A customer got themselves blacklisted again recently. I quickly traced the misbehaving machine to one of their delivery trucks - unfortunately, those machines don't get deep scanned as often as they should and their users are less supervised than the office workers. More unfortunately, the application use requires Windows and, most unfortunately, these are older machines running XP and lack the capacity to be upgraded to Win 7. There's a possibility that they could use iPads, but the software isn't quite ready yet.
OK, problem identified, and the owner promises to bring those machines in for deep scanning more often and to look into installing surfing control software on those machines. No doubt the users will quickly figure out how to bypass any such controls, but the very presence of them and the threat of disciplinary action might dissuade them from indiscriminate surfing. I also recommended installing Microsoft Security Essentials (as I do for all Windows machines now).
However, it's annoying that receiving SMTP servers over react to blacklists.
Over react? The company sent spam!! How is that over reacting??
Yes, spam was sent. They deserved blacklisting. But the presence of a blacklist entry doesn't have to mean outright blocking and should not.
Kerio Connect Mailserver offers blacklist checking and can block messages sent from IP's that have been marked as spammers. I advise my customers NOT to set the system to do that.
Instead, I suggest that they tell the Kerio server to bump the spam score if an IP is on a blacklist. If the message has other spammish characteristics, that bump may push the total score to be marked as spam (or blocked, if it goes high enough), but won't automatically prevent what might be important email from arriving.
Yes, of course companies need to be more responsible. I asked this customer when the truck PC's were last virus scanned; his embarrassed look told me that it had been a long, long time. I can understand that some might take the attitude that he got what he deserved. However, if you were expecting important email from this customer (perhaps a contract to upgrade the delivery fleet's computing resources?), you'd be unhappy if you blocked that mail just because he got sloppy with one machine in his infrastructure. "Soft" blacklisting (bumping a spam score rather than outright blocking) would prevent that.
This has another benefit in Kerio: if you absolutely want to see a certain customers email even if the spam score has been driven past the trigger point, you can whitelist them. Whitelisting will not stop a blacklist block, but will disregard spam scores.
Got something to add? Send me email.
(OLDER) <- More Stuff -> (NEWER) (NEWEST)
Printer Friendly Version
Increase ad revenue 50-250% with Ezoic
More Articles by Security|Mail|Kerio © 2011-07-06 Security|Mail|Kerio