BianchiDude

Well-Known Member
PartnerNOC
Jul 2, 2005
619
0
166
All my servers are blacklisted by Backscatter, not because of spam, but because it looks like i have "Use callouts to verify senders" checked in WHM.

And now it appears backscatters wants some rediculous amount of money to get off their blacklist.

http://www.backscatterer.org/

Is anyone else getting blocked by backscatterer?

Should I pay the money everytime they block one of my servers?

:confused:
 

sarhosting

Well-Known Member
Oct 1, 2007
171
2
68
United States
cPanel Access Level
Root Administrator
Twitter
Personally id email them first:-

Or check SpamHaus, this is the one we always use and trust, also you could think about getting SPF records setup and Maybe some reverse DNS. These all help towards spam and being black listed.

It does happen, even the world's larget ISP's get it, unfortunatly, this is the shared platform for you, if one user sends out a maillist, this can be classed as spam aswell.

You could also limit the amount of emails sent per domain oper hour.

I hope this helps.
 

mctDarren

Well-Known Member
Jan 6, 2004
666
4
168
New Jersey
cPanel Access Level
Root Administrator
Interesting site. I would tend to agree to their reasons. But paying to be de-listed is crazy. Were it me, I would not pay... sorry you find yourself in that situation.
 

jpetersen

Well-Known Member
Dec 31, 2006
113
4
168
Wow, it's like the second coming of SORBS (an RBL that requires payment for delisting). Never, ever pay anyone for removal. Instead, educate people on why certain RBLs/DNSBLs are good and why others aren't (e.g., extortion). In the end, it's the folks that actually use these twisted lists that suffer from the issues. They don't have to use them. Perhaps they would like to pay for your removal :D
 

isputra

Well-Known Member
May 3, 2003
575
0
166
Mbelitar
The funniest this is their ip also get listed in the past. Here is the result when i put their website ip on their test ip tool :

-------------------------------------------------------
Testresult for 217.23.49.208:

This IP IS CURRENTLY NOT LISTED in our Database.

B U T, it was listed in the past !


History:
2007/07/11 22:05 listed
2007/08/03 03:00 delisted 2 Impacts were seen while it was listed.
-----------------------------------------------------------

:D
 

sehh

Well-Known Member
Feb 11, 2006
579
5
168
Europe
Ignore them!

UCEPROTECT is a known scam by some german guys who ask for money to get you delisted from their block lists. For example, their uceprotect-leve-3 block list lists whole data centers, blocking thousands of innocent servers.

don't worry about being listed, since their block lists are not used by anyone sane.
 

MaraBlue

Well-Known Member
May 3, 2005
334
2
168
Carmichael, CA
cPanel Access Level
Root Administrator
The funniest this is their ip also get listed in the past. Here is the result when i put their website ip on their test ip tool :

-------------------------------------------------------
Testresult for 217.23.49.208:

This IP IS CURRENTLY NOT LISTED in our Database.

B U T, it was listed in the past !


History:
2007/07/11 22:05 listed
2007/08/03 03:00 delisted 2 Impacts were seen while it was listed.
-----------------------------------------------------------

:D
LOL! Funniest thing I've read all day :)
 

Website Rob

Well-Known Member
Mar 23, 2002
1,504
1
318
Alberta, Canada
cPanel Access Level
Root Administrator
Their logic fails by its own reasoning.

http://www.backscatterer.org/?target=sendercallouts

We will explain why we consider sender callouts abusive.

RFC821 knows the command VRFY for testing an emailaddress exists.
Due to spammers were abusing the VRFY command for dictionary attacks, most administrators have chosen to disable VRFY.
If an administrator has disabled VRFY then it is his policy to not allow testing for email addresses.
You are an abuser if you connect to his system and try to break or circumvent that policy by going up to RCPT TO for testing an email address exists.

Sender callouts are a selfish and broken technique abusing other systems to prevent you get spoofed emails.
So, because some Admins have chosen to disable VRFY, because of Spammers, those of us who chose to verify where an eMail comes -- as being real or not because of Spammers -- are somehow abusing their choice to not verify? Maybe we should install Chirpy's dictionary attack prevention script for those Admins because they don't seem smart enough to do something similar themselves.


We don’t think you will find it so cool when you get e.g. 200,000 connection attempts per minute from other abusive servers worldwide, which are "ONLY" probing your email address to see if it is deliverable or not ...
Why, in God's name, would any Server receive 200,000 requests for one eMail address. And any Server sending out that range of eMails, in one go, is probably sending Spam anyway.


I think I'll block 'backscatterer.org' for violating "my" policy. And charging them a 6 figure amount for removal sounds about right. ;)


This is just another example of somebody treating the symptom, not the cause. Although Sender Callouts may not be the best method, working on better methods to stop/block Spammers would be a better use of their time. But then, it would involve more work then they want to put into it and they are probably looking for an easy way to make money; charging people to get their IPs removed from their "so called" Blacklist.
 

SageBrian

Well-Known Member
Jun 1, 2002
416
2
318
NY/CT (US)
cPanel Access Level
Root Administrator
Their logic fails by its own reasoning.


So, because some Admins have chosen to disable VRFY, because of Spammers, those of us who chose to verify where an eMail comes -- as being real or not because of Spammers -- are somehow abusing their choice to not verify? Maybe we should install Chirpy's dictionary attack prevention script for those Admins because they don't seem smart enough to do something similar themselves.
They seem to be trying to profit by exploiting differing opinions, choosing a side, marking the other side as bad, and charging to unlist them. Interesting.

I understand their one supposed claim that VRFY might increase backscatter, and increase overall processing on other servers. However, what of the increased processing of the actual, full, bounced back mail to a non-existent address?

If my server doesn't accept a message because it can't verify, the only processing was me calling out to alleged sender, and that server say yes/no. However, if I accept the message with the non-verified address, and then bounce it back to such address, I have used more processing on my end, and if I can't deliver the bounce to the 'fake sender' server, my server will attempt to deliver it for a few days.

So, instead of a single "hey, is this your email?" process, we would have a multiple "hey, I can't deliver this, take it back", "hey, anyone there? you sent this to us and I just wanted to let you know their mailbox is full", "hello? you tried to send this message, and I've been trying to return it to you as undeliverable for a couple days now. everything ok on your end? I'll try again tomorrow."

So, which is the backscatter and waste of server processing?