Good morning – we are currently investigating two blacklists from large ISPs targeting one IP address on the ExchangeDefender network. Two services are identified as Verizon and FrontBridge and we have opened requests to be removed from both along with any data that might help us find out why the lists were put in place to begin with given our 0 tolerance for SPAM. The rejections are marked by:
< mail157-dub-R.bigfish.com #5.0.0 X-Postfix; host winse-6216mail6.customer.frontbridge.com[126.96.36.199] said: 550 5.7.1 External client with IP address 188.8.131.52 does not have permissions to submit to this server. Visit http://support.microsoft.com/kb/928123 for more information. (in reply to end of DATA command)>
<outbound2.exchangedefender.com #5.5.0 SMTP; 571 Email from 184.108.40.206 is currently blocked by Verizon Online’s anti-spam system. The email sender or Email Service Provider may visit http://www.verizon.net/whitelist and request removal of the block.>
In the meantime, you can change your outbound smarthost to outbound1.exchangedefender.com if you experience the problems above.
On the funny side: We find it hilarious that Microsoft is linking to their own KB articles in the rejection note for a problem that is caused on their own servers – how about something more helpful like postmaster or delisting contact address or URL! Even more surprising is that Microsoft FrontBridge is running on an open source Postfix mail platform, not a Microsoft one.
We will update you on the delisting process as we get more information. The problem should not impact many senders as 220.127.116.11 is just one of the nodes in our outbound network.
Earlier today we completed the rollout of 450 new servers to the ExchangeDefender family all over our American network. The introduction and initial sync of the new nodes did allow some junk through as well as introduce a slight today (maximum reported 1 hour from one system that nearly immediately went into maintenance mode) but as of roughly 11:30 AM EST all is good.
Additional 600 nodes are planned in our global expansion leading up to ExchangeDefender 4.0 launch. We are also looking at additional data centers on both coasts at the moment scheduled to go live this fall.
Update: 2:24 PM EST: We are happy to report that all the nodes have now converged in the scanning network and the SPAM filtering is back at its usual levels (and to be tightened up even further later tonight). You may have seen an increase in SPAM over the past few hours while the nodes were joining the network and accepting new programming but you should be seeing far less SPAM going forward.
We have several reports from our UK and Ireland customers of the rise in the amount of junk mail passed through ExchangeDefender this morning. Aside from a strain of CNN-forged SPAM we are not seeing any issues in ExchangeDefender nor do our stats show anything out of the ordinary at the moment. We are investigating the situation.
The SPAM regarding CNN is already in the filters and should be stopped going through further. For anything else that may slip through please forward the message with SMTP headers to firstname.lastname@example.org and we will gladly investigate it.
Update: We had a rule update that unfortunately offsite all the other CNN rules and let that junk through. The team is now filtering it through both the pattern search and hyperlink drop on the domains used to get traffic. We are seeing a few other SPAM strains getting more popular today as well (Wall Street Subscription scam, fake MSN alert to download Internet Explorer 7). All of these are now effectively being filtered by ExchangeDefender which undergoes thousands of updates a day but due to the CNN rules that have been changing a lot over the past few days, and in light of the six complaints we got this morning, we felt it was important to update in more detail than usual.
Update 2: We are seeing things under more and more control as we continue to filter out the strains of the three major junk items. As a matter of policy we do not publish our filtering technology or keywords or scores but we are currently tracking the variants of CNN, WSJ, Internet Explorer 7 and a few smaller ones.