Clash of the titans



  • Just had an email sent via gmail web mail bounced by the recipients ISP: 209.85.212.177 is listed in the dnsbl at sorbs.

    At first I thought that gmail had somehow passed my IP as part of the message, so quickly checked the mail server for open relay, etc. Nothing.

    Then I looked up the IP address:

    IPv4 address: 209.85.212.177

    Reverse DNS: mail-wi0-f177.google.com

    ...one of Google's mail servers. How can this happen!?

    I guess I am TRWTF for not looking up the address first, before panicking.

    Related WTF: This ISP (the recipient's) is notorious for blindly implementing anti-spam features without actually understanding them. At one stage, they were using SPF as a sole reason for rejecting mail (back when SPF was the silver bullet for UCE). This led to their mail servers rejecting email from their own hosted domains, so people on a hosted domain could send email to anywhere except other users on the same ISP. No matter how many times I tried explaining the problem to them, the reply was always "This is an anti-spam measure and we are serious about stopping spam." Go figure.



  • So what are we talking about?



  • He sent an e-mail via Gmail's web interface. It bounced, and the bounce reason was because it came from an IP address on a spam blacklist. At first he thought "wtf, is Gmail pretending to send from my ip address or something?", because clearly nobody would be stupid enough to blacklist Gmail, right? Nope, turns out that that particular Gmail server was actually blacklisted somehow.

    He then mentions a related WTF, in that a company implemented the incoming half of the spam silver bullet of the week without implementing the outgoing half. This meant that valid emails between servers owned by the company would get dropped as spam, because their outgoing mail servers could not validate themselves to the incoming mail servers.



  • Thank you for making sense of that! Now the only question that remains is what this has to do with Clash of the Titans.



  • @blakeyrat said:

    Thank you for making sense of that! Now the only question that remains is what this has to do with Clash of the Titans.
     

    I think one of the Titans is Google and the other one is Google.



  • That IP address is listed at SORBS. So isn't SORBS TRWTF?



  • TRWTF is the present participle of 'panic'.



  • @db2 said:

    TRWTF is the present participle of 'panic'.
     

    It's not a present participle, it's a gerund.



  • @Tacroy said:

    He sent an e-mail via Gmail's web interface. It bounced, and the bounce reason was because it came from an IP address on a spam blacklist. At first he thought "wtf, is Gmail pretending to send from my ip address or something?", because clearly nobody would be stupid enough to blacklist Gmail, right? Nope, turns out that that particular Gmail server was actually blacklisted somehow.
    Excellent explanation.  That's how it should have been posted in the first place.  LurkNoMore is fired and you are his new replacement.



  • We stumbled across the same problem.

    Sorbs sometimes adds Gmail's mail servers (because of their procedures for blocking), so its up to the sysadmins to add a rule specifically unblocking all Gmail servers :(



  • @morbiuswilters said:

    That IP address is listed at SORBS. So isn't SORBS TRWTF?

    Partly - GMAIL isn't an open relay, but does attract spammers using freemail accounts for bouncebacks.

    @Shinhan7 said:

    We stumbled across the same problem.

    Sorbs sometimes adds Gmail's mail servers (because of their procedures for blocking), so its up to the sysadmins to add a rule specifically unblocking all Gmail servers :(

    That. TRWTF is mail admins delegating responsibility out to a spamflagging system without taking at least some accountability for spam management.

    (yes, I learned that way also.)

     



  • @Cassidy said:

    @morbiuswilters said:

    That IP address is listed at SORBS. So isn't SORBS TRWTF?

    Partly - GMAIL isn't an open relay, but does attract spammers using freemail accounts for bouncebacks.

    @Shinhan7 said:

    We stumbled across the same problem.

    Sorbs
    sometimes adds Gmail's mail servers (because of their procedures for
    blocking), so its up to the sysadmins to add a rule specifically
    unblocking all Gmail servers :(

    That. TRWTF is mail admins delegating responsibility out to a spamflagging system without taking at least some accountability for spam management.

    (yes, I learned that way also.)

     

    Yes, free webmail sites can be used for spam but they're also used for large quantities of legitimate mail which is why RBLs should always exclude them. My point is that SORBS' procedure for adding servers is severely fucked if they are adding large webmail providers. As for your second comment.. wha? The whole reason RBLs exist is to help make mail admins lives easier. How is it the mail admins' fault that SORBS is apparently run by retards?



  • @morbiuswilters said:

    As for your second comment.. wha? The whole reason RBLs exist is to help make mail admins lives easier. How is it the mail admins' fault that SORBS is apparently run by retards?

    It's not the admins' fault that SORBS is run by retards... it's the admins' fault for deciding to use a service that's run by retards and trusting in it completely.

    I didn't add SORBS to my mailserver and then blame it for bouncing legit email - I take responsibility for whitelisting and addition/removal of SORBs is my point. I agree that RBLs make our lives easier, I just don't agree that a mail admin can delegate responsibility and not expect to manage the results in some way.



  • @Cassidy said:

    It's not the admins' fault that SORBS is run by retards... it's the admins' fault for deciding to use a service that's run by retards and trusting in it completely.

    True. I wouldn't use an RBL to block access, anyway, just use it to bump up the spam score.

    @Cassidy said:

    I agree that RBLs make our lives easier, I just don't agree that a mail admin can delegate responsibility and not expect to manage the results in some way.

    True, but SORBS' behavior in this example makes it almost useless. So there are 2 TRWTFs: SORBS and stupid admins who block based solely on SORBS.


  • ♿ (Parody)

    @morbiuswilters said:

    True, but SORBS' behavior in this example makes it almost useless. So there are 2 TRWTFs: SORBS and stupid admins who block based solely on SORBS

    Every time I see SORBS, I think morbs. It's especially confusing when morbs posts about SORBs.



  • @morbiuswilters said:

    So there are 2 TRWTFs: SORBS and stupid admins who block based solely on SORBS.

    That latter was the point I was tryin' to make, Homer!

    Didn't SORBS - at one point -  have an arsehole admin that added the email addresses of people who complained about their service? Or was that another RBL?



  • @Cassidy said:

    @morbiuswilters said:

    So there are 2 TRWTFs: SORBS and stupid admins who block based solely on SORBS.

    That latter was the point I was tryin' to make, Homer!

    Didn't SORBS - at one point -  have an arsehole admin that added the email addresses of people who complained about their service? Or was that another RBL?

    SORBS is awful. They block entire IP blocks if they get spam from any IP on it. They also used to require payment to be delisted, although I think they finally stopped that. SORBS is run by a lunatic asshole, basically.


Log in to reply