Airs – Ian Lance Taylor

Small E-mail Servers

I’ve run a small e-mail server at airs.com for many years, providing POP and forwarding services for friends and family. In the early days of the net several people found it useful to have a fixed e-mail address which they could forward to their ISP. Later on commercial services appeared, like pobox.com, and these days there are many options available.

The spam wars have made running a small e-mail server steadily harder. I’ve had to change a number of characteristics about the system over the years. One aspect that is difficult to change is that since the server forwards e-mail, in some cases it forwards spam which get through my own spam blockers. That spam is sometimes picked up by the system to which the e-mail is forwarded. When that happens, my server can be marked as a spam source.

When this has happened in the past, it’s been ISPs marking my server as a spam source, and they’ve always provided a way for me to tell them that my system is OK. This has always worked fine (it does require updating in the rare cases when I change the IP address of the server).

Recently I’ve been seeing something new: spam blocking networks which are shared by various recipient systems. What is interesting here is that these spam blocking networks make at least some of their money by charging people to send e-mail into their network. So, for example, returnpath.net decided to block e-mail from my server. They don’t provide any information about why they’ve done so, which makes it hard for me to fix the problem. I can enter the IP address to temporarily remove my server from their blacklist, which of course I have done. But what they really want to do is charge me $200 to have my server listed as a valid e-mail sender. Shortly after signing up with them for the sole purpose of removing my server from their blacklist, I got an e-mail from one of their sales reps offering to sell me their services to ensure that my e-mail messages got delivered. So far I have declined to pay, and some of my e-mail, e.g., to John Levine’s compilers list, is getting blocked.

In other words, what we have here is a spam blocking network which makes money by charging people to send e-mail messages through their spam blocking services. It’s an interesting little low-key protection racket. They have to keep it low-key, since they have to provide a decent quality spam blocking service; otherwise, people won’t use them and they will have nothing to sell to e-mail senders. They have to limit the spamminess of their customers, since otherwise, again, people won’t use their blacklist and they will have nothing to sell. Unfortunately, small e-mail servers like the one I run are caught in the middle. I can hardly pay off every spam blocking service. I don’t want to have to pay off any of them, merely to run a forwarding service.

I’m sure things will change again, but the current situation is not a very good one.

Posted

in

by

Ian Lance Taylor

Tags:

Comments

13 responses to “Small E-mail Servers”

  1. esm Avatar
    esm

    Spend any time at all the email industry, and you’ll find that ReturnPath isn’t all that low-key about being a protection racket, in the guise of spam prevention and reputation monitoring. You’ll be hard-pressed to find any major email service provider (legitimate operations; mailing list management companies, “transactional” messaging, etc) that doesn’t end up getting into bed with them out of pure necessity; just look for the “SenderScore Certified” logo on most commercial list manager home pages, or even on mailbox providers’ postmaster information pages (MSN and Yahoo, in particular, will send you their way after telling you they’ve blocked your email).

    It’s a shame to see J.D. Falk’s name associated with that, given how important he’s been over the years to the anti-spam world. At least ReturnPath isn’t alone; there’s plenty of reputation services ready to take your money (EmailReg is the service “offered” by Barracuda Networks).

    RP seems to provide quite a lot less information on their “SenderScore” reputation value than they used to without creating an account, from what I can see. That’s unfortunate; they used to have at least the pretense of transparency. Low scores often correlated to volume; low volume senders typically got punished. (Full disclosure: I’ve been away from that line of business for quite a while now, and things always change.)

    Depending on the recipient (Yahoo, MSN, Excite, etc. in particular), SPF can actually help with deliverability, and is a pretty straightforward exercise to set up since you’re routing all your outgoing email through a known location. Things like DomainKeys/DKIM can help as well (with Yahoo, in particular; big surprise :)), but can be thoroughly a pain in the arse to set up. Anything you can do to improve deliverability at the larger email providers will typically improve your SenderScore, for what that might be worth to you.

    Despite 15 years of working directly on this kind of stuff in my day jobs (on both sides of the problem), a year or so I finally gave up dealing with the headaches personally, and moved the personal mail server that I’d operated for every one of those 15 years to Google Apps, to let those guys deal with the deliverability issues. It’s just not worth the hassle anymore for my personal email. 🙁

  2. Ian Lance Taylor Avatar
    Ian Lance Taylor

    Thanks for the comment. I’ve run into emailreg as well. I set up an SPF record; perhaps it will help. I haven’t looked into DomainKeys.

  3. jm Avatar
    jm

    I started having spam-blocking problems a few years ago on the email service I manage for a nonprofit organization, which is on the same server as my main email account.

    My solution was to disallow the forwarding of email to Yahoo, MSN or Hotmail. Forwarding to Gmail seems to be OK. I initially banned Gmail also, but people begged, so I allowed forwarding to Gmail again.

    This has worked great for me. In fact I don’t recall a single blocked-email complaint since having this policy.

  4. Ian Lance Taylor Avatar
    Ian Lance Taylor

    That’s an interesting scheme. I wonder if pushing people to gmail would seem too self-serving.

  5. jm Avatar
    jm

    I don’t think it would seem too self serving, as there is a good reason for it. It is hard for people though, since they become very attached to their old email addresses which they have had for a long time.

    Which reminds me, I forgot AOL. Forwarding to AOL accounts causes problems also.

  6. jdfalk Avatar
    jdfalk

    So much here, it’s hard to know where to start.

    First, I’m sorry to hear you’re having problems. From the context, I’m assuming the problem must have something to do with one of the few sites who use Return Path’s Reputation Network Blacklist, or RNBL. Femoval from the RNBL is free, as of course it should be. Just put your IP into https://www.senderscore.org/blacklistlookup/ and click a few buttons. You don’t even have to register.

    We put immense effort into keeping the Certified whitelist program entirely separate. Paying to be certified will NOT automatically get you off the blacklist, so these “protection racket” accusations are just silly. Instead, it’s all data-driven: if your IP meets the blacklist criteria, there’s absolutely no way it’ll meet the certification criteria — and vice versa.

    As I’m sure you know, Return Path does not have the power to block your mail. We can’t force anyone to use our blacklist, and wouldn’t want to. Only a handful of sites use it for blocking, though it does contribute to SpamAssassin scoring.

    As for the overzealous salesperson: there’s no excuse. Send me a copy of all correspondence, and I’ll talk to their boss.

    Now, ESM, it’s hard to respond politely to the “shame” of my association with Return Path. Perhaps you’d care to re-phrase?

    The information provided for free on senderscore.org is the same as it’s been since the site was first launched. You can see more if you register, but the part visible to non-registered users is the same as always.

    You’re also wrong about SPF and DKIM (nobody cares about DomainKeys anymore.) Those technologies are intended to prevent phishing; they have nothing to do with spam, and very little to do with “deliverability” — which certainly isn’t to say that they’re not good things to do.

    JM, forwarding is a tough one. I’d probably have done the same thing you did. MAAWG has a document with some advice: http://www.maawg.org/sites/maawg/files/news/MAAWG_Email_Forwarding_BP.pdf

    Ian, it really does suck to have to deal with spam’s aftermath, no matter how big or small your site may be. Your anger is entirely understandable, but I’m sure that once you think it through a bit more, you’ll be able to point blame where it actually belongs.

  7. jdfalk Avatar
    jdfalk

    (P.S.: sometimes I miss UUCP…but not often.)

  8. Ian Lance Taylor Avatar
    Ian Lance Taylor

    jdfalk: Thanks for the comment.

    I did remove my IP address from the blacklist. From my understanding of the web page, that would only be temporary. So I did sign up for returnpath.org in order to try to figure out how to avoid problems in the future. I did not have a great deal of luck in that. I could not get any information on why my address wound up on the blacklist, which made it very difficult to cure the problem.

    Even after removing my IP address from the blacklist, my server continued to be blocked by a couple of sites, notably hotmail.com and iecc.com. I don’t know why. My “senderpath” score is now up to 95, so perhaps things are better; I haven’t had occasion to send e-mail to those sites in the last week (I was on vacation).

    Spam is obviously a serious problem with no good solution. And indeed the very worst problem of spam is the way that efforts to stop spam wind up blocking non-spam e-mail. That is, for practical purposes, the collateral damage of spam blocking is actually worse than the effects of spam itself. While the spammers are obviously the root of the problem, over-zealous spam blocking is a problem in and of itself.

    My uninformed opinion is that we’ve gone as far as we can in stopping spam on the supply side, which is to say in raising the cost of spam. I think more work can be done on the demand side: if we can reduce the benefits of sending spam, we will tend to reduce the number of spammers. Efforts to reduce benefits would involve forming coalitions of domain registrars, root domain name servers, ISPs, and mail providers to be able to very quickly block access to sites seeking to benefit by sending out spam messages. There is of course a danger of false positives there too, so again efforts have to be done in a balanced and informed manner.

  9. Ian Lance Taylor Avatar
    Ian Lance Taylor

    iecc.com is still blocking my e-mail. Sigh.

  10. jdfalk Avatar
    jdfalk

    Hotmail doesn’t use our blacklist. Not sure about IECC; the admin there is generally rational, but also fairly strict about blocking.

  11. jrlevine Avatar
    jrlevine

    Yes, I use RP’s blacklist, but if it’s blocking you it’s the first FP I’ve ever heard of. Tell me what your IP address is and I’ll see what’s going on.

    I note that you appear to be using Postini for your mail. That may be the problem–I’ve had to block mail from several of their outbounds because of the large amount of spam they send.

  12. Ian Lance Taylor Avatar
    Ian Lance Taylor

    jdfalk: The hotmail bounce message sent me to http://postmaster.msn.com/FAQ.aspx which states that they partner with Return Path, Inc. Perhaps they don’t use your blacklist, but there does seem to be some relationship.

    jrlevine: Thanks. Bounce message sent separately. I don’t use Postini for outgoing mail, only for incoming. My outgoing server is yosemite.airs.com, 64.13.131.148.

  13. jdfalk Avatar
    jdfalk

    Yes, Microsoft uses Return Path Certified (our whitelist, which is entirely separate from the blacklist.)

Leave a Reply