Make sure your static IP’s don’t come with baggage!

Thinking about getting a static IP for your small business (or over-the-top home network)? Then you may first want to see if the IP’s your ISP is offering come with any baggage. I recently had the pleasure of helping one of my clients rid his shiny new IP’s of blacklists. If you are unfamiliar, a wise IT admin once said, “…blacklists make email not work”.

He was referring to the fact that once an IP has been tagged as a source of spam, your popularity on email server blacklists will soon follow. There are quite a few good (and not so good) websites that offer RBLs or Real Time Block Lists for exchange servers. You will usually see small and mid-size companies that have one or two exchange servers use these free lists. Bigger corporations and even ISPs use their own form of blacklisting, but trust me, they all work the same. If your IP is on a blacklist it makes it nearly impossible to send email to most domains these days. The only way to erase the damage from the previous owner is to beg for forgiveness.

Is my IP associated with a block list?
Here is how to check: go to this site and enter your IP address. You will be given a list of well known RBL providers and green or red light indicating your squeaky clean, or muddy past.
If all is well on this site the biggest part is over. You may still be receiving NDR’s from other domains though. You will need to deal directly with those domains to correct the problem. Usually a link to an online application for removal will be provided in the NDR. If a link is not provided you will need to contact the webmaster or IT admin on record. All domains are required to have such records, so you can check a WhoIs database.

Doing a little research before your purchase can save you a lot of time and headache later. If you do get blacklisted, follow the above steps to help yourself get back on track.

Help Fight Spam in Exchange 2003

Spam is a difficult animal to tame, so any product that can help fight it will certainly be regarded by network admins, even more so if it is FREE!

In Exchange service pack two Microsoft integrated an Intelligent Message Filter or IMF. You can use IMF and IMF tools to set thresholds on SPAM Emails. IMF also includes a builtin way to dynamically check Realtime Block Lists (RBL’s). RBL’s are pretty self-explainatory, they are dynamically updated lists that provide domain names and IP addresses of SPAMing sources. Two organizations that are known for keeping great RBL’s are spamcop.net and spamhaus.org. Both of these site even provide up-to-date stats on the world of SPAMing.

In order to use RBL’s from spamcop and spamhaus, follow these steps:

1. Go into your Exchange 2003 System Manager.

2. Go to the Global Settings -> Message Delivery

3. Right click on Message Delivery and select “Properties” from the drop down menu

4. Go to the “Connection Filtering” tab.

5. Click on the “Add” button.

6. For “Display Name” you can add whatever you like, but usually the name of the RBL server is what you want to put in there.

7. For “DNS Suffix of Provider” you will want to put the url to the server - for example the one for Spamhaus is zen.spamhaus.org

8. If you think you want a custom error message, then fill out that field with whatever you want it to be.

9. Finally click OK and the RBL will be assigned to IMF.

As you can see on that main screen there is the ability to have a global accept and deny list with IP addresses, as well as an exception list - this is where you can whitelist/blacklist people in if you like.

After you are done adding your RBLs, click on OK for the main menu and then you will likely get a popup reminding you that you need to activate these rules.

Just like that popup says, you need to activate them - so if this is your first time setting up a connection filter, then go into the System Manager -> Administrative Groups -> and then to the server that you want to activate this on.

Once in the section for your server, then go to Protocols -> SMTP -> Default SMTP Virtual Sever and then right click on that and select “Properties” from the menu that comes up.

1. Under the General tab, click on “Advanced”.

2. Select the port 25 identity and click on the “Edit” button.

3. Check the “Apply Connection Filter” and then select OK all the way out until you are back at the System Manager.

4. Watch you SPAM messages typically get cut in half!

The two filter manager URL’s we used are as follows:
Spamhaus: zen.spamhaus.org
SpamCop: bl.spamcop.net