On 9/13/2011 1:56 AM, Rolf E. Sonneveld wrote:
On 9/13/11 10:27 AM, Ted Mittelstaedt wrote:
On 9/12/2011 5:39 PM, Quinn Comendant wrote:
We'll be deploying a mail server on a Rackspace cloud server, and
they suggested that because their offering is 'utility computing' the
IP addresses included are dirty (in a blacklist kind of way) and we
should use a commercial ESP such as SendGrid, PostMark, CritSend,
CloudSMTP, or the like.
Has anybody done research in this field? Any favorites?
We'll just be forwarding our outgoing SMTP traffic to their service
for its quality of deliverability. I doubt we'll use any of reporting
features, or even SPF/DKIM.
Quinn
I'm sure I'll get flamed but here is my $0.02
1) Rackspace is a server provider. They do not wish to know what your
doing with the servers they are selling you and couldn't care less.
They are completely and totally uninterested in providing technical
support to applications that run inside those servers and it is easy to
see why - they lose money doing it.
[...]
The reality is that there's no such thing as "utility" IP addresses.
If you have correct forward and reverse DNS entries, SPF records and
so on, and you have a public static IP number then you can run your
own SMTP directly, you do not need to forward to their mailserver.
This line of unadulterated bullcrap is something that Rackspace
manufactured on the spot in order to get you to stop asking them for
help running what you are supposed to know how to do already - your
own server.
I'm sorry but just having forward/backward DNS entries and DKIM and SPF
correct, doesn't help you much if you're running a server with IP
addresses which have (or are in a range with) bad reputation. Stories
like
http://www.lost-in-code.com/server-management/why-i-left-the-rackspace-cloud/
show that it can take a lot of (valuable) time to learn it the hard way.
Yes, if an IP address has PREVIOUSLY been used for spamming then I
agree it takes a while for all of the blacklists out there to be rid
of it. Not any of the RESPONSIBLE blacklists - those get cleaned very
rapidly - but all of the little ma-and-pa-kettle personal blacklists run
on itty bitty mailservers scattered all over the Internet.
But assuming that all Rackspace IP addresses were at one time used by
spammers and are therefore contaminated is absurd. Rackspace consumes
lots of IP addresses and asks for and gets more of them all the time.
The fact is that so-called "virgin" IPv4 addresses are just about gone.
If your in ARIN region they are saying that all the virgin ones
will be gone by December. At that time all ARIN will have are "used"
IPv4 that gets returned to them that has been previously used.
So the fact of the matter is that the "personal" blacklists run by
e-mail administrators of itty-bitty mailservers who think they know
what they are doing are pretty much all headed for a crash. Once the
large ISPs like Hotmail/etc. start uptaking "used" IPv4 from the RIR's
and from transfer purchases, those people are going to be in a lot of
hot water from their users if they do not stop using their hand-rolled
IP blacklists that never expire numbers.
Consider the number of IP addresses in the IPv6 universe. Consider we
are virtually out of IPv4. Consider that blacklists that would work in
the IPv6 universe would require man-centuries of computer time to
search for each incoming mail message. Now consider the future
usability of IP number blacklists and how absurd they will be in just
a few more years.
Although I tend to agree with your future predictions about usability of
DNSBLs, it is a fact of life that these days probably 50%-70% of all
spam is being blocked by mail servers using DNSBL's or proprietry BL's
(big Anti-Spam providers). This will not change anytime soon. Big AS
providers like MessageLabs enable their customers to select from a list
of DNSBL's to have their mail blocked. The customers I work for have
regularly problems with false positives, due to 3rd parties using lousy
DNSBL's. Please keep in mind, you have no control over what AS defense
your recipients use.
Attempting to step around the problem isn't going to work in the long
run. The fact is that the decent DNSBL's all either auto-remove
blacklisted IP's or they have mechanisms to expire them. And there are
not a lot of decent DNSBLs out there - it is certainly much easier to
take your IP off of them than to try changing IPs just to see if the
next one you get is any better.
And as for the lousy DNSBLs well for an INEXPERIENCED customer of
MessageLabs I guess they get a boner from selecting 60 different
DNSBLs most of which are run by some 16 year old kid who thinks they
have the latest answer to spam by blocking all the Asian IP blocks,
instead of selecting the 4 or 5 decent DNSBLs out there that cover 95%
of the bad actors and are actually run by competent people who care
about what they are doing. But they will learn and sooner or later
MessageLabs will grow up and start dropping the lousy DNSBLs as the
support load from their customers complaining about them starts to cost
them money.
Basing a static unchanging BL on an IP address is the mark of an
inexperienced, still-in-diapers mailserver admin. So are BL's that
punish entire ranges just for the naughtiness of a few. As more and
more the IPv4 market is kept on life-support by increasing use of
transfers, these static lists will become far more of a liability and
it will force the consumers of them to become more discerning, and
you will see the usage of them drop into the noise.
If the Original Poster wants to have a long term, permanent mailserver
then they would be just as well served by taking whatever IP they get
and if it needs to be delisted a few places, then learning how to do
that and doing it, than by finding a silo somewhere that has an admin
who they pay to do that for them and relaying their mail to that.
You do not need a commercial ESP. Sure a commercial ESP might be a
nice thing to have if you don't want to RTFM but you can send SMTP
just fine right from your Backspace-assigned IPs.
I'd take warnings about possible bad reputation of IP addresses serious,
from whoever they come.
I realize that an ESP's marketing plan seems as though it is based on
the notion that they can create an island of "clean" IPv4 in a sea of
"dirty" IPv4. I'm sure that makes a compelling sales argument to the
uninitiated. But an ESP's value add should be in the area of education,
training, and support - both of it's customers, and of it's customers
recipients who are using boneheaded spamfiltering - if it wants to have
any long term viability.
The only business model in the world that has had any long term success
in dependence on an artificial scarcity is DeBeers' investment-grade
diamond sales. The idea that an ESP can do this with IP addressing is
absurd.
Ted
/rolf
