RE: contact at yahoo mail? (they think we're an open relay :< )

[Mark Jeftovic <markjr () easydns com>]

Its a very confusing page to read, we are listed as 127.0.0.2 and
that is NERD-CA.

The other entries like:

 ARIXDICTSTALE Sender has a history of dictionary spamming:
stale.dict.rbl.arix.com -> 127.0.0.1

I think indicate what that RBL is for and what the value indicates,
we are NOT in there:

host smtp.easydns.comstale.dict.rbl.arix.com

and the txt record looks like a wildcard for all of the lists.

In fact, several of the people who emailed me off list saying
"you're in no-more-funn" were ALSO listed in "no-more-funn"
in the same manner.

So that, combined with the number of "same here" posts wrt yahoo
lead me to believe that that's not the reason.

-mark

On Thu, 9 Oct 2003, Thor Larholm wrote:

> If you would read the page through, you would see that you are listed
> MULTIPLE places.
>
> No-more-funn.moensted.dk
> ARIXDICTSTALE
> NERD-CA
> NERD-ZZ
>
> Only the last two are country specific
>
> /thor
>
> -----Original Message-----
> From: Mark Jeftovic [mailto:markjr () easydns com]
> Sent: Thursday, October 09, 2003 2:30 PM
> To: Thor Larholm
> Cc: nanog () merit org
> Subject: RE: contact at yahoo mail? (they think we're an open relay :< )
>
>
>
> We are listed in no-more-funn.moensted.dk as 127.0.0.2 which
> is described as:
>
> + NERD-CA ip-space assigned to Canada: ca.countries.nerd.dk -> 127.0.0.2
> 216.220.40/24 is in ca, rejected based on geographical location
> about: Please see our webpage for more information
> about: This zone lists ONLY based on geographic information
> about: The zone does NOT contain known spammers, nor open relays
>
> We do cop to being Canadian, but that's about it. I hope yahoo isn't
> keying on this RBL.
>
> -mark
>
> ...and we've already filled out the retest form at Yahoo.
>
> On Thu, 9 Oct 2003, Thor Larholm wrote:
>
> > If you read through all of that page, you will notice that Yahoo
> > itself has a re-test script you can use to trigger a verification.
> >
> > http://add.yahoo.com/fast/help/us/mail/cgi_retest
> >
> > Yahoo is not your only problem, if you look at
> > http://moensted.dk/spam/?addr=216.220.40.247 you will notice that
> > several DNSBL lists that IP address. No-more-fun believes it to be a
> > "Direct spam source" and ArixDictStale says it has performed active
> > dictionary attacks within the last 3 months.
> >
> > If you want to positively check whether you are an open relay, I would
>
> > recommend testing through ORDB at http://ordb.org/submit/
> >
> >
> > Regards
> > Thor Larholm
> > PivX Solutions, LLC - Senior Security Researcher
> >
> > -----Original Message-----
> > From: Mark Jeftovic [mailto:markjr () easydns com]
> > Sent: Thursday, October 09, 2003 1:23 PM
> > To: nanog () merit org
> > Subject: contact at yahoo mail? (they think we're an open relay :< )
> >
> >
> >
> >
> > Today our email forwarders started getting this from yahoo.com mail
> > handlers:
> >
> > 553 Mail from 216.220.40.247 not allowed - VS99-IP1 deferred - see
> > help.yahoo.com/help/us/mail/defer/defer-02.html (#5.7.1) Connection
> > closed by foreign host.
> >
> > Which when you go look at that page basically tells you you're
> > probably an open relay (which we're not), etc.
> >
> > Can any mail admins at Yahoo contact me offlist, or post what the
> > restrictions are or at what levels this will kick in?
> >
> > -mark

-- 
Mark Jeftovic <markjr () easydns com>
Co-founder, easyDNS Technologies Inc.
ph. +1-(416)-535-8672 ext 225
fx. +1-(416)-535-0237