Starting tomorrow, ExchangeDefender will be implementing an FBL – feedback loop. The purpose of a feedback loop is to alert system administrators when their email systems are distributing dangerous content.
Initially the FBL will be implemented with ExchangeDefender Service Providers and will only send an email to the SP contact once a day. The email will contain list of domains and violations made from each domain along with the IP address. For example:
From: ExchangeDefender FBL <email@example.com>
Subject: ExchangeDefender Relay Violation
myspamexample [22.214.171.124] is attempting to relay mail from firstname.lastname@example.org which is not an ExchangeDefender protected address.
This attempt has been blocked through our security policy but the source server/network should be examined as this is usually the first sign of a compromised system. Systems can be easily compromised and used to spread malware and spyware. When hackers can no longer use these systems to relay SPAM, they tend to use them to launch DDoS, large scale attacks or attempt further security compromises.
Please investigate and address the security issue. Ignoring these notices and underlying security issues can result in a restriction of your ability to relay outbound mail through ExchangeDefender, land your domain/IP on an RBL blacklist and reduce your IP addresses sender reputation.
We have been monitoring the explosion of malware and are addressing a record number of security compromises daily. Last quarter we implemented an SMTP monitoring process as a part of ExchangeDefender and we hope that with web filtering, the FBL test gives us more insight into security problems on your network that can help you manage your network more securely.
First emails will go out on December 1st, 2010.