Software View

I recently encountered an irritating problem – in fact for the second time. My IP address received from the service provider is blacklisted at Spamhaus. Effect? I send legitimate emails to my clients, they don't receive them. Neither do I receive any warning.

Sri Lanka Telecom (SLT)

When I encountered this problem for the first time couple of months ago, I was a broadband (ADSL) subscriber of Sri Lanka Telecom. The ADSL modem receives a real IP address, but is dynamic (changes from time to time). One day, I barely noticed that I was not receiving expected responses for the mails. Just for curiosity, I sent test mails to some of my other email accounts and the mails were not received with no sign of warning. Upon further investigating, I realized that the receiving mail servers were consulting some spam blacklists and the dynamic/real IP address assigned to me by the service provider had been listed. Apparently, someone previously who had used the IP address had sent a lot of spam mails. It got listed. And when I am assigned the same IP address, my mails won't reach the recipients! I guess many of the IP addresses of Sri Lanka Telecom's ADSL IP address pool would be in such lists. Poor subscribers who receive such IP addresses!

Mobitel

This time, I am using a wireless (HSDPA) modem and a service subscriber of Mobitel. The device receives private IP addresses. A network address translation (NAT) happens in between the broadband wireless network and the Internet. Hence, emails of all the wireless subscribers appear to generate from this NAT server IP address by other servers in the Internet. Now the problem is that the NAT server's IP address is blacklisted. Hence, emails from all the wireless broadband subscribers will end up in nowhere if the receiving mail servers consult the blacklists – which apparently happens in the real world, I experienced it.

LankaCom too?

Here is some evidence:

The image above shows the email headers at a receiving end (successfully delivered email because this receiving server was probably not consulting the blacklist). It indicates the NAT server IP address is 116.12.88.21. The other IP address (10.201.77.77) is the private IP address of my HSDPA modem. A reverse DNS lookup suggested that the NAT server apparently belongs to LankaCom, another service provider in Sri Lanka.

The image above shows what I see if I query Spamhaus. The IP address is listed! This time, it's listed in CBL.

Poor all the wireless broadband subscribers (including me)!

Solution?

What can be done to prevent this? I don't see an easy way out. The issue with SLT at least is not as catastrophic as with Mobitel.

SLT will have to constantly monitor the network for spam indications and temporarily suspend the accounts of spamming ADSL users (users may sometimes not know that they are part of spamming since their machines may have been infected with viruses, etc without their knowledge). A better option is only to suspend SMTP outgoing traffic only from that subscriber leaving the subscriber access the Web.

Furthermore, it would be a good practice to regularly check the ADSL IP address pool for possible inclusions in blacklists like Spamhaus or PSBL. If found listed, take the particular IP addresses away from the pool until SLT requests and gets the problematic IP addresses delisted (delisting typically takes hours).  Otherwise, even the innocent will have to suffer.

Mobitel issue is a difficult matter since all subscribers are channeled through possibly one NAT server. Some of the remedies that come to my mind:

1. Use multiple NAT servers, constantly monitor blacklists for possible inclusion. If a NAT server gets listed, remove it from service and request to delist. In the mean time, similar to the SLT case, figuring out which subscriber caused this problem and temporarily suspending the account would be good. Again, only suspending SMTP outgoing traffic from the particular subscriber would be the better solution.
2. Issue real IP addresses to the subscribers (I don't know how feasible this is since real IP addresses are not in abundance) and follow a similar strategy suggested for SLT.

LankaCom should addopt a similar mechanism. However, I see that it's just Mobitel that has a partnership with LankaCom. So the solution should be mutually built - I guess.

In any case, there should probably be a mechanism for the subscribers to get notifications about such suspension of services (full or partial, partial is better) and request for reactivation (may be through a web portal).

Due to spammers, even sending legitimate mails is a problem!