Earthlink Blocking

[dawilson]

In case anyone else spends multiple hours trying to figure out why they are no longer receiving mail forwarded from TCH-hosted domains to Earthlink, you may be interested to know that Earthlink have decided that server390 is a source of spam and have blacklisted the server :-(

I've raised support requests at both Earthlink and TCH but the problem is still not resolved. Mail sent or forwarded from server390 results in:

 

host mx1.earthlink.net [209.86.93.226]: 550 550 Dynamic/zombied/spam IPs blocked. Write blockedbyearthlink@abuse.earthlink.net

 

Regards,

 

Dave Wilson

 

PS: If anyone has experience of getting Earthlink to remove a blacklist entry for an IP address that appears in no public spam source databases, I would love to hear from you.

[TCH-Dick]

Your forwards to Earthlink are the cause of the server being blacklisted.

 

When you forward email or set your default address to an email address, all mail is forwarded including SPAM. If yet to find an ISP with the ability to differentiate from actual SPAM and forwarded SPAM, nor want that likes it when their customers forward spam to them.

 

The first thing you need do is remove the 23 forwards to Earthlink and start popping your mail. Then you need to contact open a new ticket to the abuse department as well as contact your ISP explaining you are the source of the SPAM.

[dawilson]

Dick,

 

I've been forwarding email to Earthlink for 3 years with no problems. The amount of spam has actually decreased recently so it surprises me that all of a sudden this should be a problem.

 

I had a similar problem a couple of years ago when TCH decided to disallow forwards to AOL for the same reason. In that case, it affected many of my web design clients who use AOL. This time, it only affects me and one client. Maybe it's time that TCH finally bit the bullet and disabled all mail forwarding? This would be a pain for me but a lot less pain than having the service eroded over time as more and more ISPs with unintelligent mail filters decide to blacklist the last hop server rather than the original sender.

 

The way things are going, email is going to be a useless "tool" within about 5 years. It's a shame, really, since it used to be so handy.

 

Regards,

 

Dave W

 

PS: I switched every Earthlink forward I had to POP yesterday and sent all relevant info to Earthlink themselves. Block is still in place and no reply has been received.

[Head Guru]

It can take weeks to get a blacklisted server unlisted.

[dawilson]

Can someone who knows how this works give me some guidance on the use of forwards? It appears they should only be used sparingly and not as a replacement for POP accounts on the TCH server yet I find them tremendously useful especially for web design clients who are not tech savvy and have problems configuring their mail client for new POP addresses (using a forward, I can redirect all their mail to their existing ISP mailbox and save them having to do this).

 

In the past, I have forwarded my own email to my ISP since (a) they have a fabulous spam blocker and ( I preferred their webmail interface while travelling. I've been using the same email address for 10 years which was one of the main reasons for getting my own domain in the first place but is also one reason behind the volume of spam I receive.

 

I've shifted to POP accounts now and SpamAssassin seems to be doing a reasonable job so far so at least mail is no longer being lost. I'll keep talking to Earthlink in the hope that they will remove the block but it sounds as if I am in for a lengthy discussion.

[TCH-Bruce]

I use forwards all the time, but I forward to an account within my own domain. Say I have bruce@mydomain.ext if I sign up for something on the 'net I will create a forward for that site and forward it to my bruce@mydomain.ext. So say it was a shopping site. I would create a forward called shopping@mydomain.ext and forward it to bruce@mydomain.ext. This means I only have to pop one account and I can filter in my email client what folder to place the email in based on which email address it came too.

 

I ocassionally forward to gmail but not so much.

 

Using forwards in this manner if the email address I used starts getting spammed I just delete the forward and the spam goes away with it.

[heyguy]

It takes less time to walk a client through setting up a POP account than it does to get your server off the blacklist. Not to mention that when you get a server blacklisted it affects more than just you. Just because something is possible and convenient doesn't mean it's a good idea. So be a good neighbor, and don't forward spam.

[abinidi]

Is it even possible to submit a feature request with cPanel to request that forwarding mail have Spam Assassin rules applied BEFORE being forwarded? It seems that would save a lot of trouble...

[TCH-Don]

Spam Assassin still misses a lot of spam so some would still be forwarded.

That why like Bruce I forward to my domain and POP it.

 

On a side note,

since I set the default address to :fail:

and use forwards to my real account, my spam has dropped to almost none.

[TCH-Bruce]

Is it even possible to submit a feature request with cPanel to request that forwarding mail have Spam Assassin rules applied BEFORE being forwarded? It seems that would save a lot of trouble...

Even if it were a possibility I wouldn't want it. Why make the server process mail that's not even to be delivered? I don't see the reason to forward email to your ISP email account. All email clients allow you to set up multiple accounts. It's not difficult.

 

If you were using Thunderbird you can even have a different set of folders for each account. Much easier to manage. I have accounts for my ISP, Work and domains all coming into their own folders each time I pop.

[dawilson]

Thanks for the advice. Rules seem to be:

 

1. As far as possible, don't forward outside your own domain(s) and

2. Kill the spam using SpamAssassin before forwarding anything that you need to get to an ISP.

 

I will stick with POP accounts on the server for now (my mail client already checks 4 POP accounts so another one or two won't make a difference). Ironically, one of the main reasons I was forwarding to my Earthlink account was that it has a fabulous spam blocker and gave me great statistics on how much crud it was catching. SpamAssassin seems to do a pretty good job now, though, so perhaps this reason isn't valid any more.

 

Apologies if it really was my forwards that caused the problem. I'll post again when the block is lifted.

[TCH-Bruce]

Just to be clear.

 

If you forward to an off-site account Spam Assassin does not look at the mail. It just gets forwarded.

[salguod]

I too can no longer email to EarthLink from my domain. I'm on server123 and have less than 10 email accounts and no forwards outside my domain.

 

If it's true that "If yet to find an ISP with the ability to differentiate from actual SPAM and forwarded SPAM, nor want that likes it when their customers forward spam to them." I'd like to suggest that TCH no longer allow forwarding on shared servers to outside ISP's.

 

I now have to deal with not being able to contact folks on EarthLink for weeks I guess, likely due to someone else's forwarding.

[TCH-Bruce]

Did you report the problem to the help desk?

[JTD]

If I am not mistaken didn't AOL buy out Earthlink??? If they did that is probably the reason for all this. Everyone knows how AOL is about blocking stuff. You cannot even send email from a gmail account to earthlink or AOL now days. Me personally I wouldn't use either service if it was the last on earth. It might be a wise Idea to put a disclaimer on your site telling people who use earthlink or aol to get another email from someplace else if they want to receive email from you.

[salguod]

Did you report the problem to the help desk?

Yep, it's the second thing I did after emailing EarthLink. I did get a message from TCH that the issue was getting forwarded to the appropriate department, but otherwise no response yet from either (I don't expect much from Earthlink).

 

My point was that if it's known that these kind of email forwards can get a server blacklisted with many ISP's, it seems reasonable to prohibit their use on shared servers where one person's actions can effect many. On the other hand, I can appreciate TCH trying to give us all the features and flexibility possible.

[TCH-Bruce]

My question would be you bought a domain name, why are you forwarding that email to your ISP? I have several domain names and I forward nothing outside my domain.

[salguod]

My question would be you bought a domain name, why are you forwarding that email to your ISP? I have several domain names and I forward nothing outside my domain.

Me too.

[salguod]

FYI - My server is fine now. Never did hear back from Earthlink, not did the help desk. Emails just started going through again week or so ago.

[jacobh]

I agree with Paul, that I'd like to have Spam Assassin filter mails before forwarding.

 

I have fowards from one domain to another, because I have some users that don't want to check multiple email accounts.

[TCH-Bruce]

Really, how hard is it to add a second, third or how ever many servers to check for email in a mail client? These users are probably not even using an email client and using a web mail interface.

 

If they were using an email client they set it up once and it does all the checking for you in one place.

[click]

We aint got it; You don't need it.

 

Seriously though, I can see both sides of this. I'm sure the folks blacklisting servers (Earthlink, AOL, et al) would argue that even if the server isn't the original sender, forwarding still funnels all the spam from many accounts into their servers, which have to deal with the load regardless of who the original sender was.

 

Sending forwards through SpamAssassin would help tremendously, but that may be something that would have to be done by cPanel. I don't know.

[TCH-Bruce]

I believe it would be up to cPanel to make that change. But the question still would be why put an extra load onto the server to dump emails being forwarded off to another server?

 

The real issue is with the receiving server (destination server) not being able to distinguish or not wanting to distinguish the souce of the spam and just blackisting the server that forwarded the message on.

[erisande]

It isn't just his forwards causing him to be blacklisted from Earthlink. I found out that I am not receving email from my account either, and I do not forward my email.

 

I have tried to send an email from my website to my Earthlink account. It has not shown up in 1.5 hours. But I emailed another account, and it came through in less than 10 seconds.

 

Earthlink is blocking : naboo.tchmachines.com

 

Here is the header information for the successful email: (I have changed my real email with [myemailaddress.com]) Delivered-To: [myemailaddress.com]

Received: by 10.64.131.3 with SMTP id e3cs104512qbd;

Tue, 20 Feb 2007 18:30:13 -0800 (PST)

Received: by 10.65.137.5 with SMTP id p5mr12992957qbn.1172025013253;

Tue, 20 Feb 2007 18:30:13 -0800 (PST)

Return-Path: <nobody@naboo.tchmachines.com>

Received: from naboo.tchmachines.com (naboo.tchmachines.com [72.13.12.9])

by mx.google.com with ESMTP id q15si5457244qbq.2007.02.20.18.30.13;

Tue, 20 Feb 2007 18:30:13 -0800 (PST)

Received-SPF: pass (google.com: best guess record for domain of nobody@naboo.tchmachines.com designates 72.13.12.9 as permitted sender)

Received: from nobody by naboo.tchmachines.com with local (Exim 4.63)

(envelope-from <nobody@naboo.tchmachines.com>)

id 1HJhFE-0004kj-Ko

for [myemailaddress.com]; Tue, 20 Feb 2007 21:30:12 -0500

[jacobh]

I just had an idea... though I haven't tried it yet...

 

Instead of setting up a forward, set up an email filter rule to direct it to the new address. I think this way it happens after the Spam Assassin checking. I have some rules that redirect mail if Spam Assassin detects it as Spam, so I know that the filtering happens after the Spam Assasin checking.

 

I'm what determines the order of rules processing though. Does anyone know what determines the order rules are processed in?

[Madmanmcp]

I have some rules that redirect mail if Spam Assassin detects it as Spam, so I know that the filtering happens after the Spam Assasin checking.

 

Sorry but this will not work. The rules and filtering work only in your mail client and cannot forward or send mail back out.

[click]

Sorry but this will not work. The rules and filtering work only in your mail client and cannot forward or send mail back out.

 

I believe they're referring to the email filtering in cPanel, which looks like it is applied after SpamAssassin.

[jacobh]

I believe they're referring to the email filtering in cPanel, which looks like it is applied after SpamAssassin.

 

Yes, I am refering to the cPanel email filtering. It seems to work AFTER Spam Assassin, so the filtering can be based on SA detection. I have a rule set up to direct my spam to a certain address. Rules can also be set up to direct mail to a certain address to another address, though I'm not sure which rule would take presidence.

[Deverill]

My question would be you bought a domain name, why are you forwarding that email to your ISP?

 

Another reason would be as in my case. As a reseller I have a client for whom I do web design and hosting. He has AOL and refuses to change no matter what I say or tell him - even stuff he agrees with. So, the bottom line is that he won't change, AOL doesn't pop (AFAIK, unless they "recently" changed) and I have to forward customer emails to him. Unfortunately it's going to my main account and I hand-forward it via another email system.

 

I do like your idea of forwarding to a "master" account in-domain and then popping in from wherever I like. I'm currently forwarding to gmail (until they go crazy) just because I like their interface and it's web-accessible. I don't care for squirrel or horde much and gmail has calendars, etc and will only continue to expand. It works for now, I guess. If I do the forward to my reseller and pop that from Gmail it would be ok - definitely something I'm going to check into since it's probably only a matter of time before gmail starts blacklisting or we have to stop all TCH forwarding. It's a shame these darned spammers make it bad for the rest of us.

Edited February 23, 2007 by Deverill

[Guest ann_english]

Known spam Blocking might provide all the protection you need. And because it requires no action on your part, it's the easiest option. However, you might receive messages in your Inbox that you consider to be spam, even though spamBlocker hasn't classified them as junk email. If this occurs, you can activate Suspect Email Blocking.