What is frontbridge.com (spam filtering) ?

I've just had an email bounced back with a header saying I am on an IP
blacklist.

This is a mystery, since my email goes out direct via DNS, and our
server *is* secure; not an open relay etc.

What is this system?

It could explain why many of my emails seem to disappear.

I do run the TMDO challenge system on the server, so that emails
addressed to certain valid user aliases get challenged. It's possible
that we got hit with a lot of spam with a From: address belonging to a
real person who then received a load of challenges. We try to tighten
up the valid-alias list but some things like sales@company-name we
can't do much about...

occassionally-(E-Mail Removed) wrote:

> I've just had an email bounced back with a header saying I am on an IP
> blacklist.
>
> This is a mystery, since my email goes out direct via DNS, and our
> server *is* secure; not an open relay etc.
>
> What is this system?
>
> It could explain why many of my emails seem to disappear.
>
> I do run the TMDO challenge system on the server, so that emails
> addressed to certain valid user aliases get challenged. It's possible
> that we got hit with a lot of spam with a From: address belonging to a
> real person who then received a load of challenges. We try to tighten
> up the valid-alias list but some things like sales@company-name we
> can't do much about...

It probably means someone's 'spoofed' your email address to send out spam.

Until the issue of spam email is finally taken seriously by governments worlwide
and treated as a serious crime this kind of thing will continue to happen.

Graham

occassionally-(E-Mail Removed) wrote:

> I've just had an email bounced back with a header saying I am on an IP
> blacklist.
>
> This is a mystery, since my email goes out direct via DNS, and our
> server *is* secure; not an open relay etc.
>
> What is this system?
>
> It could explain why many of my emails seem to disappear.

There are plenty of RBL checker tools out there, eg:

https://toolbox.webhotel.net/cgi-bin/rbl.cgi
http://member.dnsstuff.com/pages/tools.php

Microsoft bought Frontbridge and rebranded it Exchange Hosted Services.

--
<http://ale.cx/> (AIM:troffasky) ((E-Mail Removed))
21:35:32 up 16 days, 23:24, 3 users, load average: 0.47, 0.28, 0.20
09 f9 11 02 9d 74 e3 5b d8 41 56 c5 63 56 88 c0

In uk.telecom.broadband, on Wed, 17 Oct 2007 16:16:42, wrote:

>I've just had an email bounced back with a header saying I am on an IP
>blacklist.

[]
>I do run the TMDO challenge system on the server, so that emails
>addressed to certain valid user aliases get challenged.

That'll be why you are on a blacklist somewhere. Challenge/response
(ITYM TDMA) is part of the problem:

http://www.cl.cam.ac.uk/~rnc1/cr/index.html

--
Jim Crowther.

West London MAG: Popes Grotto, Twickenham, every Tuesday from 21:00 onwards.

Jim Crowther <Don'(E-Mail Removed)> wrote

>>I do run the TMDO challenge system on the server, so that emails
>>addressed to certain valid user aliases get challenged.
>
>That'll be why you are on a blacklist somewhere. Challenge/response
>(ITYM TDMA) is part of the problem:
>
>http://www.cl.cam.ac.uk/~rnc1/cr/index.html

That's all true, except that we don't bounce back very much.

If one challenges every spam, it would get ridiculous. A much better
procedure is to dump all email other than that addressed to a small
number of valid usernames - this cuts down the challenges by some 99%
since most spam (sent to a user's domain) uses made-up names.

However I accept that if we get on an *IP* blacklist then that is
probably as a result of something *we* sent out. I find it hard to
believe anybody still runs blacklists based on email addresses...

In uk.telecom.broadband, on Fri, 19 Oct 2007 07:25:10, Peter wrote:

>
>Jim Crowther <Don'(E-Mail Removed)> wrote
>
>>>I do run the TMDO challenge system on the server, so that emails
>>>addressed to certain valid user aliases get challenged.
>>
>>That'll be why you are on a blacklist somewhere. Challenge/response
>>(ITYM TDMA) is part of the problem:
>>
>>http://www.cl.cam.ac.uk/~rnc1/cr/index.html
>
>That's all true, except that we don't bounce back very much.
>
>If one challenges every spam, it would get ridiculous. A much better
>procedure is to dump all email other than that addressed to a small
>number of valid usernames - this cuts down the challenges by some 99%
>since most spam (sent to a user's domain) uses made-up names.

Fair enough, but...

>However I accept that if we get on an *IP* blacklist then that is
>probably as a result of something *we* sent out.

....If a spam had been sent to one of your valid users, and some innocent
(but forged in the spam) third party had received the challenge, then it
is very possible your system would have been reported. I know of
several people who do just that to all challenges they receive in this
way. C/R will cause you more and more headaches like this because of
the bl**dy spammers.

>I find it hard to
>believe anybody still runs blacklists based on email addresses...

Quite.

--
Jim Crowther.

West London MAG: Popes Grotto, Twickenham, every Tuesday from 21:00 onwards.

Jim Crowther <Don'(E-Mail Removed)> wrote

>...If a spam had been sent to one of your valid users, and some innocent
>(but forged in the spam) third party had received the challenge, then it
>is very possible your system would have been reported. I know of
>several people who do just that to all challenges they receive in this
>way.

Hmmm, I wonder what the people who report C/R users as spammers do
about their own spam?

What is a business supposed to do if they want to run an address like
(E-Mail Removed) for example?

One answer is that such email addresses simply cannot be operated
anymore, and web enquiry forms are the only way for the initial
contact.

Another answer is to analyse the incoming emails for obvious spamming
patterns, e.g. if more than 5 emails come from the same apparent
sender within an hour, dump the lot. That would mean delaying the
emails but for an initial enquiry that is OK.

In uk.telecom.broadband, on Sat, 20 Oct 2007 06:57:41, Peter wrote:

>
>Jim Crowther <Don'(E-Mail Removed)> wrote
>
>>...If a spam had been sent to one of your valid users, and some innocent
>>(but forged in the spam) third party had received the challenge, then it
>>is very possible your system would have been reported. I know of
>>several people who do just that to all challenges they receive in this
>>way.
>
>Hmmm, I wonder what the people who report C/R users as spammers do
>about their own spam?

If sensible they bin it (automagically here, apart from a couple a day
that the Bayesian filter needs to be told about). They report the C/R
backscatter out of frustration at other otherwise sensible people adding
to the problem, not helping to solve it.

Some of course complete the Response, so you *can* get the spam or
virus, you are welcome to it...

>What is a business supposed to do if they want to run an address like
>(E-Mail Removed) for example?

Once it's out into the spammers hands, something like a Bayesian filter
is one way of coping. Greylisting helps of course, but less so as the
spammers change their methods.

Most of these addresses have at some time in the past been on a company
website in the clear, rather than in a human-clickable but spam-bot
opaque way. Also, any domain may get spam sent to 'sales@', a common
first-guess for spam lists.

So use (E-Mail Removed) or somesuch variant perhaps?

>One answer is that such email addresses simply cannot be operated
>anymore, and web enquiry forms are the only way for the initial
>contact.

Yuck, I do hate those! I suspect you do too.

>Another answer is to analyse the incoming emails for obvious spamming
>patterns, e.g. if more than 5 emails come from the same apparent
>sender within an hour, dump the lot. That would mean delaying the
>emails but for an initial enquiry that is OK.

Greylisting can be very effective as a first line of defence, and using
a sensible choice of RBL in series also helps. If I still used a
catch-all mailbox and didn't use these above methods I'd get thousands
of spams a day. I now only have a very few that the local Bayesian
filter has to deal with.

I totally sympathise with the spam problems companies can have. I do
urge them not to resort to C/R - it dumps their problems onto others
(especially those who have had their domains Joe-Jobbed), and can get
their servers blacklisted as you have found.

--
Jim Crowther.

West London MAG: Popes Grotto, Twickenham, every Tuesday from 21:00 onwards.

Jim Crowther <Don'(E-Mail Removed)> wrote

>>What is a business supposed to do if they want to run an address like
>>(E-Mail Removed) for example?
>
>Once it's out into the spammers hands, something like a Bayesian filter
>is one way of coping. Greylisting helps of course, but less so as the
>spammers change their methods.

I don't think this works anymore - once the scale of spam gets bad
enough. At work we get about 10k spams a day. We used to run
Mailwasher, with (eventually) about 50 filters on it, and while it was
good in detecting spam (99%?) it also discarded quite a few real
initial emails from potential customers (we have a whitelist for known
contacts). So we had to do manual checks, which is not feasible at the
10k/day level.

Similarly, other peoples' spam filters do the same thing. A lot of my
emails get dumped by spam filters. A popular one seems to be if I send
a very brief email, perhaps containing just a couple of URLs. This is
often marked as spam. Or an email with no text and a graphic attached.

With the latest "drug" adverts being a paragraph from Shakespeare and
a GIF attached, I am convinced that spam detection is now finished -
if you don't want to lose a lot of real emails too.

I think domain names with a regularly changed alias, plus a whitelist,
is going to be the only way forward.