"Michele Neylon :: Blacknight" <[EMAIL PROTECTED]> wrote:
Does anyone know how you can appeal or query a senderbase rating?
No. I tried and failed over a period of many months. Last year a spammer was inserting a faked Received header into millions of messages a day, claiming that the spam originated at cs.columbia.edu 128.59.16.20. Senderbase ranked cs.columbia.edu as by far the largest sender of mail in our domain. The catch? The host never sent mail at all. We know that from our network traffic analysis and from asking the system admins of the host. So actually the Senderbase rating and any other blocklist rating for that host did not affect anything, since no mail came from the host anyway. But for the sake of reputation we asked Senderbase to correct the listing. Repeatedly. NOTE, Senderbase is badly compromised because their software believes Received headers. Some ratings are based on faked headers. We know for a fact that the cs.columbia.edu rating was based 100% on faked headers. One of the several Senderbase people I reached finally agreed that they rated from Received headers instead of verified connections. But it didn't matter. They just kept stalling and referring it and so forth, and every month or two I'd try again, and finally the spammer moved on. If the spammer had faked a host that really sends mail, then we would have had a practical problem to solve. The cheapest solution would probably be to rename the host and change its IP, and let the spammer keep faking the old name and IP. Maybe a letter from your lawyer to Ironport would get attention. We did not go to that stage. Does that help? Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology
