APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Blacklists revisited - why are you blocking that email?

A customer got themselves blacklisted again recently. I quickly traced the misbehaving machine to one of their delivery trucks - unfortunately, those machines don't get deep scanned as often as they should and their users are less supervised than the office workers. More unfortunately, the application use requires Windows and, most unfortunately, these are older machines running XP and lack the capacity to be upgraded to Win 7. There's a possibility that they could use iPads, but the software isn't quite ready yet.

OK, problem identified, and the owner promises to bring those machines in for deep scanning more often and to look into installing surfing control software on those machines. No doubt the users will quickly figure out how to bypass any such controls, but the very presence of them and the threat of disciplinary action might dissuade them from indiscriminate surfing. I also recommended installing Microsoft Security Essentials (as I do for all Windows machines now).

However, it's annoying that receiving SMTP servers over react to blacklists.

Over react? The company sent spam!! How is that over reacting??

Yes, spam was sent. They deserved blacklisting. But the presence of a blacklist entry doesn't have to mean outright blocking and should not.

Kerio Blacklists

Kerio Connect Mailserver offers blacklist checking and can block messages sent from IP's that have been marked as spammers. I advise my customers NOT to set the system to do that.

Instead, I suggest that they tell the Kerio server to bump the spam score if an IP is on a blacklist. If the message has other spammish characteristics, that bump may push the total score to be marked as spam (or blocked, if it goes high enough), but won't automatically prevent what might be important email from arriving.

Yes, of course companies need to be more responsible. I asked this customer when the truck PC's were last virus scanned; his embarrassed look told me that it had been a long, long time. I can understand that some might take the attitude that he got what he deserved. However, if you were expecting important email from this customer (perhaps a contract to upgrade the delivery fleet's computing resources?), you'd be unhappy if you blocked that mail just because he got sloppy with one machine in his infrastructure. "Soft" blacklisting (bumping a spam score rather than outright blocking) would prevent that.

This has another benefit in Kerio: if you absolutely want to see a certain customers email even if the spam score has been driven past the trigger point, you can whitelist them. Whitelisting will not stop a blacklist block, but will disregard spam scores.

Got something to add? Send me email.

(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> Blacklists are misused by too many sites

Increase ad revenue 50-250% with Ezoic

More Articles by © Security|Mail|Kerio

Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us

Within C++, there is a much smaller and cleaner language struggling to get out. (Bjarne Stroustrup)

Always do right. This will gratify some people, and astonish the rest. (Mark Twain)

This post tagged: