Once in a while Stanford's email gateways get placed on an Internet spam blacklist. When this happens, email sent from Stanford mail servers gets delayed or bounced back to its sender, even when the message is perfectly legitimate (non-spam) email.
Why does this happen? Can Stanford do anything about it?
This document explains the problem, describes what University IT does to attempt to avoid this problem and describes things you can do if your mail is being delayed or rejected due to blacklisting.
Stanford and email blacklists
- Why do Stanford's email gateways (such as smtp.stanford.edu) get placed on a spam blacklist?
- This most commonly happens following successful phishing attacks: Spammers forge messages pretending to be from system administrators asking users to disclose their password; when users fall for this the spammers then use their accounts to send large quantities of spam through Webmail or other systems on campus. Other commons causes include misconfigured email servers that spammers can use to funnel their messages through to our central gateways, and virus-infected systems.
- What does Stanford do in response to these blacklists?
- We do a number of things as a normal course of business to attempt to avoid this issue. Detailing all of the various approaches here would not be advisable because spammers could use this information to help them thwart our efforts. Generically, we run several tools internally to detect and deal with spam before it leaves our network and we act on reports of abuse sent to us from the larger Email Service Providers (ESPs). When accounts have been compromised we disable them and work with the user to set a new password. Where possible we've worked with ESPs to get whitelisted or have a higher threshold set before our servers are blacklisted.
- Despite these efforts we will inevitably be blacklisted from time to time. The standard practice by most ESPs and organizations that maintain these blacklists is to automatically remove servers from their lists after a period of time. We have automatic monitoring of our smtp servers' status with several of the major ESPs that you can review to verify if you believe we are being blocked by one of these providers.
- In some rare cases some direct contact with the ESP or blacklisting organization may be necessary, however, we will only pursue this in the case of a major ESP blocking us and if that block has lasted for more than two days.
- If you need assistance with such a situation please submit a Help ticket.
- What can I do?
- You can always attempt to contact the administrators of the system to which you were trying to send email. Usually, however, it's better to contact the actual person to whom you were trying to send mail (through other means, such as telephone) and urge this person to contact their system administrator. This works better because system administrators listen to their own users better than they listen to strangers. In either case, make sure the system administrators understand that your legitimate email was rejected by their system. Ask them not to reject mail based on third-party blacklists. Alternately, you can ask them to whitelist any email coming from a Stanford email server. Towards this end, you may also want to direct that administrator to:
- which explains the SpamCop blacklist and includes, among other things, the following note:
- The SCBL aims to stop most spam while not blocking wanted e-mail. This is a difficult task. It is not possible for any blocking tool to avoid blocking wanted mail entirely. Given the power of the SCBL, SpamCop encourages use of the SCBL in concert with an actively maintained whitelist of wanted e-mail senders. SpamCop encourages SCBL users to tag and divert e-mail, rather than block it outright. Most SCBL users consider the amount of unwanted e-mail successfully filtered to make the risks and additional efforts worthwhile.
- Hotmail/MSN Issues and Advisory
- Stanford has had mail blocked by Hotmail/MSN far more than any other major ESP. We've seen these blocks last for inexplicably long periods of time and had no success going through their normal support channels to have these blocks alleviated in a timely manner. We've gone to unusual lengths to escalate this issue through our Microsoft support representative but unfortunately that has not resulted in any appreciable improvement in the situation. Since we feel like we have no recourse to improve the situation we make the following recommendations to the Stanford Community:
- If you have a need to forward your mail to an external account we recommend you select an ESP other than Hotmail/MSN. When they are blocking mail from us this will prevent you from receiving your forwarded copy.
- If you are trying to correspond to a Hotmail/MSN user while we are being blocked you may wish to send them ail through an external address or to ask them for an alternative address you can send to.