Problem sending to Mweb Emails - IP's blacklisted on backscatterer.org

Death

Death

Senior Member
Joined
Nov 3, 2007
Messages
694
Reaction score
477
Hi Guys

I'm with an IS based ISP and there have been a lot of complaints today with sending to mweb email addresses.
Seems IP's are getting blacklisted on a filter that mweb is using via http://backscatterer.org

They will blacklist the IP for 4 weeks and automatically delist if no further issues are found or you pay $112.00 for it to be expedited. WTF Mweb?! :confused:

http://www.backscatterer.org/?ip=196.28.76.23
 
I would also check SpamExperts.com - MWEB is also using them and SpamExperts did a partial DKIM-key mismatch which blocked all our email - http://forum.bidorbuy.co.za/bidorbu...ing-blacklisted-mweb-afrihost.html#post143071.

If this is a dedicated IP, then you are starting to get into trouble with your bounces: https://www.senderscore.org/lookup.php?lookup=196.28.76.23&ipLookup.x=48&ipLookup.y=8 and high sending rate. If it is a shared IP then it's even worse.

I have yet to come across any ISP in this country which manages mail IPs and mail-services properly. Shared services lack DKIM,SPF,DMARC and proper DNS config. Most of them allow relaying as well. None of the ISPs monitor IP reputation, FBLs or even attempt to get their IP's whitelisted - http://multirbl.valli.org/lookup/196.28.76.23.html.

One of the reasons we got a /24 block and moved everything over to our dedicated MTA. Does not really help, since Internet Solutions ASN is broadly poisoned.

BTW: If your volumes are low and you are not able to get a dedicated MTA with the proper sending policies setup, then use something like SendGrid.com instead.
 
Death said:
Hi Guys

I'm with an IS based ISP and there have been a lot of complaints today with sending to mweb email addresses.
Seems IP's are getting blacklisted on a filter that mweb is using via http://backscatterer.org

They will blacklist the IP for 4 weeks and automatically delist if no further issues are found or you pay $112.00 for it to be expedited. WTF Mweb?! :confused:

http://www.backscatterer.org/?ip=196.28.76.23
Click to expand...

The PTR record for that IP points to postwall03.smp.mweb.co.za

What SMTP server are your clients using to send mails?
 
Am on IS for company mails. Also had issues with backscatter.

Resolved it. Will post new thread on how it was done.
 
Death said:
Hi Guys

I'm with an IS based ISP and there have been a lot of complaints today with sending to mweb email addresses.
Seems IP's are getting blacklisted on a filter that mweb is using via http://backscatterer.org

They will blacklist the IP for 4 weeks and automatically delist if no further issues are found or you pay $112.00 for it to be expedited. WTF Mweb?! :confused:

http://www.backscatterer.org/?ip=196.28.76.23
Click to expand...

Hi Death

The best advise I can offer is to email our abuse department on [email protected]
They deal directly with these types of queries and should be able to best assist you in resolving it.

If you have already emailed them and have not received a reply, drop me a PM with your email and I'll follow up with them.
 
If MWEB server is blacklisted then only users using that server to send mail out to other ISP's email server will get blocked.
You should have a problem if you are using another ISP's server sending to MWEB users.
 
MWEB Guy said:
Hi Death

The best advise I can offer is to email our abuse department on [email protected]
They deal directly with these types of queries and should be able to best assist you in resolving it.

If you have already emailed them and have not received a reply, drop me a PM with your email and I'll follow up with them.
Click to expand...

Hi Mweb Guy

Thanks for the info. I've sent off a mail now. Was having a look at some of the IP's and it looks like an entire range is blocked.
 
The_Librarian said:
I have put up a backscatter thread, as promised. Link
Click to expand...

Many thanks The_Librarian, much appreciated! I'm sure this could really help a lot of users.

Unfortunately the issue we are experiencing is using multiple email addresses from multiple domains sending via smtp.isdsl.net
We are not using an exchange server or anything like that I'm afraid.
 
Death said:
Many thanks The_Librarian, much appreciated! I'm sure this could really help a lot of users.

Unfortunately the issue we are experiencing is using multiple email addresses from multiple domains sending via smtp.isdsl.net
We are not using an exchange server or anything like that I'm afraid.
Click to expand...

Not a problem! Hope your issue get resolved soon.
 
Hi everyone,

Just wanted to add my 2c worth - I also manage domain and email hosting for a number of clients and this issue with Mweb and backscatterer.org is getting worse by the day. A week ago we started getting complaints but now most emails to Mweb based clients are getting bounced, whether it is sent from an IS or SAIX based IP (we even had an Mweb client who couldn`t send email and when they called Mweb support they were told that when sending from smtp.mweb.co.za, you should be safe).

The big concern with a service like this, though I think their goal is noble, is that after you've "fixed the problem" you still have to wait 4 weeks or pay backscatterer.org to remove you - that is extortion and Mweb should really not be involved with such a scheme.

What is also of concern to me, having reviewed a few of the bounced emails, is that Mweb is checking the IP address of the sender's connection against backscatterer.org, not the IP of the mailserver the client used in the first place - this cant be right, can it?
 
Move to SendGrid (http://sendgrid.com/pricing.html) - MWEB will never be able to support you with commercial mail on a shared mail-platform. You will be penalised from other user's inappropriate mailing practises. Unless you go with a dedicated IP in an un-poisoned IP-range and ASN you will always face those issue. Lack of DKIM, SPF, DomainKeys and DMARC will haunt you forever on a shared mail-platform.
 
Mweb's reply to me on Monday(sorry for the delay)

According to the UCEProtect website, since the original listing, quite a number of the affected IP addresses have been removed.

The query was forwarded to Management and discussed with our Mail Administrators.

The feedback has been that, since the original listing back in 2010, changes made to our platform were made in line with the recommendations from UCE Protect. Despite these changes and the large scale changes to the platform, UCE still requires a payment in the case of a listing. They even require a monthly payment(per IP address) should one wish to be on their “Whitelist”, which still does not guarantee that you would not be listed.

While other smaller networks may use Realtime Blacklists (like UCE Protect) as a single reason for blocking messages from certain networks, it is not viable with a larger network like MWEB. While we do use RBL’s to assist in filtering incoming messages, a blacklisted IP address(external RBLs) usually results in the increase of a spam score for e-mail from that network(other factors need to be met before a network is simply blocked), not an outright block.

While we can control how RBLs affect deliverability to our platform, we cannot control how external networks implement the use of these RBLs, however aggressive we believe their listing process is.

MWEB has done everything possible to remain in line with UCE Protect’s recommendations and would not be able to justify paying a fine(s) since we have met their requirements.

Kind regards
MWEB Abuse & Security Team
Click to expand...

:confused:
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X