nanog mailing list archives
Re: Recovering from spam resulting from compromised account
From: Suresh Ramasubramanian <ops.lists () gmail com>
Date: Thu, 22 Nov 2012 07:31:59 +0530
So - 1. backscatterer and spamcannibal are obscure blocklists nobody ever uses. Spamcannibal is actually quite reasonable about removals if you declare the issue fixed 2. Gmail, comcast etc have their own blocklist removal procedures - based on you contacting their postmaster teams. postmaster.comcast.net, etc etc. 3. MXToolbox is merely a search engine for various publicly available blocklists. Gmail etc blocks wont show up there because those dont get exposed outside the provider's servers .. if you get listed on gmail you know because you see your mail bounced or bulk foldered. --srs On Thu, Nov 22, 2012 at 7:23 AM, Dave Sotnick <sotnickd-nanog () ddv com>wrote:
Hello, oh knowledgeable NANOG. I am the technical lead for network for Pixar. (Note: I am not the mail admin, he's on vacation.) Yesterday we had an account compromise that resulted in ~2.5M messages being sent through our two MTAs. I have acknowledged/closed the two SpamCop incidents, and mail is starting to flow, slowly, however we are still receiving bounces (some hard!) and I am looking for assistance in getting Pixar's IPs cleared from the blacklists. I was pointed to: http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a12.25.180.66 http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a12.25.180.94 Which shows we're still listed on Backscatterer and SPAM Cannibal. Also had reports that we're still seeing bounces to Gmail, Comcast and Yahoo accounts. What can we do to speed things along? We have a ticket open with Gmail folks since we have a studio who uses Gmail for Corporate mail. Any Comcast or Gmail SMTP contacts on NANOG that can help? Would love to get all out stuck mail out of these folks' MTAs. Or do we need to just remove ourselves from the last two blacklists at mxtoolbox? Thanks, David Sotnick -- Pixar Emeryville, CA
-- Suresh Ramasubramanian (ops.lists () gmail com)
Current thread:
- Recovering from spam resulting from compromised account Dave Sotnick (Nov 21)
- Re: Recovering from spam resulting from compromised account Suresh Ramasubramanian (Nov 21)
- Re: Recovering from spam resulting from compromised account Matthew Barr (Nov 24)
- Re: Recovering from spam resulting from compromised account Dave Sotnick (Nov 21)
- Re: Recovering from spam resulting from compromised account Andrew Jones (Nov 21)
- Re: Recovering from spam resulting from compromised account Suresh Ramasubramanian (Nov 21)
- Re: Recovering from spam resulting from compromised account Jimmy Hess (Nov 24)
- Re: Recovering from spam resulting from compromised account Dave Sotnick (Nov 21)
- Re: Recovering from spam resulting from compromised account Dave Sotnick (Nov 30)