your mail looks like without images.
The last thing you want to do is send out email with just one strong call to action – the unsubscribe link.

Read More

Links: September 24, 2012

Last week Return Path announce a new set of email intelligence products. One of their new products offers customers the chance to actually see how (some subset of) their customer base interacts with mail directly. It moves beyond simply looking at probe mailboxes and actually looks inside the mailbox of recipients.
Spamhaus has listed bit.ly on the Domain Blocklist (DBL) for allowing spammers to abuse their redirector service. Spammers have been abusing bit.ly for a while, and I’m a little surprised it’s taken so long for a listing to happen. Steve wrote a post last year about URL redirectors and offered suggestions on what to do to avoid blocking problems when using a URL shortening service.
Real Insights has a very interesting post on why it should be “hard” to subscribe to your mailing list. There are also a number of good suggestions about the subscription process itself. Definitely worth a read.

Read More

Bit.ly gets you Blocked

URL shorteners, like bit.ly, moby.to and tinyurl.com, do three things:

Read More