On 3/29/17 2:52 PM, Larry M. Smith wrote: > "If you are authoritative for an IP address and you believe the issues > that caused the listing have been solved, you can [request a delisting]." > > Doesn't work for you?
Yes, it works great! But then we'd get re-listed a few hours later because the underlying cause was still present. Anyway, I've finally talked to the CSS folks at Spamhaus and found the cause of this, and it was mostly self-inflicted. Details below in case others have the same problem. When sending to some destinations, our outbound mail servers used multiple HELO/EHLO hostnames under tigertech.net, depending on the source of the message internally, and it could further vary over time. The reasons are boring and stupid; "it fixed an obscure problem in 2006 and we never stopped doing it". The hostnames were valid in terms of RFC 2821 and had working DNS, but certain recipients treat multiple HELO hostnames from the same IP address within a short period with suspicion, because it's one characteristic of snowshoe spam. So when one of our IP addresses randomly happened to send more than [some number of messages per minute] to a certain large ISP using multiple HELO names, they were flagged as potential snowshoe spam (despite being normal, often non-bulk messages). This was reported to the CSS algorithm. It further turns out that one of our customers sent a message to a Spamhaus spamtrap on March 6, lowering the reputation of our netblock just enough that the combination led to a CSS listing each time. "Hilarity ensued." Removing the multiple HELO hostnames from a single IP address solved it. Don't do that. I should have known better, because our own anti-spam point scoring system penalizes senders for this same thing (although it uses the Public Suffix List to avoid flagging different hostnames under the same registered domain name, which avoids this particular problem). However, I know others do this, perhaps as a side-effect of a NAT setup that has many different servers behind a single IP address. If that describes you, it would be wise to ensure that all the servers or instances consistently and permanently use the same HELO name. Thanks to everyone who offered help with this; it was much appreciated. I hope this description helps someone else. -- Robert L Mathews, Tiger Technologies, http://www.tigertech.net/ _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
