Part 1: How your Exchange server can get blacklisted |
 |
By Brien Posey
20 Apr 2006 | SearchExchange.com |
|
|
If your Exchange Server is configured to act as an open relay, it means that spammers can pass spam through your mail server in route to its final destination. All spam that passes through your mail server will appear to recipients to have come from your domain. If this happens to your Exchange server, you'll sure to get blacklisted.
Your mail server can also become blacklisted either at the IP address level or at the domain level through the use of spoofing. Spammers need to keep their identity concealed, so they make up e-mail addresses every time they send out spam. If you've ever gotten a spam that appears to be from yourself, you know what I am talking about. Spammers will often spoof an e-mail's IP address as well, in an effort to prevent their own IP addresses from being blacklisted.
Most antispam blacklists flag IP addresses rather than individual e-mail addresses or entire domains, but having an e-mail address or domain blacklisted is not unheard of. People who use e-mail accounts from lesser-known domain names are most at risk for domain-level blacklisting associated with spoofing.
For example, AOL is spoofed all the time, but nobody is going to blacklist the entire AOL domain name even though a lot of spam appears to come from there. On the other hand, a lesser-known company might not get spoofed as often, but would be more likely to be blacklisted if their identity is spoofed, because fewer people know that the domain is associated with a legitimate business and not a spam factory.
An IP address is typically blacklisted either because it is associated with a server that is acting as a mail relay, or because a spammer is spoofing the IP address. It is also common for spammers to use Trojans to take control of an unsuspecting victim's PC (similar to the way that spyware works). These Trojans allow the spammer to send spam directly from the victim's PC without the victim's knowledge. However, it's the IP address of the infected PC that ends up getting blacklisted.
There is one last scenario I know of that could potentially get you blacklisted. Although it's rare, I have seen documented cases of disgruntled employees actually modifying a spam message from another source, and reporting that it came from the company they want to take revenge against. Thankfully, many blacklists ignore isolated reports, so these one-off false reports aren't usually effective enough to land you on a blacklist -- it typically takes at least two reports to get blacklisted.
TUTORIAL: HOW TO PROTECT EXCHANGE SERVER FROM SPAM BLACKLISTS
 Home: Introduction
Part 1: How your Exchange server can get blacklisted
Part 2: How to keep your Exchange server off spam blacklists
Part 3: How to remove your Exchange server from spam blacklists
Part 4: Related links on spam prevention and management
| ABOUT THE AUTHOR: |
|
Brien M. Posey, MCSE
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Exchange Server, and has previously received Microsoft's MVP award for Windows Server and Internet Information Server (IIS). Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at http://www.brienposey.com. |
|
|
|
|
|
