SMB

EXPERT ADVICE

What to Do If Your E-Mail Is Blocked

Without access to e-mail, many of us would cease to function. If you use e-mail regularly, there is a 100 percent chance that some of the e-mails you send or receive will be blocked. If such e-mails are not important to you, then you might not notice. However, if those e-mails are important, then inconvenience or anguish might result.

There are precautions that you can take to retain access to e-mail privileges. Precautions begin with understanding the definition of IP address. We start by defining that term before explaining why and how e-mails are blocked.

IP Address Definition

The term IP address stands for Internet protocol address. Every node on the Internet has a unique numerical IP address. An IP address is a series of four sets of numbers, with a maximum of three digits per set, and with each set of numbers separated by a dot, e.g., 221.134.142.244.

IP addresses are separate from domain name addresses, which can be both letters and numbers. For example, the domain name InternationalStaff.net can be moved around from one Internet service provider (ISP) to another, with a new DNS address assigned by each ISP. Whereas individual e-mail addresses and e-mail from entire domain names can be blocked, most blocking occurs for numerical IP addresses or sets of IP addresses.

Multiple domain names can be pointed to the same IP address, particularly at addresses used by Internet service providers (ISPs) to host multiple clients’ Web sites and e-mail services. This means that if an IP address for an ISP’s e-mail server is blocked, then blocks will be applied to all the e-mail from that ISP, regardless of domain name.

Why E-Mails Are Blocked

The primary reason IP addresses are blocked is because of spam, i.e., unwanted e-mails. How big of a problem is spam? The United Nations estimates that costs of dealing with spam amount to US$25 billion per year, with this figure expected to rise due to new ways of distributing spam through hijacked and proxy servers.

According to Richard Stockton, webmaster at Adhost, only 3 percent to 4 percent of e-mails received at Adhost are valid. IP blocks are applied to eliminate 88 percent to 90 percent of incoming e-mail before it reaches this ISP’s e-mail servers. Then the e-mail is sent to a spam filter, which blocks out 10 percent to 20 percent of the e-mail that has survived the IP blocks. Of the remainder that is delivered to customers’ e-mail accounts, half is spam.

How many e-mails are involved? A month ago, Adhost received 7 million e-mails each day, of which more than 6.7 million were spam. On a typical day last week, this number had declined to 3 million per day. The difference might be due to the successful prosecution of a Florida-based spamming operation.

Given the level of effort required for spam filtering, most ISPs in the UK commonly offer it as an extra service. British ISPs commonly charge 1 to 2 pounds ($1.78 to $3.57) per month per user for filtering. In the U.S., business-class ISPs such as Adhost do not charge for spam filtering.

How IP Addresses Are Blocked

Blocking an IP address is the easiest way for an ISP to halt spam originating from that IP address. Given the volume of spam being generated today, IP blocking is essential for controlling spam. Some ISPs in the U.S. reportedly block all IP addresses from Eastern Europe, Germany, mainland Asia, and much of South America. Because many of the businesses that use Adhost to host their Web sites and corporate e-mail accounts have business connections around the globe, Adhost applies blocks sparingly.

There are different lists that are circulated with IP addresses that can be blocked. The list published by DSBL.org is one of the milder lists. This is the list that Adhost uses. Adhost also uses a list that is compiled in-house in response to complaints received from customers. The internal list also includes sources of phishing attempts and virus attacks.

DSBL’s full name is the Distributed Sender Blackhole List. DSBL’s homepage describes its list as:

“The DSBL lists contain the IP addresses of servers which have relayed special test messages to [email protected]; this can happen if the server is an open relay, an open proxy or has another vulnerability that allows anybody to deliver e-mail to anywhere, through that server. Note that DSBL itself doesn’t do any tests; it simply listens for incoming test messages and lists the server that delivers the message to DSBL’s mail server.”

Finding Your IP Address

To find the IP address on a computer running Microsoft Windows XP, look for the Internet connection icon in the sys tray on the bottom right of your screen. Right click on that icon and select Status. In the box that opens, select the tab marked Details. The details page will show the IP address of your computer and the server that it is connected to.

You can test to see whether your IP address is on the DSBL list by going to http://dsbl.org. From that site, they have a link to DNSstuff.com that operates a free spam database lookup. This lookup allows you to test whether other lists might be blocking an address. There might be one or two lists included on DNSstuff.com that block IP addresses arbitrarily, hence the importance of the qualifying information presented along with the query results received on DNSstuff.com. DNSstuff.com also includes some highly respected lists.

When I tested my Netscape connection at home, I found that its IP address was on several lists, including one maintained by the Spam and Open Relay Blocking System (SORBS). This list describes itself as:

“The SORBS DNSbl was born November 2002. It was felt that by publicizing a list of compromised hosts, the ever-increasing flow of spam through those hosts could be stopped. On the 6th January 2003 the SORBS DNSbl was officially launched to the public.

“Since those initial 78,000 proxies the SORBS DNSbl has grown to an astounding 3 million listed hosts (that’s less than 0.07 percent of the possible addresses on the Internet — statistics correct as of June 2004). SORBS has also expanded over the months to include, hacked and hijacked servers, formmail scripts, trojan infestations (particularly those with backdoors), and more recently made the move to preemptively list all dynamically allocated IP address space.”

Being on the SORBS list might not have immediate impacts because I am not running a mail server. Instead, I am primarily relying on the integrity of the mail server operated by the ISPs that my firm uses. However, some ISPs block both the IP address of the e-mail server and the IP address of the originating machine.

“Usually the IP blocked is the last mail server in line, the one that actually forwarded the mail to our mail server,” said Adhost’s Stockton. “I also try to block the originating mail server’s IP, if possible,” Stockton said, adding, “Sometimes they are the same.”

Testing Your E-Mail Server’s IP Address

To find the IP address of the e-mail server that you are using, send yourself an e-mail. Allow your e-mail client to display the e-mail’s full header information, which includes the IP address of the originating e-mail server.

Go to DNSstuff.com and test your IP address in the spam database lookup. See whether that mail server’s IP address comes up on any lists. Look at the descriptions of lists from the links provided by DNSstuff.com. Discuss the results with friends and colleagues.

Responses to blocking will be determined by how you seek to use e-mail, where you are, and what your relationship is to the managers of the e-mail server whose IP address is being blocked. For managers of ISPs and for managers of organizations that operate their own e-mail server, the best response is to seek to change the way that e-mail server is used and to thereby have the blocks removed as lists are refreshed on a weekly or monthly basis.

Jumping over to another IP address is not a good solution because if the same operations continue, then that new IP address will soon be blocked. Some e-mail system administrators never refresh their block lists except in response to individual requests to have a blocked IP address restored.

Switch Might Be Inevitable

For businesses using a commercial ISP, the best route is usually to seek to have that ISP improve its practices and rehabilitate its mail server’s IP address. If that fails, then a business might have no choice but to switch to another ISP that uses an IP address that is not blocked.

If an offshore IT firm cannot properly send e-mail, I decline to work with them. Some established mid-size IT firms in India cannot pass this test. If an IT outsourcing firm’s e-mail connections are spotty, new project-specific e-mail accounts can be set up on servers in the U.S. to enable these IT facilities to communicate with U.S. clients.

Business executives at IT firms in Asia often have U.S.-based personal e-mail accounts to enable them to avoid blocked e-mails from their local ISPs. Some U.S. clients treat this as unprofessional. Free e-mail accounts based in Asia are often not a solution because these service providers are often sources of spam themselves.

In subsequent columns, information will be provided on how to unblock an IP address and how to keep it unblocked. The best strategy for keeping an IP address unblocked is for the ISP responsible for that address to act quickly to deal with complaints of spam and other abuse originating from that IP address.


Anthony Mitchell, an E-Commerce Times columnist, has beeninvolved with the Indian IT industry since 1987, specializing through InternationalStaff.net in offshore process migration, call center program management, turnkey software development and help desk management.


2 Comments

  • Yes, there are major problems with the email spams all around the world. But there has also been a major surge in the pop up ads! What do you think about it?
    Mahesh Iyer
    Purple Support Services

  • Regarding DSBL.org – this is a "bedroom" operation run by another anti-spam vigilante: one person holds all the power, makes all the decisions, publishes bogus rules on his web page to make everyone think he’s honest and responsible – then promptly ignores all his own "rules" and blacklists whoever he wants, however he wants, for however long he feels like.
    I AM disapointed that no research was done on this list, and this article then attempts to legitimize it!
    You do know that if you visit any of the DSBL web pages with an older browser, that you immediately blacklist *yourself*, don’t you ?
    He’s got a script running on all his web pages that immediately attempts to exploit your own PC’s browser vulnerabilities to send spam ! You can verify this via google, then ask yourself: (A) Are you on a dynamic IP (if so, his web site will have blacklisted all future victims who’ll be assigned your IP in future)
    (B) How trushful is the rest of his site, since you’ve now proven that despit his claim of "not testing" anyone – here, right in your face, is his own web site doing *exactly* that…
    Hint – go look through his own logs – you’ll find evidence of him violating just about every rule he’s pretending to abide by!

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Anthony Mitchell
More in SMB

E-Commerce Times Channels