Posted by: John Masterson, Modwest Co-founder
Have you ever sent an email to a friend or colleague, only to find out the message was never received because your provider's mail server was on a "blacklist"? Or, perhaps you received an error message just a few minutes after sending, which cryptically explained that messages from your IP address are not being accepted?
As a defense against unsolicited email (spam) and viruses, most mail server administrators implement some sort of filtering that reject or delay mail from computers that send out lots of junk. These lists of junk-spewing computers are often referred to as "blacklists". There are a lot of reasons that servers can end up on blacklists, like when professional spammers set up servers to send billions of messages from countries with little or no law enforcement resources to deal with internet abuse. Nobody wants the email coming from those servers.
Unfortunately, there are also situations where innocent senders are erroneously labeled as spammers because of one "bad apple".
One way in which Modwest mail servers have found their way onto blacklists from time to time is due to a customer's website being exploited to send spam. This can happen when spammers discover a vulnerability in a popular web application, like WordPress, OSComerce, Joomla, or ZenCart, which allows them to send their junk mail right from the customer's website.
Exploited sites are a problem for all web hosts and their customers. You can help ensure your site stays safe by promptly applying security updates from your web application vendor (e.g., WordPress, Joomla, Drupal, ZenCart, X-Cart, phpBB3, etc).
Until recently, that scenario would result in the junk being relayed through our central mail system, mail.modwest.com. If enough junk got out before we detected and stopped it, sometimes big email providers like Yahoo, AOL, Gmail and Hotmail would temporarily stop accepting mail from Modwest.
While we could generally convince them to remove the block within a day or two, it was a headache for everyone -- especially the innocent bystanders who just wanted to send mail to their friends and colleagues.
So, this week we're beginning a gradual change that separates mail generated by websites from everything else. Mail generated by websites includes forum reply notifications, ecommerce receipts, and so forth -- as well as junk mail generated by exploited sites.
The benefit of this change is an exploited site will now be much less likely to cause email delay or rejection problems for everyone else. And, you don't need to do anything different with your website or email.
A second, more esoteric change we made this week was in how our domain aliases are handled. A quirk of our system was that some remote mail servers would consider bounce-back messages from invalid addresses at domain aliases to be "backscatter", which they considered evidence of spam. We've solved that problem too.
Finally, we've expanded some of our front-line filtering to reject mail from a few persistent sources of spam.
Combined, these changes should reduce the spam you receive, and help prevent you from being falsely labeled a spammer. Of course, if you are a spammer, you'll be hearing from us. :)
Comments