2024/05/10

From HypertWiki
Revision as of 19:17, 10 May 2024 by Woozle (talk | contribs)
Jump to navigation Jump to search
Friday, May 10, 2024 (#131)
Woozle's journal
Thursday Friday Saturday
Exact day: category (1) This month: category (0) / page
Other years: [[:category:dates/e'/ [|category]] (0) This year: category (1) / page

Two days ago (May 8), I noticed that Gmail is now outright blocking my emails. 

<woozalia@gmail.com>: host gmail-smtp-in.l.google.com[172.253.115.27] said:
   550-5.7.1 [68.183.140.54      18] Gmail has detected that this message is
   likely 550-5.7.1 suspicious due to the very low reputation of the sending
   IP address. 550-5.7.1 To best protect our users from spam, the message has
   been blocked. 550-5.7.1 For more information, go to 550 5.7.1
   https://support.google.com/mail/answer/188131

I was rather frightfully put out by this, having already spent many hours/days configuring SPF and DKIM and I don't know what else in order to prevent being spamcanned -- and the message seemed to suggest that there was no remedy or appeals process.

It had been working fine as recently as May 5, so whatever changed was obviously very recent.

cloud1 (which uses the blocked IP address) first spun up on 2020/10/21.

Long story short:

  • Actually, no, it happened in August of 2020 -- definitely not sometime between May 5 and May 8, not recent, and in fact over a month before I started using that IP address.
  • There are 3 IP blocklists which might be causing this. I've managed to get off two of them; the third involves more effort and possibly some money.

Long Story Not Short

Upon following the "more information" link, I found information which suggested that Gmail was blocking me because I'd ended up on a blocklist somehow, and that this had happened because I was running an open SMTP relay on that server (which is something you just don't do, in this era, because spammers will abuse it).

finding the problem

The first thing I did was check MX Toolbox to make sure I hadn't inadvertently opened a relay (or that my system had been hacked and one had been installed) -- nope, all good: 2024-05-10.screen.02.png

Next thing was to see if I could find out what blocklists I'm on, and hopefully why. 2024-05-10.screen.01.png

Note that this list goes on for about 3-4x that long, and all the rest are green/OK.

getting de-listed

The next step, then, is how to appeal these listings -- given that they're all based on an incident which happened before I was assigned that IP address, and which was in fact over 3 years ago.

SORBS seemed to be telling me that I basically can't right now because they're dealing with a DDoS attack... except that "Re-testing is currently ENABLED", so...?

2024-05-10.screen.03.png

I was able to create an account and at that point it seemed willing to let me start into the de-listing process -- at which point I first found out just how far back they were reaching:

2024-05-10.screen.04.png

In any case, I was able to request a de-listing -- which succeeded, and somehow ended me up at Spamhaus, so maybe that "can't do it now [yes we can]" warning was about something else?

2024-05-10.screen.05.png

'writing still in progress

  • 2024-05-10.screen.06.png
  • 2024-05-10.screen.07.png
  • 2024-05-10.screen.08.png
  • 2024-05-10.screen.09.png
  • 2024-05-10.screen.10.png
  • 2024-05-10.screen.11.png
  • 2024-05-10.screen.12.png
wiki file: https://hypertwins.org/mw/index.php?title=2024/05/10&oldid=25270