Listed on backscatterer.org

ANDREY FYODOROV's picture
ANDREY FYODOROV
July 20th, 2009

Two of our Brightmail 8300 Scanner appliances have been listed on backscatterer.org.

Also the other two are not currently listed, but according to backscatterer.org they used to be listed in the past on a few occasions.

When I go to backscatterer.org and check our IPs, I get this response:

This IP IS CURRENTLY LISTED in our Database.
Please note that this listing does not mean you are a spammer, it means your mailsystem is either poorly configured or it is using abusive techniques.
If you don't know what BACKSCATTER or Sender Callouts are, click the links above to get clue how to stop that kind of abuse.


To track down what happened investigate your smtplogs at 2009/07/16 09:34 German time:

You will either find that your system tried to send bounces to claimed but in reality faked senders, or your system tried sender verify callouts against our members at that time.


PLEASE NOTE: Timezone of all informations displayed is Germany

A total of 8 Impacts were seen during this listing. Last was 2009/07/16 09:34
Earliest date this IP can expire is 2009/08/13.

History:2009/06/08 11:17 listed

We delete mail coming to invalid addresses, so how can we be causing backscatter that would get us listed?

Filed under: ,
0 votes
Ian McShane's picture
Ian McShane
17 weeks 6 days ago

Greylisting

I seem to remember from your previous posts that you are doing some kind of greylisting, where you check the validity of a incoming email sender address, is that right?
If so, this part is relevent to you "or your system tried sender verify callouts against our members at that time."

HTH

//ian

+1 (1 vote)
ANDREY FYODOROV's picture
ANDREY FYODOROV
17 weeks 6 days ago

Nope, at least I am not aware

Nope, at least I am not aware of it. How would you do greylisting anyway, using the Brightmail appliances?

0 votes
Ian McShane's picture
Ian McShane
17 weeks 6 days ago

You can't with SBG, I just

You can't with SBG, I just thought I remembered you posting about it previously - must have gotten my wires crossed somewhere.

When you say you delete mail coming in with recipient validation, are you rejecting or dropping the message?

+1 (1 vote)
ANDREY FYODOROV's picture
ANDREY FYODOROV
17 weeks 5 days ago

We are dropping.

We are dropping.

0 votes
ANDREY FYODOROV's picture
ANDREY FYODOROV
1 week 3 days ago

We drop invalid

We drop invalid recipients.

However I can see how if we delete a user from AD, it will take some time to sync with SBG. During that time SBG will continue accepting mail for this user and handing it over to Exchange, and Exchange will generate a postmaster NDR back to the sender - exactly what Backscatterer preys on.

Also we have distribution groups in AD that do not accept mail from the Internet. I suspect that they also contribute to Backscatterer listing because they send back NDRs from Exchange postmaster.

0 votes
fferaboli's picture
fferaboli
1 week 3 days ago

Hi, Any reason why you don't

Hi,

Any reason why you don't use reject?

Federico

+1 (1 vote)