New mail server policy


#1

I had a problem a few days ago, all my domains can’t send email, all shows an error message that my IP is listed in xbl.dnsbl, so it is blocked.

I know that dreamhost’s intention were the best, but as I told the support team, it is a terrible decision. It is a problem of ISP, they should care about the use of their publics IP, trying to block all spam originate by bad customers… now, with this decision of dreamhost, this problem has been passed to the customer… we have to enter the link and remove the randomly IP that ISP give us from SpamHaus blacklist or enter to Webmail (which has a awful and impractical interface) to send an email…

If dreamhost wants to increase the security to avoid spam, they should implant policies that not affect the customer service!


#2

Did support tell you were this new policy is posted?

I’ve had email problems on and off all week. I agree that it’s dreamhosts responsibility to provide us with working email, and to police customers that want to use it to generate spam.

I know many (including dreamhost itself) take the position that you should convert your domains mail to gmail, but for a variety of reasons I’m not interested in doing that. Additionally it wouldn’t really solve all problems, since some email is generated by the webserver.


#3

This part is the answer from support were “explain” his new policy:


We recently made a change to our mail server policy. All emails that try to send through DreamHost’s servers must not come from a computer or server with an IP address on the SpamHaus blacklist…


I don’t want to change to gmail either. I’m paying for dreamhost hosting that includes mail services, but this actions make me very unhappy!


#4

Actually that’s saying they are now using SpamHaus blacklist, now my question (the way that’s worded) is if any of dreamhost’s webservers are on that blacklist. Otherwise what they have told you shouldn’t be a problem, in fact it should be a good thing.


#5

The thing here is that the customer doesn’t know who and how used before the public IP that your ISP assigned it to you, maybe some spammer used it and now the problem is yours, so you have to call your ISP to solve the problem or access to the link and request remove from its blacklist (if they have a little knowledge of IT, if not, it is a nightmare to them)…


#6

I don’t think that’s how Spamhaus’s RBL works. This page explains it: http://www.spamhaus.org/whitepapers/dnsbl_function/


#7

At the begining I thought that… But I tested sending an email from a PC and the automatic reply error message was this:


**@**com en 28/06/2012 09:47 a.m.
Error del servidor: ‘554 5.7.1 Service unavailable; Client host [x.x.x.x] blocked using xbl.dnsbl; http://www.spamhaus.org/query/bl?ip=x.x.x.x


Where x.x.x.x belonged to the DSL modem from the customer who has the problem in this moment. So I contacted support from dreamhost and they told me about this new mail server policy…

This is part of the final answer from dreamhost support:


I understand that you cannot pick your IP address, you must use the one randomly assigned you. You can speak with your ISP about the IP address being on the blacklist. You can use webmail to send emails in the meantime…


Plop!


#8

I have this same issue. I’ve been talking to dreamhost’s support about this “new policy change” which completely blocks me from sending email through their SMTP server! They don’t seem to understand that an authenticated, secure connection which dreamhost’s SMTP server uses, is already secure.

This means, if you use a desktop client (Outlook, Mail.app, Evolution, …) if you get on a wifi at a coffee shop, and it’s IP has been blocked by spamhaus (which is very likely), you won’t be able to send email through your dreamhost account anymore!


#9

Yes… That’s the ugly true… Also in spamhaus recommend smtp authenticated… which DreamHost already has… a really shame…


#10

I have tracked the problem to Dreamhost using the CBL in an unauthorized manner (preventing authenticated accounts from accessing SMTP when on a blacklisted IP); excerpts from the terms and conditions of the CBL:

“Thus, by applying the CBL to your relay server for outbound email, you will be impacting legitimate email sent properly.”

“In the first case (outbound email traverses the Internet to get to your relay), you MUST NOT apply the CBL to connections that do SMTP authentication (or some other technique that proves that the SMTP connection is from your customer). These will often be the NATs for wireless POPs or airport lounges or hotels. Because of this a roaming user (or us) is relatively unlikely to be able to contact the right people to get the listing fixed properly. So the user will just be very frustrated (and mad at both you and us).”

“In concrete terms: you should offer authenticated inbound email access on port 25 or port 587 (or some other port), and you MUST ignore CBL listings of connections that have authenticated. If you only allow authenticated connections on port 587 (or other non-port 25 port), you do not need to implement CBL checking on it at all.”

and finally,
“If, inspite of 3, 4, 5 or 6 above you still want to use the CBL in an unsupported fashion (eg: block blog, web, IRC access, block on full received line traverse, derive other blocking heuristics, or block MSA submissions), you must take full responsibility yourself for the decision.
This means that you must remove all mention of the CBL (or Spamhaus) from any error messages or communications the user may see, and direct all support questions to your own support infrastructure.”

For full terms, see #6 and #7 at http://cbl.abuseat.org/tandc.html

Tech support has been amazing evasive, but let drop that there had been certain “recent policy changes”. After tracking down that they are using CBL in an unauthorized manner, I made a separate request 33 hours ago, but still no reply to that. Within the next 24 hours (unless DH relents) I’m moving out of this place.


#11

Thanks for that… I also will send an email to tech support with that info… It is obvious that they are using CBL in unauthorized manner!

Please, keep us posted of dreamhost answer…


#12

My users are fed up with the email problems (it’s weeks already) and using webmail is not an acceptable alternative.
In the short term either I must move (checking out hostgator and justhost) or use a supplementary SMTP service (like SMTP2Go)

however, apart from losing our business, I think dreamhost deserves to be punished for knowingly choosing to implement a feature that impacts legitimate customers.
anyone willing to organize a class-action suit against dreamhost? (I’m not based in the US, so I can’t do it myself)


#13

I’m not living in US too. I sent an email to dreamhost with CBL unauthorized use, but up to now they haven’t answered me.

Also, their webmail is down since yesterday, so right now there isn’t any way to send an email!!!


#14

This is even worse.

DreamHost’s mail servers are being actively listed in spamhaus’ SBL so, nevermind if you are using a perfectly “clean” IP address, if you send THROUGH Dreamhost’s SMTP servers your message will be bounced by ANY server using zen.spamhaus.org (see http://www.spamhaus.org/sbl/query/SBL146500).

The fact that webmail messages don’t bounce is because they’re on a different network (208.113.200.0/24) from the one that SBL is now listing (208.97.187.0/24)