NinerNet Communications™
Blog

Corporate Blog

A couple of issues today

27 January 2021 10:28:08 +0000

We, as well as some clients today, have received phishing emails advising the recipients to follow a link to deal with emails that have been quarantined or “suspended” on the mail server. These emails are scams, and do not come from addresses on the niner.net domain. Do not click on the links, and delete the emails.

Secondly, we are aware that the primary mail server’s IP address is in at least one new blacklist as a result of our data centre being blacklisted. If email you send is bounced for this reason, please advise us and we will re-route email to that domain via one of our relay servers.

Please contact NinerNet support if you have any questions or need to report something. Thank-you.

Upcoming changes to mail servers

20 December 2020 12:52:47 +0000

The email world is constantly evolving. More to the point, spam is a never-ending arms race. We have made some changes to our email system, and in the New Year we will be making more.

So far all we have done is add a second alternative route for outbound emails. This gives us (and our clients) a third possible point from which emails can be delivered to your recipients. This action is the result of our data centres’ IP addresses finding themselves in more blacklists as a result of poor management, and the bad behaviour of their other customers.

Our use of this service will result in some very minor changes to the headers of some of these emails when viewed by the recipients. Almost nobody pays any attention to the headers of emails until there is a problem, but we are telling our clients this in advance so that you are aware of it.

There is nothing you need to change in your email programs or apps. The only thing you need to do is forward errors to us if a bounce message for an email you have sent refers to being blocked, as opposed to the destination address not existing or being full. If your email was blocked we can divert future emails to that domain via an alternative route. This option has always been available, but for the reason stated above we’re getting more reports now than in the past.

That addresses an immediate issue. Plans were already in progress for a scheduled upgrade to our primary mail server, but now they have an additional focus: We will be setting up a new mail server in another data centre where the reputations of their IP addresses are an explicit priority.

This plan will probably protect NinerNet for a couple more years. However, with the way the email world is moving, there are some predictions that all IP addresses will eventually be blocked from sending email except for a select few. I don’t believe I need to explain how this will concentrate power over email in the hands of a few, and how detrimental this will be, so we expect that reputable data centres will oppose this. Those are the kinds of data centres we want to work with, but we will maintain accounts with third-party relay providers just in case.

We will be posting more on the subject of email, specifically details of our migration, and information you need to know to ensure that your email will not be considered spam, either by us, our spam filters or your customers.

Please contact NinerNet support If you have any questions or concerns. Thank-you.

Mail server in and out of capricious blacklist

10 March 2020 02:33:48 +0000

As you’re aware, we work hard to ensure that our mail servers do not get into blacklists. On the rare occasion that one of our IP addresses is blacklisted, we investigate the cause of the problem, fix the problem (often a client with a compromised machine) and (if possible) try to have our IP address removed from the blacklist. Often though, manual removal from the blacklist is unnecessary, as modern, well-maintained blacklists are automated, and offending IP addresses are removed very soon after they no longer show any signs of sending spam.

It’s not often any more that we run into old-style blacklists — blacklists that are poorly maintained, that blacklist huge swathes of the Internet, or that offer no discernible removal process — but there are still some of them out there. Not many are used by mail servers that accept email on behalf of any sizeable number of users, but we have run into one that happens to fit that exact trifecta: urbl.hostedemail.com.

This blacklist is used by Hostedemail(.com), a subsidiary of OpenSRS/Tucows. Good luck getting to their website though, as one doesn’t exist. Their email hosting service is a white-label service sold by their resellers, and they don’t even have a way for other mail server administrators to contact them, to search their blacklist or ask to be taken out of it.

Thankfully though, we are still hanging onto our own long-established reseller account with OpenSRS, and we contacted them about this block of our (non-resold) primary mail server (NC036). We first did this in February when we noticed that email from some clients was being blocked with this error message:

host mx.DOMAIN.com.cust.a.hostedemail.com[216.40.42.4] refused to talk to me: 554 5.7.1 Service unavailable; Client host [178.62.195.26] blocked using urbl.hostedemail.com; Your IP has been manually blacklisted

(It was the reference to being “manually blacklisted” that really got our attention, as this is a hallmark of the aforementioned poorly maintained blacklists.)

OpenSRS responded quickly, and we were removed from the blacklist within about eight hours. But we were surprised to see, a couple of weeks later in March, that we were blacklisted again, so we contacted OpenSRS yet again. The response this time was much slower, but we have again been removed. This time, however, we pressed for an explanation for the block, as we are not listed in about 300 other blacklists that are more widely used. This is part of their response:

I am just replying back on the RBL listing you inquired about and I can confirm the IP was once again de-listed but I did get some additional information for you as requested. I needed to do a bit of checking but the IP 178.62.195.26 is provided by RIPE Network Coordination Centre, the IP assigned to the user by the hosting provider carries the reputation of the rest of the CIDR. The nature of VPS/Shared IPs is to be disposable …. But of course for the time being we have de-listed the IP but assuming nothing changes its [sic] likely it will be listed again in the future.

This kind of outdated thinking is another of the hallmarks of old-style blacklists: blacklisting half of the Internet based on some outmoded way of thinking that died off around the end of the twentieth century. Essentially, Hostedemail.com is blacklisting all IP addresses in major data centres around the world, which is very counterproductive for their own customers.

We’ll be contacting individual clients whose emails were blocked by this blacklist to point them to this post, and we recommend that if your email is blocked with the above message you contact your correspondent by some other means to advise them to move to a more enlightened mail service provider.


Update, 2019-03-19: Our primary mail server is again blacklisted by this one mail provider in the world out of about 300 major blacklists we have checked. OpenSRS/Tucows/Hostedemail warned us this would happen, so we’re not surprised. We can take no further logical action against an illogical practice. We’re sorry to those clients who are affected, but we again suggest that you tell your correspondents to move to an email service provider that doesn’t run their mail servers based on practices from the last century.

Domain block removed

11 June 2012 10:53:57 +0000

The following four domains that were blocked a couple of weeks ago have been unblocked after liaising with the company involved:

  • cfcsprl.com
  • congofret.com
  • impala-wl.com
  • trafigura.com

Thanks for your patience while we worked to resolve this issue.

Domains blocked

21 May 2012 14:55:21 +0000

We have taken the unusual step of blocking mail to and from certain domains on our primary mail server that are not (to our knowledge) sources of spam. These domains are:

  • cfcsprl.com
  • congofret.com
  • impala-wl.com
  • trafigura.com

We have blocked email to these domains because their mail servers — all hosted by the same company — while appearing to be up, do not accept any email. Instead of immediately rejecting email with either permanent (5xx) or temporary (4xx) errors, they hold open the connection from our mail server until it times out. This has a significant negative impact on other email sent by our clients.

Adding to the issue is that the domains associated with the mail servers and nameservers of their hosting provider — smtpdaemon.net and dnsdaemon.net — do not resolve to websites, and the identity of the owner of these domains is hidden behind a WHOIS privacy service. This means that this hosting company does not want to reveal who they are or how to contact them.

We regret the necessity to make this decision, and will revisit it in the future should circumstances change or if new or changed information is brought to light.

As always, please contact NinerNet support should you have any questions or concerns.

NinerNet home page

Subscriptions:

RSS icon. RSS

General Information:

This is the corporate blog of NinerNet Communications. It's where we post announcements, inform and educate our clients, and discuss issues related to the Internet (web and email) hosting business and all it entails. This includes concomitant industries and activities such as domain registration, SSL/TLS certificates, online back-up, virtual private servers (VPS), cloud hosting, etc. Please visit our main website for more information about us.

Search:

 

Recent Posts:

Archives:

Categories:

Tags:

accounts receivable apple billing branding cira contact information domain registration domain registry of canada domain renewals domains domain sales dot-ca domains dot-zm domains down time droc email facebook google happy hosting customers hosting transfer icann invoices iphone kwacha maintenance paying your bill paying your invoice quarterly kwacha rate review rates registrant transfers registrar transfers reputation scams search engine optimisation search engine optimization security seo service hours spam ssl ssl/tls support transparency wordpress zamnet

Resources:

On NinerNet: