[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Recovering from spam resulting from compromised account



So -

1. backscatterer and spamcannibal are obscure blocklists nobody ever uses.
Spamcannibal is actually quite reasonable about removals if you declare the
issue fixed

2. Gmail, comcast etc have their own blocklist removal procedures - based
on you contacting their postmaster teams.  postmaster.comcast.net, etc etc.

3. MXToolbox is merely a search engine for various publicly available
blocklists.  Gmail etc blocks wont show up there because those dont get
exposed outside the provider's servers .. if you get listed on gmail you
know because you see your mail bounced or bulk foldered.

--srs


On Thu, Nov 22, 2012 at 7:23 AM, Dave Sotnick <sotnickd-nanog at ddv.com>wrote:

> Hello, oh knowledgeable NANOG.
>
> I am the technical lead for network for Pixar. (Note: I am not the
> mail admin, he's on vacation.) Yesterday we had an account compromise
> that resulted in ~2.5M messages being sent through our two MTAs.
>
> I have acknowledged/closed the two SpamCop incidents, and mail is
> starting to flow, slowly, however we are still receiving bounces (some
> hard!) and I am looking for assistance in getting Pixar's IPs cleared
> from the blacklists.
>
> I was pointed to:
>
> http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a12.25.180.66
> http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a12.25.180.94
>
> Which shows we're still listed on Backscatterer and SPAM Cannibal.
>
> Also had reports that we're still seeing bounces to Gmail, Comcast and
> Yahoo accounts.
>
> What can we do to speed things along? We have a ticket open with Gmail
> folks since we have a studio who uses Gmail for Corporate mail. Any
> Comcast or Gmail SMTP contacts on NANOG that can help? Would love to
> get all out stuck mail out of these folks' MTAs.
>
> Or do we need to just remove ourselves from the last two blacklists at
> mxtoolbox?
>
> Thanks,
> David Sotnick
> --
> Pixar
> Emeryville, CA
>
>


-- 
Suresh Ramasubramanian (ops.lists at gmail.com)