nanog mailing list archives

Re: Recovering from spam resulting from compromised account

From: Jimmy Hess <mysidia () gmail com>
Date: Sat, 24 Nov 2012 19:57:30 -0600

On 11/21/12, Suresh Ramasubramanian <ops.lists () gmail com> wrote:

Wait it out as in - you had better examine your mail queues and purge them
of any of the spam that was sent and is still queued up.

It'll still take a day or two after that's done for the blocks to subside.


The majority of blocking should in most cases, eventually clear up
after spamming stops, and you can work out delisting with the common
RBLs, using URLs in the bounce response;   the general rule is 72
hours, after there is a complete stoppage of bad traffic, and you
completed these steps:  you wipe all bad messages from queues, make
certain spam has completely stopped,  ensure dilligent 24 hour
monitoring,  and then proper delisting is requested from any common
blocklists that a lookup was available on.

It may be impossible for you to clean out some blocklist entries, or
you may have a limited number of "reset requests" available, that take
effect after 24+ hours,  E.g.  CSI.

For some blocklists,  entries autoexpire after 7 days or longer and
don't take manual requests, or some blocklists require a fee for
delisting requests,  and blocklist entries might otherwise be
permanent.    You can inspect bounces and raise the issues with
blocking providers on a case-by-case basis;   it is unlikely  you
reach someone at Google or Yahoo who will manually intervene.


You can also lookup various Hosted spam filtering services,  there are
some large trusted providers, that will provide an outgoing spam
filtering  option,  by using their servers as a smarthost,  you
offload mail deliverability issues to your service provider;  in
exchange, inbound/outbound spam filtering services typically charge
something  such as $12/mailbox.


Changing your outgoing IP address of SMTP mail to your service
providers,  or  rerouting mail towards servers blocking you, through a
different local mail relay,  may provide a temporary quick fix that is
faster than waiting a few days until "spam extermination",
on your current mail server is fully acknowledged.

On Thu, Nov 22, 2012 at 7:59 AM, Dave Sotnick
<sotnickd-nanog () ddv com>wrote:

Thanks Matthew. Sadly, most of the bounce responses have URLs that
point you to a help page that doesn't have further contact information
or just tells you to wait it out.


--
-JH

Current thread:

Recovering from spam resulting from compromised account Dave Sotnick (Nov 21)
- Re: Recovering from spam resulting from compromised account Suresh Ramasubramanian (Nov 21)
- Re: Recovering from spam resulting from compromised account Matthew Barr (Nov 24)
  - Re: Recovering from spam resulting from compromised account Dave Sotnick (Nov 21)
    - Re: Recovering from spam resulting from compromised account Andrew Jones (Nov 21)
    - Re: Recovering from spam resulting from compromised account Suresh Ramasubramanian (Nov 21)
    - Re: Recovering from spam resulting from compromised account Jimmy Hess (Nov 24)
- Re: Recovering from spam resulting from compromised account Dave Sotnick (Nov 30)