MS ForeFront or FOPE blacklist.

Portal Home > Knowledgebase > Articles Database > MS ForeFront or FOPE blacklist.

Posted by Freetimers, 02-27-2012, 01:50 PM
Good afternoon, I host a Linux CentOS server that holds 70 separate domains and web sites, each of them using the qmail mail server for contacting their customers, sending advertising mail to their registrants and general normal email activities. I check the blacklists at MX Tools twice a week to see if anything is causing problems with the email flow from all of my hosted servers and at the moment, we are all clear. Apart from one. MS ForeFront (FOPE) keeps blacklisting my Linux hosting server every day for spam, or spam-like mails. I have all the right protections in place, SPF hard fail, monitoring of mail queues, bans on bulk mail, limited mail send-out volume, etc etc. I am assured by at least two of my second-line support companies that I'm doing it right. Yet still we are blacklisted by FOPE. To make matters worse, we have spent almost a month pleading with Messaging Support at Microsoft to give us some information about what's triggering the listing. They sent us a small report showing from 1-40 mails labelled spam by a recipient FOPE Exchange server out of about 50 that were tested each day, for the last 3 months. They flatly refuse (so far) to give us even a time of a spam mail, let alone a sender address, even if it's spoofed. I mentioned that this server contains 70 domains, all busily emailing customers and so on, which amounts to thousands of messages being sent and received through my server every day. To mark it as a spamming blacklisted server on the strength of 30 or so of these mails appearing to be spam is rather unreasonable. I am extremely annoyed and frustrated by this, especially by the lack of feedback regarding the alleged spam that my server is dishing out. Does anyone have any suggestions as to whom I can contact for some proper help? Has anyone had a similar experience being constantly blacklisted by FOPE? Does anyone know what algorithm FOPE uses to measure spam and how I can prevent my mails from triggering it? Many thanks for reading and for your help. Sam Gyseman Support & Technical Coordinator Freetimers Communications Limited
Posted by quantumphysics, 03-03-2012, 11:24 PM
To mark it as a spamming blacklisted server on the strength of 30 or so of these mails appearing to be spam is rather unreasonable" this is actually rather lenient, i've seen /24's get spamhaused for a single email
Posted by brianoz, 03-06-2012, 07:41 AM
Are they listing subjects? You can use those to map back to account via the logs usually. If you know the IP address of the target machine, block it, and wait to see if anyone complains, or check in logs for that IP address, etc.
Posted by Freetimers, 03-06-2012, 08:05 AM
I wish it were that easy, brianoz. MS Messaging support have just given us 3 samples from their logs that show NDRs coming from a BT Connect account that belongs to one of our customers hosted on the offending server (he has all his mail forwarded to his btconnect.com address, including all spam, and that btconnect.com bounces the rubbish back to our server, seeing it as a source of spam). This is now fixed by setting him up a catchall mailbox instead and rejecting mail that's no good. That seems to have dried up the NDRs. MS Messaging and FOPE support are as close-mouthed as any blacklister, utterly useless if I am trying to weed out 30 mails, for which I have no clues, from a 2Gb daily maillog. Further, FOPE support say that the only way to check if my IP is listed on their blacklist is to have a paying account for Exchange or Office365 or similar. So I have to pay them to check if they're blacklisting me? Yikes. At least we now have a contact there and they have agreed to keep us off their list for 30 days to give us time to sort the problem out. Thanks to all who read and helped.
Posted by brianoz, 03-07-2012, 07:11 AM
Actually we had a similar problem some time back where an account was forwarding email and most of it was spam. We were being listed for originating spam, when all we were doing was forwarding it! Once we removed the forwarding it was pretty easy - and 99% of what was being forwarded actually was very high scoring spam.