Under the Filter

Spamhaus $11 million fine thrown out

http://www.virusbtn.com/news/2007/09_07a.xml?rss=

The case was first brought last autumn, and after initially challenging the charges Spamhaus withdrew from the case, as the US court in which it was brought had no jurisdiction over the organisation’s UK-based operation. e360 was thus granted a default ruling in its favour, with the $11.7 million fine called for based on its own uncontested evaluation of the damage caused by Spamhaus filtering out its mails. The spam fighting organisation was also ordered to apologise publicly and to remove e360 from its ‘ROKSO’ list of known spammers in perpetuity - another ruling whose legality has been questioned by the appeal court.

The appeal court ruling still grants 360 the case, due to Spamhaus’ refusal to contest it, but has passed the settlement award back to the lower court to be analysed more closely. Spamhaus continues to include e360 on its list of spammers, and has suggested e360 brings the case to a UK court, where its activities would fall under stricter anti-spam laws. Attempts by e360 to have Spamhaus’s domain registration revoked have been ignored by US courts.

A Wired.com blogger looks into the case in more detail here, and carries a full copy of the latest ruling (in PDF format) here.

07 September 2007

Hi All

 

As you know it’s  now very important to comply to all e-mail internet standards if you want your eMail to be accepted by e-mail security solutions and large provider

 

 

SPF records (TXT records) known as Sender Policy FrameWork http://www.openspf.org/

This very important DNS record confirm from wich IP addresses eMail from something@yourdomain.com may originate.

 

It helps detect e-mail address forgery (i.e. My e-mail address is user@domain.com and I’m sending an e-mail message as if I was user@yourdomain.com.

 

Imagine that I pretend I’m you@yourdomain.com and send 3 millions e-mail messages Smile, and that most of those eMail are sent to invalid addresses. To whom you think the NDR will come back…? You!

 

You must be very carefull if some of your remote user don’t send e-mail from the main office (let’s say some ISP smtp server), then ISP mail server must be included in your SPF. If every e-mail are sent from your main office from a single IP, then it’s really easy. One way to avoid having to deal with ISP smtp servers is to use VPN connections or SMTP-AUTH for roaming users.

 

http://www.mtgsy.net/dns/spfwizard.php is one tool I found (one ISP tool) that is easy to use.

  

PTR records/ Reverse DNS records

More and more e-mail servers are doing a reverse lookup of the sending e-mail server. When you don’t have a PTR record or have a generic one (like isp-pool-adsl10-90-122-32, then they could refuse the e-mail (SMTP) communication, or consider the message as spam.

 

The Hosting or ISP providing the IP address is responsible for setting PTR records. So you should request them something like :

 

Please create a PTR record for us :

IP address: 209.200.200.256 match mail.ourcompany.com (fictive address, doesn’t even exist)

  

(HELO / EHLO)

 When you set up an e-mail Server, it often takes a default name for the HELO greeting. Basically when your e-mail server talk to another e-mail server, it is saying : Helo, I am mail.ourcompany.com 

Some hosting company or security solution could refuse to communicate with you or consider e-mail from your server as spam if the HELO do not match the reverse DNS, or if it doesn’t make sense.

 

Example : most Microsoft IT people, when they install an Exchange server in a Windows Active directory environment, forget to set the HELO greeting so the SMTP Banner end up being ’servername.domain.local’. This is not a routable internet FQDN (and an HELO greeting should be).

 

So to avoid any problems, make sure the HELO also matches the A records & reverse DNS (PTR) of that machine.

 

So, in our example, to be compliant:

 

IP address: 209.200.200.256

HELO: mail.ourcompany.com

PTR record for 209.200.200.256: mail.ourcompany.com A record for mail.ourcompany.com -> 209.200.200.256

 

Any comments are welcome