New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Read this part again, but slower this time:
Yup I read that part carefully but what I still don't understand is that doesn't providers only check RBLs for receiving emails? Or is the SSL provider is sending emails from the blacklisted IPs?
Yes.
Yes, I would assume he hosts this so-called "Spam SSL Provider" hence the PMS.
Ah, that makes sense.
TBH I believe the so-called SSL Provider should use a 3rd party SMTP relay.
That was funny. So I load up this guy's ranges on bgp.he.net as it helps me go down the list and check the PTR records of a whole range with ease. I see this one domain that is rather simplistic in nature, a very simple-looking domain. Let's say, for example, it's the company down the road from you that sells carpets. You know, some local little business kind of thing from the looks of it.
But then their website is ONLY a single text box to sign up for a newsletter, for nothing, there's no branding or anything, no actual website.
And then the PTR records show that they have a bunch of IPs for it with randomly generated subdomain strings like:
aabb.localcarpetguru.co.uk, aabc.localcarpetguru.co.uk, aabd.localcarpetguru.co.uk, and so on. (I made up this domain for an example)
And then the whole range is littered with stuff exactly like it. And then every other range is littered with stuff exactly like it or worse (plenty of spammy looking 4 letter new TLDs sprinkled in). Some with websites, some without any websites at all but domain names that clearly scream "Same customer, same subdomain generation algorithm, obviously, not someone who needs that many IPs for their little regional business."
And I only ended up looking at this stuff because one or more customers received spam from the network.
And then I look up and see not much else of value coming from the network, so blocking the whole thing seems alright, can just accept whitelisting requests if any good customers find their way in there.
And then he tells me that all of these PTR records aren't a mistake, aren't just leftovers from old spammers, are presently important, and won't be cleaned up.
The dude is running a spam network, no skin off my back. He really got mad about it though didn't he:
All he had to do was clear up the old PTR records from spam hosts, they're littering his ranges and making them look pretty bad: https://bgp.he.net/net/5.183.96.0/22#_dns
But he doubled down that those are important and necessary, so sounds to me like he doesn't give a shit about how his network looks, which is definitely a good candidate for blacklist first, whitelist as needed.
I've seen the DNS naming trends before that I see in his ranges. They'll buy up little local business domains that were expiring, generate a bunch of hostnames on the domain, put a single text box for newsletter registration on the index, and launch a spam campaign. Seen it a hundred times, any appearance of it and a host doubling down on it, especially when mixed with no real evidence of desirable mail coming in from their network, that's just a good candidate for listing by default. Easy stuff, normal everyday work. No use getting emotional over it, it's just sweeping the floor to me.
...
Holy fucking shit.
At the same time as that was happening, I had another fun story at the blacklist as well.
A spammer is spinning up servers on Ramnode's cloud and sending out spam, deleting the server, and creating a new one. They're just blasting through the whole IP ranges set aside for Ramnode's cloud right now. I sent an abuse complaint with logs of it to the abuse address listed at ARIN, they replied that I needed to send it to a different abuse address because they keep Ramnode stuff separate and apparently can't figure out how to forward email internally.
So I also blacklisted Ramnode, and I'm accepting whitelist requests from everyone on their network that isn't a spammer.
Because if your answer to "Your network is being wrecked right now" is "We have an internal policy and procedure that you couldn't have been aware of based on the data we made public, please jump through the next hoop" then you're pretty hopeless and I'm not spending any more time on you.
It's pretty easy to care about your network. If you don't, you should be blacklisted first and whitelisted as necessary.
Looool
Those websites scream spam
I love how the privacy and disclaimer tabs work but contact is nonexistent
Oh and for context, to compare what I'm seeing there to an already well established spam network that is 100% nothing but spam, spam, and career spam: https://bgp.he.net/net/212.192.216.0/22#_dns
If anyone doesn't see it in the first one, use this second for comparison and you'll quite likely see the extreme similarities. That's why I think that guy's network has been used by a career spammer.
The subdomains too... It's just insane.
It's already weird for a local business to have >1 sequential IPs. For an entire range to contain just a handful of small businesses with sequential IPs...
I was not aware of MXRBL. Added to my servers. Thanks!
In today's thrilling episode of @JAR: Spam Janitor!
For some reason emails sent by LowEndTalk, I believe, handled through MXRoute are being blocked. @jar I sent you a PM about this a few days/weeks ago. Would you mind taking a look?
We are sending via Amazon SES and all dkim/spf are set properly.
Suggest that they move to a better email provider, and link them to a guide on configuring internal forwarding/aliases with MXRoute 😂
iirc @jar also blocks some SES IPs (as well as some other big providers) as well. One of the reason why I moved out of MXroute.
How could you justify blocking SES? That seems like a very big risk to take when it comes to deliverability for your users (of MXRoute). Could that really be true?
I am receiving LowEndTalk emails. The most recent one was 12 minutes ago.
we'll need @jar to confirm, but iirc in the past at least, they will block IPs (incl. SES) if the spam rate is high.
Got it, thanks for the details. Hopefully we can at least get lowendtalk whitelisted somehow.
Never had any problems with MXRoute, except for the spam filtering part. Setting it up and have important mails not filtered out was hard and I gave up. I bought SpamExperts for 1 of my domains that got loaded with spam everyday but also receives important emails I don't want to miss and everything is working beautifully now.
I don't think this type of filtering helps instead of making problems. Discarding/Rejecting emails from Google, is that how should filtering work ? @jar
iCloud spam filtering is the best.
If you’re on proofpoint, you get flagged no mater what.
If you’re not, and something isn’t extremely off, you’re good.
Maybe MXRoute Outgoing Delivery (via SMTP or Directly) is very good but using as Incoming is a nightmare. I often find important emails to be rejected. I used ImprovMX, they also reject for headers & other issues (For RBL very less), ForwardMX nearly same type of issues. Zoho also had some problems. Right Now MXRoute also creating issues. Only good solution I got is CloudFlare Email Forwarding & NameCheap Email Forwarding. But, Cloudflare can't forward same email address to 1+ email addresses. This is the limitation. And for namecheap, if your domain isn't in NameCheap, you can't use that too.
You are not reading those log entries correctly. First that is two different emails. The one at 10:49:19 was incoming email from Google which was accepted and stored into your mailbox. The one at 10:49:21 is an outgoing email. The sending domain is blocked from sending emails due to not having correct DNS settings, or for sending spam. Most likely it is the first. If the sending domain's DNS records are incorrect, Google will reject the emails. MXroute is just rejecting them first so that their IP reputation does not take a hit with Google. This protects ALL MXroute clients.
Have you opened a support ticket with MXroute? The LET support desk can't really help here as the issue is most likely solved by you fixing your DNS, and requesting sending privileges restored once DNS is fixed.
Some additional reading: @Mahfuz_SS_EHL
https://accounts.mxroute.com/index.php?/news/view/29/gmail-doesn--039-t-like-that-you-didn--039-t-comply-with-our-policy/
All I did in that log was tell you I'm not going to forward that email, not that I wasn't going to let you receive it locally. This is where I'm thinking 10 steps ahead of every other email provider. I guarantee that you were trying to forward that email to Gmail, and here's the thing: There's a 100% chance that Gmail was going to reject it. So where everyone else thinks "Just let Gmail reject it" I think "Let's focus on increasing the statistics on successes vs failures to increase the statistical correlation between positive events with your domain and our IP addresses to increase inbox delivery by not forwarding emails that are known to be rejected anyway, as there's zero loss to immediate customer experience between the options of 'let them reject it or just reject it ourselves' anyway." Because I happen to know that Google's spam filtering AI is very statistic based and that preventing them from receiving emails that I know they'll reject is a great way to increase the statistical correlation between you and positive outcomes.
In this case, that forwarded email was either rejected because that email from Google happens to be among the ones that I had identified as being consistently rejected by Google (so why bother allowing them to associate the failure with you and us for no benefit), or because your domain was recently caught in a sweep of users who were being rejected by Google for not having an SPF record (which we require by policy).
I understand that everyone loves Gmail first and everything else second, and I've fully accepted this reality. But I need you to understand that if you are going to use Gmail as your front end for everything, I can't control how Google handles everything. I can only react and help mitigate problems that can occur based on Google's rules. Often you'll find that the things I've done, the things you are not certain why I've done, are exactly about this very thing. If you want to ask me how you can get the best out of MXroute while using Gmail as your front end for the entire process, feel free to open a support ticket and ask me for my opinion on the topic.
I also understand that other email providers don't work to mitigate these kinds of things and instead let you deal with the consequences and outcomes directly. I understand how that might be desirable to a few. But I bill myself as someone who is hyper-focused on inbox delivery and that means that I need to be proactive in understanding Gmail's filters (because that's 50% of all email right there, Gmail) and taking steps to help customers be better associated with success with their AI. That means I need to be doing things that other providers aren't doing because those providers are the ones they're complaining about when they come to me.
Sometimes a customer comes to me and thinks "I want to save the most amount of money" and nothing else, and I get that as well. But if you're just looking to save $2 and you don't want someone who is actively looking out for you and working to do better than the rest (not always getting it right, but always working toward it), maybe you just want to spend the extra $2 for a hands-off provider that isn't pulling statistics daily and drawing correlations to make changes to improve inbox delivery across the board. That I happen to charge less than the people who don't work as hard is funny, I admit, but I don't plan to change that.
I assume you were having trouble finding it, hope this helps: https://accounts.mxroute.com/index.php?/tickets/
I see two tickets on your account but neither of them relates to not receiving an important email. Look forward to hearing from you.
Look at the end of the day you're most happy using Gmail. You can keep trying to force a square peg into a round hole or you can stop dancing around what it is that we both know you really want: https://workspace.google.com/
@jar Replying from Mobile, don't know why the quote isn't working. You said, there's 100% chance gmail will reject it, right ?? What an irony, you know, Gmail accepted it correctly & I checked SPF, Dmarc, DKIM was correctly configured for that email. Just the IP was on RBL list. I found tons of email from reputed entitys got flagged by your filter. Whatever, it's your choice. Let's not talk on this more. Because discussing won't help, I can't win, I surrender.
I'm talking about the email you posted logs of. You're now talking about something else. I told you where to reach me about something else, but you're not interested in a resolution and that's fine. We both know what you really want and it isn't what I sell.
I'll bet you didn't. I'll bet you found a few SendGrid shared IPs and a bunch of Chinanet IPs who gave their HELO statement as claiming to be high-reputation senders and you just didn't check the WHOIS on the IPs. But if you actually found me rejecting email from reputable IPs that don't send high volume of spam, because of RBL listings, I sure do wish you'd have opened that ticket. And if it wasn't about RBL listings but just SpamAssassin, all you had to do was ask me how to find this article: https://mxroutedocs.com/directadmin/spamfilters/
In the last 30 days I rejected 21 emails headed for your domain (specifically the domain that I checked because it correlated to the logs you posted above, I didn't check others) due to listings at MXRBL. The only one that looks like it might not have been spam (but probably still was) came from Mailjet, from an IP that actively sent spam to our customers, for which they ignored an abuse complaint.
When I combined all of your domains for another check of the last 30 days, that number increased from 21 to 22. When I checked it against the other RBL I've been using (spamrats), the total number increased to 25. Can you help me to understand how you define the word "ton" here?
I mean if you just want to take a shit on me fine, have at it. But all of your domains saw 25 total rejections due to RBL listings and I can only account for 1 that may not have been spam, and your story in public is that I "often" reject "a ton" of legitimate emails this way? Help me make sense of this, I'm begging you. Because this is looking pretty bad for you to me.
I mean I don't know what you want to hear, that I'm sorry I didn't accept an email from 109.206.243.253 claiming to be sending you an email from yahoo.com? A confession and apology for events that didn't happen? This is why small business owners often get defensive against bad reviews, you are blatantly lying to people about the thing I work my ass off for in public, and for what? What is your angle? I'm trying to be nice but I have the current facts in front of me and your story isn't matching up.
Regardless of all of that, your ticket will be treated just as well as others, your continued business will be valued and your requests for support will be heard. Because at the end of the day it really doesn't matter how you treat me, it matters how I treat you.
I decided to check SpamAssassin logs for your domains as well. Over the last 30 days 4 emails scored high enough to reject. All 4 were confirmed spam. Alright, I'm going to go ahead and call this thread what it is:
You are lying and perhaps about to try to become a competitor.
I'll be nice to you in tickets but honestly, reviewing the facts against your claims just infuriated me. If your whole aim is just to try to hurt me then my aim will be to give you what you wanted here:
You know I build up my competition and even send them business. Maybe you could learn a thing or two from that. Give @mailcheap a try, Pavin is a good dude and deserves to be called my competitor. And @interservermike's mail.baby for outbound, I know a love letter when I see it and they took what I do and took it in their own direction (which may not be 1:1 for what I'd do, but they should be proud). In some ways, they do a better job (and work just as hard on it).
@jar Yes, you're pretty correct that these should be taken care by your support system & not LET, but as you come up with aggresive strategy, how people can communicate with you ? I understand your points behind everything but will we be able to make the system administrator/email administrator of different website/system not to use Mailjet/MailChannels/Mailgun etc. ?? While gmail isn't blocking those, why MXRoute ?
And you said I want to become competitor ? Why on the earth I would become a competitor where there is a lot of companies in the market already to serve !
And, I don't have any bad experiences at MXRoute, if it was, it should have been at Title. The only depressing fact is that when I miss a verification email, it's not possible to change the MX Record instantly to get the email through different provider.