|
Post by mrclondon on Nov 16, 2014 22:55:50 GMT
As regular readers of this board (and that of SavingStream in recent times) will know, I'm unable to receive emails from ablrate who have confirmed they are being bounced back by my ISP, plusnet, marked as spam. The discussion on this issue is getting split across multiple threads and boards, so I'm starting a new thread to pull everything related to ablrate emails together in one place. We have a dedicated server with Rackspace, we have a paid-for secure email infrastructure with Rackspace, we route our emails through Sendgrid (who proactively monitor the IP neighborhoods) and spam score each email that goes out. Unfortunately there are a few (not all, bizarrely enough) Plusnet customers whose email reject. We have been reviewing the tech infrastructure recently for a planned expansion so reading this thread has given us some great feedback for the development team, thanks. Regards Ablrate Just to clarify the plusnet email filtering is working as designed. There are multiple levels of filtering, each an external service that plusnet pays handsomely for. The first level is before the whitelist, and bounces back to the sender all emails from IP addresses that are known to be used by spammers. SS have confirmed they are receiving bounceback from plusnet against my email address with "spam" as the reason. This reduces the processing load considerably, and protects the plusnet infrastructure from the almost denial of service level of spamming that happens occaisonally (as per overnight 13th/14th Nov). The downside is I can't receive any email from organisations that use email hosting companies (such as Amazon Web Services) that are perpetually flagged as being used by spammers. If an email passes that first test at plusnet, the whitelist is processed. If it is on the whitelist it heads straight to the inbox. Otherwise further checks are done, some as part of the standard plusnet email package, others are paid for extra subscription checks. There is also a configurable option as to how agressive you want the spam filter to be, I have it set at the lowest. These checks assess the probability of a given email being spam, and route to various configurable spam folders (depending on the extra subscription(s) paid for). By cross checking with multiple spam filters, the problem RR referred to of good emails being falsely marked as spam is diminished, and anything that does end up in my spam folder is almost certainly spam. Only the first check bounces emails back to sender, all subsequent checks will deliver the email to a folder somewhere. And quite honestly I simply don't want to receive emails from IP addresses used by spammers, so for me the plusnet email service is indeed impressive. < SS specific comment removed>. If you take a look at www.mailingmanager.co.uk/pricing-monthly.php which is just one UK based email service I picked at random from a google search, and scroll down the pice list, you'll see tht it is possible to pay for a dedicted IP address for mailings. This can then be communicated to (for example) Cisco / Senderbase.org <SS specific comment removed> I'll post further analysis of ablrate's email service shortly.
|
|
|
Post by mrclondon on Nov 16, 2014 23:12:30 GMT
From the plusnet email config help notes "With spam filtering turned on, emails sent from mailservers with a bad SenderBase reputation will be rejected and bounced back to the sender. " So lets look at ablrate on senderbase.org and this shows they have access to two mail servers, mx1.emailsrvr.com and mx2.emailsrvr.com . Both are hosted in the USA. The first is registered to "Quality Investment Properties Sacramento, LLC" and scrolling down the bottom of that web page we see that this mailserver is being used by a spammer. Not to mention someone has possibly hacked the routing of this mail server given the registered owner isn't being shown as rackspace whom both ablrate and common sense would claim to be the owner. The second is registered to "Rackspace Hosting" as would be expected. I'm at the limit of my technical comfort zone here, so I'm hoping others can jump in and correct my logic as required. I can see no evidence that ablrate have their own dedicated IP address for email delivery - so there is nothing that can be whitelisted. My suspicion is there is nothing to distinguish a ablrate email from that of the known spammer on that first mailserver, so the ablrate email has to be assumed as spam. Now lets compare and contrast with assetz capital on senderbase.org whom I consider to be pretty much on top of IT matters. This shows two mail servers cust32688-1.in.mailcontrol.com and cust32688-2.in.mailcontrol.com , each with a dedicated IP address and hosted in the UK. Scroll down the page for these mail servers, and we find there is only one user of these mail servers (i.e. Assetz Capital ). This represents best practise in my opinion, and is why some of my comments of a few weeks / months ago suggested that I felt ablrate were some considerable way off that target.
|
|
|
Post by ablrate on Nov 17, 2014 8:28:14 GMT
From the plusnet email config help notes "With spam filtering turned on, emails sent from mailservers with a bad SenderBase reputation will be rejected and bounced back to the sender. " So lets look at ablrate on senderbase.org and this shows they have access to two mail servers, mx1.emailsrvr.com and mx2.emailsrvr.com . Both are hosted in the USA. The first is registered to "Quality Investment Properties Sacramento, LLC" and scrolling down the bottom of that web page we see that this mailserver is being used by a spammer. Not to mention someone has possibly hacked the routing of this mail server given the registered owner isn't being shown as rackspace whom both ablrate and common sense would claim to be the owner. The second is registered to "Rackspace Hosting" as would be expected. I'm at the limit of my technical comfort zone here, so I'm hoping others can jump in and correct my logic as required. I can see no evidence that ablrate have their own dedicated IP address for email delivery - so there is nothing that can be whitelisted. My suspicion is there is nothing to distinguish a ablrate email from that of the known spammer on that first mailserver, so the ablrate email has to be assumed as spam. Now lets compare and contrast with assetz capital on senderbase.org whom I consider to be pretty much on top of IT matters. This shows two mail servers cust32688-1.in.mailcontrol.com and cust32688-2.in.mailcontrol.com , each with a dedicated IP address and hosted in the UK. Scroll down the page for these mail servers, and we find there is only one user of these mail servers (i.e. Assetz Capital ). This represents best practise in my opinion, and is why some of my comments of a few weeks / months ago suggested that I felt ablrate were some considerable way off that target. Hi I just spoke to Rackspace. Firstly I do think it is a little over the top to be talking about us being hacked, but I guess we do like a little drama on here. I can categorically say we have not been hacked and Rackspace are not sure that the information being outputted by Sendbase is correct and believe it may have something to do with Sendgrid, where we route the mails. Regardless, we will get to the bottom of this today and if there is anything less than what expected from our Rackspace email system, it will be fixed. Thanks for your feedback. Regards Ablrate
|
|
bugs4me
Member of DD Central
Posts: 1,841
Likes: 1,466
|
Post by bugs4me on Nov 17, 2014 9:38:34 GMT
From the plusnet email config help notes "With spam filtering turned on, emails sent from mailservers with a bad SenderBase reputation will be rejected and bounced back to the sender. " So lets look at ablrate on senderbase.org and this shows they have access to two mail servers, mx1.emailsrvr.com and mx2.emailsrvr.com . Both are hosted in the USA. The first is registered to "Quality Investment Properties Sacramento, LLC" and scrolling down the bottom of that web page we see that this mailserver is being used by a spammer. Not to mention someone has possibly hacked the routing of this mail server given the registered owner isn't being shown as rackspace whom both ablrate and common sense would claim to be the owner. The second is registered to "Rackspace Hosting" as would be expected. I'm at the limit of my technical comfort zone here, so I'm hoping others can jump in and correct my logic as required. I can see no evidence that ablrate have their own dedicated IP address for email delivery - so there is nothing that can be whitelisted. My suspicion is there is nothing to distinguish a ablrate email from that of the known spammer on that first mailserver, so the ablrate email has to be assumed as spam. Now lets compare and contrast with assetz capital on senderbase.org whom I consider to be pretty much on top of IT matters. This shows two mail servers cust32688-1.in.mailcontrol.com and cust32688-2.in.mailcontrol.com , each with a dedicated IP address and hosted in the UK. Scroll down the page for these mail servers, and we find there is only one user of these mail servers (i.e. Assetz Capital ). This represents best practise in my opinion, and is why some of my comments of a few weeks / months ago suggested that I felt ablrate were some considerable way off that target. I think you've hit the nail on the head. Apart from the fact that all e-mail servers in my experience can be hacked to a certain extent, the comment - '....with a bad SenderBase reputation....' does not automatically imply that the e-mail itself is spam just that it supposedly originates from an undesirable source. Hence I never trust server based spam interceptors as they can and do reject valid mail so my spam filters at the server are turned off and I prefer to rely upon my e-mail client to do the work although that sometimes gets things wrong. It's irrelevant in my experience which anti-virus program you use, none of them are 100% accurate. At least though it puts the mail into a spam box so it can be marked as 'not spam' so future mail is delivered to the inbox.
|
|
|
Post by batchoy on Nov 17, 2014 10:59:03 GMT
From the plusnet email config help notes "With spam filtering turned on, emails sent from mailservers with a bad SenderBase reputation will be rejected and bounced back to the sender. " So lets look at ablrate on senderbase.org and this shows they have access to two mail servers, mx1.emailsrvr.com and mx2.emailsrvr.com . Both are hosted in the USA. The first is registered to "Quality Investment Properties Sacramento, LLC" and scrolling down the bottom of that web page we see that this mailserver is being used by a spammer. Not to mention someone has possibly hacked the routing of this mail server given the registered owner isn't being shown as rackspace whom both ablrate and common sense would claim to be the owner. The second is registered to "Rackspace Hosting" as would be expected. I'm at the limit of my technical comfort zone here, so I'm hoping others can jump in and correct my logic as required. I can see no evidence that ablrate have their own dedicated IP address for email delivery - so there is nothing that can be whitelisted. My suspicion is there is nothing to distinguish a ablrate email from that of the known spammer on that first mailserver, so the ablrate email has to be assumed as spam. Now lets compare and contrast with assetz capital on senderbase.org whom I consider to be pretty much on top of IT matters. This shows two mail servers cust32688-1.in.mailcontrol.com and cust32688-2.in.mailcontrol.com , each with a dedicated IP address and hosted in the UK. Scroll down the page for these mail servers, and we find there is only one user of these mail servers (i.e. Assetz Capital ). This represents best practise in my opinion, and is why some of my comments of a few weeks / months ago suggested that I felt ablrate were some considerable way off that target. I think you've hit the nail on the head. Apart from the fact that all e-mail servers in my experience can be hacked to a certain extent, the comment - '....with a bad SenderBase reputation....' does not automatically imply that the e-mail itself is spam just that it supposedly originates from an undesirable source. Hence I never trust server based spam interceptors as they can and do reject valid mail so my spam filters at the server are turned off and I prefer to rely upon my e-mail client to do the work although that sometimes gets things wrong. It's irrelevant in my experience which anti-virus program you use, none of them are 100% accurate. At least though it puts the mail into a spam box so it can be marked as 'not spam' so future mail is delivered to the inbox. What you use very much depends on the amount of traffic you are getting and the the risk of false positives. Looking at this mornings fairly typical statistics for last weeks incoming email traffic for the domains I manage: 56% of the incoming emails were rejected as coming from known sources of spam before they even hit the any of the filters and lists, 2% were rejected due to virus load, 0.1% were rejected by company wide blacklists, 13% went in to quarantine for manual review and the remaining 29% were delivered to the internal email servers. At this point a further 5% were rejected due to questionable attachments leaving just 24% of emails directed to the domains actually being delivered user in boxes. For me personally looking at the externally quarantined emails <0.1% is ever released (false positives) and of the emails that are delivered to my inbox about 60% is automatically routed to my junk folders, and I am adding 3-4 new sources to the junk folder blocklist everyday. In terms of the false positives we see where mail is immediately rejected, bounced back to the sender and the sender contacts us, it goes in phases and sometimes we can see a lot if a particular service has been blacklisted, but typically I get three or four reports a month or about 0.003% of emails addressed to the domains.
|
|
|
Post by mrclondon on Nov 18, 2014 20:49:27 GMT
Rackspace are not sure that the information being outputted by Sendbase is correct and believe it may have something to do with Sendgrid, where we route the mails. Regardless, we will get to the bottom of this today and if there is anything less than what expected from our Rackspace email system, it will be fixed. Thanks for your feedback. Regards Ablrate In trying to understand the implications behind what you've been told by rackspace which doesn't make a lot of sense since you were reporting issues with their mailservers, I've spotted another less than desirable aspect of your web infrastructure, which may be related to your email delivery problem. Could you explain why a UK regulated financial services company feels the need to hide its domain behind an anonymous proxy registrar, another tactic adopted by spammers. who.godaddy.com/whoisstd.aspx?domain=ablrate.comThere seems nothing out on the web that ties ablrate.com back to a UK based company, reputable or otherwise. What are you trying to hide ? And for the record I wasn't suggesting you, ablrate, have been hacked. What I was suggesting was that the mail server owned by rackspace that you share with a known spammer may have been hacked.
|
|
|
Post by ablrate on Nov 19, 2014 10:16:48 GMT
Rackspace are not sure that the information being outputted by Sendbase is correct and believe it may have something to do with Sendgrid, where we route the mails. Regardless, we will get to the bottom of this today and if there is anything less than what expected from our Rackspace email system, it will be fixed. Thanks for your feedback. Regards Ablrate In trying to understand the implications behind what you've been told by rackspace which doesn't make a lot of sense since you were reporting issues with their mailservers, I've spotted another less than desirable aspect of your web infrastructure, which may be related to your email delivery problem. Could you explain why a UK regulated financial services company feels the need to hide its domain behind an anonymous proxy registrar, another tactic adopted by spammers. There seems nothing out on the web that ties ablrate.com back to a UK based company, reputable or otherwise. What are you trying to hide ? And for the record I wasn't suggesting you, ablrate, have been hacked. What I was suggesting was that the mail server owned by rackspace that you share with a known spammer may have been hacked. Hi Thanks very much for you feedback, we have given the issue to Rackspace and the developers and they will be letting us know the score very shortly. The only outcome will be that should Rackspace have set up the email incorrectly, it will be fixed. As you will be fully aware, it would be utterly impossible to have an FCA license and not a UK company. There is nothing sinister about a privately held domain name. At the time of registration, we had no idea whether we were actually going to build a platform. Thanks for you Regards Ablrate
|
|
|
Post by ablrate on Dec 1, 2014 16:56:21 GMT
Hi All
We reviewed the whole email system in view of the plusnet situation and the confusion over this 'Quality Investment Properties' name on one of the email servers. Basically that name was part of the network ownership which Rackspace use, however, we were not happy about the fact that the emails were not running through our dedicated server as we had requested. We then reviewed what options were available, such as Microsoft Exchange etc. It is a great solution but sill has vulnerabilities and mostly from a 'pilot error' point of view.
So we decided to use Google Enterprise for the email backbone which is a paid for service specifically for business. As anyone with Gmail will know, there are multiple monitors on the system such as 'suspicious logins' being blocked - even if they have the right password and many other features which are excellent for business users. Cost is not a particular feature here, and Google Enterprise is a paid for service, it was more about having multiple emails with multiple levels of security - and using the infrastructure of the biggest internet firm on the planet seemed like a good solution.
We have changed everything today and servers should propagate over the next 24 hours, although testing done so far has shown it working perfectly. We are addressing next the system emails and the Plusnet issue. If, as we suspect, that certain spam filters are looking up the root MX records regardless of where the email has been routed, then this should solve it - if it doesn't then we will be addressing the issue further with our third party routing provider.
Regards Ablrate
|
|
|
Post by mrclondon on Dec 1, 2014 18:13:10 GMT
Many thanks ablrate for your latest update on this issue. By co-incidence I have spent some time today trying to understand why plusnet have bounced an email from a sender with no obvious issues with their mailserver. I have documented my findings in a thread on the chat board , in brief the spam filter is not working as per the documentation supplied by plusnet. Although a sample SS email is still being flagged as spam I can now route it through to my inbox. When you have everything in place it is probably worth sending a newsletter out to all registered users.
|
|
|
Post by ablrate on Dec 1, 2014 21:23:23 GMT
Many thanks ablrate for your latest update on this issue. By co-incidence I have spent some time today trying to understand why plusnet have bounced an email from a sender with no obvious issues with their mailserver. I have documented my findings in a thread on the chat board , in brief the spam filter is not working as per the documentation supplied by plusnet. Although a sample SS email is still being flagged as spam I can now route it through to my inbox. When you have everything in place it is probably worth sending a newsletter out to all registered users. Thank mrclondon We are just waiting until we know the mx records have propagated everywhere and we will updae - hopefully you get that one, or our routing partners are the next target! Thanks for your efforts to highlight this, much appreciated. Regards Ablrate
|
|