Shared IP - Boon or Bane?

SyrenSong · #1 (**permalink**) 11-26-2003, 12:11 PM

I just got an email from a client stating that AOL intends to block their emails due to excessive bulk mailings.

The funny thing about this is this particular client doesn't do bulk mailings of any kind. They're a bunch of lawyers and the last thing they're going to do is participate in anything like that.

Add to that the fact that they're a school, so they only email registered and past students, and their instructors.

The email from AOL (in part) contains the following text:

Quote:

Originally Posted by AOL

SMTP protocol diagnostic: 554-(RLY:B1) The information presently
available to AOL indicates this\r\n554-server is generating high volumes of
member complaints from AOL's\r\n554-member base. Based on AOL's Unsolicited
Bulk E-mail policy at\r\n554-http://www.aol.com/info/bulkemail.html AOL may
not accept further\r\n554-e-mail transactions from this server or domain.
For more information,\r\n554 please visit http://postmaster.info.aol.com.

Am I reading this wrong? Or is this problem potentially being generated because of a shared IP?

cyanide · #2 (**permalink**) 11-26-2003, 02:26 PM

Yep, it could be someone else on that server/Ip that's doing the bulk emails.

We had a strange thing happen recently.
A client of ours complained that he wasn't receiving auto-emails from a board similar to WebProWorld, which happens to be another client of ours, hence our server.

It seems this client's ISP was using a spam filter and somehow thought our IP address was listed in their 'spam database'. Upon further investigation it was found out that our Ip was not banned, which ofcourse was relayed to the client.

It seems this ISP had just began using this spam filter. How this ISP all of a sudden decided to block our IP is beyond me and within a couple weeks it all stopped and everything is back to normal.

(shrug)

Greyhawk · #3 (**permalink**) 11-26-2003, 03:38 PM

Personally I think that it is just AOL being its' usual heplful self.

Greyhawk

SyrenSong · #4 (**permalink**) 11-26-2003, 04:44 PM

One problem with this whole thing (and my initial knee-jerk reaction it seems). When I type the IP address into my browser, it takes me directly to my client's website. I was under the impression from the hosting company that this was a shared IP, but I also know they've been moving things around a bit as they are in the process of upgrading their servers.

So this could be a shared IP where the offending party is no longer sharing the same IP as my client.

Or it could be that the offending party formerly owned the same IP address.

Anybody know how to go about "clearing the name" of an IP address that used to belong to a spammer???

Does it have to be done on an individual basis, waiting until we know they've been blocked from a specific host/isp then do an small email campaign to the powers-that-be to politely request they allow emails from my client's IP address again?

Any way you look at it, it's incredibly annoying!!! Grrrrrrr!!!

cyanide · #5 (**permalink**) 11-26-2003, 04:50 PM

Quote:

When I type the IP address into my browser, it takes me directly to my client's website.

That's a bit odd.
Usually that happens for a dedicated IP or the primary Ip holder.

What about asking the host for a new nameserver/Ip ?
That should be easy enough

SyrenSong · #6 (**permalink**) 11-26-2003, 05:07 PM

I've emailed the host about the problem and I've got a ticket open. Still waiting to hear back from them on it.

I also advised them of question regarding a reverse DNS configuration, so I'm in a holding pattern with them at the moment.

I'm still curious about what problems others have had with IP sharing, though.

What sort of problems crop up, and how are they handled by various hosting companies?

Are the hosting companies generally responsive in a situation like this where it is a shared IP? Are they willing to reprimand the offending spammer? Are they willing to change IPs for the company experiencing the blocks?

I know they should be! But are they?

cyanide · #7 (**permalink**) 11-27-2003, 12:27 PM

Quote:

Originally Posted by SyrenSong

I've emailed the host about the problem and I've got a ticket open. Still waiting to hear back from them on it.

I also advised them of question regarding a reverse DNS configuration, so I'm in a holding pattern with them at the moment.

I'm still curious about what problems others have had with IP sharing, though.

What sort of problems crop up, and how are they handled by various hosting companies?

Are the hosting companies generally responsive in a situation like this where it is a shared IP? Are they willing to reprimand the offending spammer? Are they willing to change IPs for the company experiencing the blocks?

I know they should be! But are they?

I wish I could give you a more complete answer.
I haven't really investigated other hosting companies indepth regarding some of your concerns.

Although it has yet to happen, we have many Ip addresses so moving a client to another Ip or even server for that matter is a relatively easy process from our end. The customer would have to then just update their DNS at their registrar. 48 hours to propogate and no down time. It all happens transparently.

As for spamming, we have a built-in alert to let us know when there has been a dramatic influx of outgoing email, which really, all hosting companies should have.

SyrenSong · #8 (**permalink**) 11-27-2003, 12:58 PM

I just heard back from the hosting company. They don't use shared IPs. They've also got a really good rep, so I asked them what could be done to resolve the situation.

I also received another returned email from the Dean of the school. Turns out someone is trying to hijack their email address. The message was sent by someone masquerading as them. THis makes it quite a bit stickier.

Is there any way to stop folks from masquerading as if they are writing from a legitimate company when they're actually someone else? I'm guessing it was done using "Personalities" or something similar.

What a royal pain!!!

cyanide · #9 (**permalink**) 11-27-2003, 01:26 PM

Quote:

Originally Posted by SyrenSong

I just heard back from the hosting company. They don't use shared IPs. They've also got a really good rep, so I asked them what could be done to resolve the situation.

I also received another returned email from the Dean of the school. Turns out someone is trying to hijack their email address. The message was sent by someone masquerading as them. THis makes it quite a bit stickier.

Is there any way to stop folks from masquerading as if they are writing from a legitimate company when they're actually someone else? I'm guessing it was done using "Personalities" or something similar.

What a royal pain!!!

Oh !!!
ahhh, should have thought of that.
I have a client with an AOL webmail account. His account was terminated because he was spamming.
My client complained to them, because he insisted he never does this. AOL support said probably his email address was hijacked !! My client asked what the solution is? They said change your password often!
However, that may not be enough.
One thing you can pass on to your client, is make sure the password is not contained in the dictionary.
Easy look up for the hacker.
For example if their password is 'song' , then they should change it to this 'so95nG' Sticking a couple of numbers in the middle and maybe a cap or two

SyrenSong · #10 (**permalink**) 11-28-2003, 05:08 PM

Okay. How would I know if their email's been hacked, as opposed to someone just using the email address in their profile?

I know the email addresses set up haven't changed from the way I set them up initially. That's all fine. The password's not one they're going to easily figured out with the combination of characters, numbers, etc., so I really doubt they've hacked it. That's why I'm thinking personalities.

I've had no trouble setting up accounts on some systems and through some programs so it has the appearance of me sending from somewhere else. That's why my suspicions are leaning in that direction.

SyrenSong · #11 (**permalink**) 11-28-2003, 05:16 PM

Worse still - I'm trying to trace whodunit through www.SamSpade.org. Someone's playing games trying to hide who they are, and it's really annoying me! [Understatement of the century!]

I think I'm going to wait until I hear back from AOL and my client's hosting company to see what they have to say on the subject. Maybe they've got an easier way to track this sort of thing. They've certainly got a larger paid staff than I do! LOL!!

carbonize · #12 (**permalink**) 11-28-2003, 05:38 PM

So AOL was going by the domain the emails claimed to becoming from then and not the IP? If so then I think the AOL techs need a quick reminder in how easy it is to spoof the from address in an email. Most spammers use either a SMTP server hosted on their own PC or a PHP/perl script to send the email from any address they wish.

SyrenSong · #13 (**permalink**) 11-29-2003, 12:00 PM

Quote:

Originally Posted by cyanide

I think the AOL techs need a quick reminder in how easy it is to spoof the from address in an email.

I may give it to 'em, too, if I don't hear back from them by Monday.

I think it might serve as a good reminder if I sent their Postmaster a message from him/herself! LOL!!!

Heck! They've got aliases, which isn't all that far removed from what's going on in this situation.

carbonize · #14 (**permalink**) 11-29-2003, 12:15 PM

Cyanide wrote? Plagarism by proxy? lol

SyrenSong · #15 (**permalink**) 11-29-2003, 12:27 PM

LOL!!! See what I mean? Anyone can pretend to be someone else. ;)

Sorry about that. I was trying to read and post at the same time, and my browser/computer got very unhappy with me. Guess it's on vacation and didn't want to multitask for me today. LOL!

Again, my apologies, carbonize! :)

mikmik · #16 (**permalink**) 11-29-2003, 12:27 PM

carbonize notes:

Quote:

Cyanide wrote? Plagarism by proxy? lol

CYANIDE! I'm shocked! I thought you were better than that.

I don't know...

cyanide · #17 (**permalink**) 11-29-2003, 12:32 PM

Quote:

Originally Posted by mikmik

carbonize notes:

Quote:

Cyanide wrote? Plagarism by proxy? lol

CYANIDE! I'm shocked! I thought you were better than that.

I don't know...

my ears are burning !

mikmik · #18 (**permalink**) 11-29-2003, 12:33 PM

1-Posted: Sat Nov 29, 2003 12:27 pm Post subject:

2-Posted: Sat Nov 29, 2003 12:27 pm Post subject:

I'm gettin outta here. Next thing you know, I'll be syrensong. Nothin wrong with that, but then I'd have to try to figure out what mikmik is saying all the time.

mikmik · #19 (**permalink**) 11-29-2003, 12:35 PM

Posted: Sat Nov 29, 2003 12:33 pm Post subject:

Posted: Sat Nov 29, 2003 12:32 pm Post subject:

Haaaaalllppp!!!