I'm trying to sign up for Microsoft's Junk Mail Reporting Program.
Multiple representatives keep sending me more-or-less form responses
saying they can't add my dynamic customer IP ranges because they're
"included in...[a] third party block list". The list in question is the
SpamHaus PBL.
They clearly don't understand that the SpamHaus PBL (unlike other
SpamHaus lists) is not a list of IPs that have sent spam. I'm looking
for someone with a clue that can help me.
Thanks,
Richard Laager
Wikstrom Telephone Company
P.S. Even ignoring the PBL, this policy of not enrolling IP ranges that
are listed on DNSBLs doesn't make a lot of sense to me. Even if the IPs
had been sending spam, wouldn't Microsoft want the ISP's help in
stopping that?
I'm trying to sign up for Microsoft's Junk Mail Reporting Program.
Multiple representatives keep sending me more-or-less form responses
saying they can't add my dynamic …
Stop right there.
Are the IP addresses you are sending mail from Dynamic?
Do you *own* those addresses?
Why are they, "Dynamic"?
Mail should never be coming from Dynamic IP addresses.
… customer IP ranges because they're
"included in...[a] third party block list". The list in question is the
SpamHaus PBL.
They clearly don't understand …
They clearly *DO* understand.
They know exactly what the PBL is.
that the SpamHaus PBL (unlike other
SpamHaus lists) is not a list of IPs that have sent spam. I'm looking
for someone with a clue that can help me.
You need to understand why they are not interested in your traffic as you currently describe your ability to send it.
P.S. Even ignoring the PBL, this policy of not enrolling IP ranges that
are listed on DNSBLs doesn't make a lot of sense to me. Even if the IPs
had been sending spam, wouldn't Microsoft want the ISP's help in
stopping that?
> I'm trying to sign up for Microsoft's Junk Mail Reporting Program.
> Multiple representatives keep sending me more-or-less form responses
> saying they can't add my dynamic …
Stop right there.
Are the IP addresses you are sending mail from Dynamic?
Do you *own* those addresses?
We're an ISP. Let me use an example (with private IPs):
We have 10.0.0.0/20 from ARIN. Of that, 10.0.0.0/24 is for our servers,
and the rest is used for dynamic pools for residential customers. So
we've listed the following ranges in the PBL:
10.0.1.0/24
10.0.2.0/23
10.0.4.0/22
10.0.8.0/21
I want to enroll 10.0.0.0/20 in Microsoft's JMRP. They give me a canned
answer about 10.0.1.0-10.0.15.255 being "on a spam list".
Mail should never be coming from Dynamic IP addresses.
That's why I've listed my dynamic ranges in the PBL!
So yes, nobody *should* be sending mail from these ranges. But if a
customer sends spam from one of those ranges anyway, I still want to
know about it, so I can notify them to cleanup their infected computer
(and disconnect them if necessary).
Also, there are a handful of individual IP exceptions to the PBL
listings for specific customers with static addresses who are running
their own mail servers. Because of that, and the fact that subnets get
reassigned from time to time, it'd be best if Microsoft would accept the
supernet listing from me, as it'd be one less thing to have to worry
about updating every time we make an IP assignment change.
<rant>I'm not sure why it's necessary to have all these individual
"feedback loop" processes anyway. Why can't everyone just send spam
reports to the Abuse handles on the relevant WHOIS record?</rant>
"<rant>I'm not sure why it's necessary to have all these individual
"feedback loop" processes anyway. Why can't everyone just send spam
reports to the Abuse handles on the relevant WHOIS record?</rant>"
Because that only works for organizations who actually do the right thing
when they get complaints. That's a poor way to fight spam.
Feedback loops are sent in machine parseable formats like ARF (RFC
5965) to separate, dedicated mailboxes that are read by scripts which
then process the reports to automate whatever action needs to be taken
for AUP enforcement, filtering etc. Every single report spam click by
a user on hotmail, yahoo etc is fed through their feedback loops (like
JMRPP for hotmail)
abuse mailboxes are read by ISP support staff and complaints are
manually handled.
All* the feedback loop concept does is waste a lot of administrative
time on both sides to avoid sending spam reports to organizations which
have setup abuse handles but not signed up for that particular feedback
loop.
Given that sending complaint emails to the abuse handle is virtually
cost free, I don't see what's gained by not sending them.
What the organization does with those complaints when they receive them
is unaffected by the mechanism that routes the complaints to them.
Richard
* I suspect that someone's lawyers would say that feedback loop
processes allow organizations to require agreement to some set of terms
(confidentiality, etc.) before receiving the reports and that this is a
useful benefit. I disagree, given that you're sending the report to
someone who almost certainly could've captured the original email as it
transited their network.
> <rant>I'm not sure why it's necessary to have all these individual
> "feedback loop" processes anyway. Why can't everyone just send spam
> reports to the Abuse handles on the relevant WHOIS record?</rant>
Feedback loops are sent in machine parseable formats
...
abuse mailboxes are read by ISP support staff and complaints are
manually handled.
If the feedback loop complaints are machine parseable, then by
definition a machine can parse the abuse mail stream and separate out
the feedback loop complaints for automated handling before sending the
rest to the human team.
Every single report spam click by
a user on hotmail, yahoo etc is fed through their feedback loops (like
JMRPP for hotmail)
I think the implied point here is that this can be a LOT of mail and
that obtaining the recipient's consent is desirable before sending them
this volume of mail? If so, I think that's a fair point. On the other
hand, the complaints are in response to messages their network sent in
the first place.
Already.