88.blacklist.zap – can it get any worse?

August 13, 2008 · 26 comments

1 Star2 Stars3 Stars4 Stars5 Stars (15 votes, average: 4.40 out of 5)
Loading...

Well, I just had my first interaction with 88.blacklist.zap informing me that one of my E-mail messages had been blocked because mail from my mail server IP address was banned.  News to me!  Well, first things first.  I already subscribe to one of the best monitoring and management systems around called MxToolbox.  They informed me that they checked 125 known blacklists and that none of my servers or IP addresses are listed.  it seems 88.blacklist.zap stands alone in its efforts, yet provides administrators absolutely no information as to why they are being blacklisted or how to find out when they got listed.  You just have to wait around until you get screwed, like I did.  Then, when business communications come to a halt and things go wrong, all you can do is just sit there hoping that they will work with you to clean it up.  Who knows if they will do it in a few hours, days, weeks or never?  Their response says that if you hear nothing for 24-hours you should assume everything is fine.  Are you kidding?  First you blocked my messages with no advanced warning or administrative notification and then lack of a response is a sign that you are approved to send new messages?  That is beyond ridiculous!  Further reading on the Internet shows that I am not alone in this predicament or my sentiments.

Turns out that this is a Microsoft Exchange Hosted Service and they built this bullshit system internally.  The person taking responsibility for this entire fiasco is Terry Zink.  If you read this blog, you get a sense that this team has strong technical knowledge and understanding of these systems, but their approach to the IT administration community is astonishing.  When asked simple questions, they make it seem like we are asking for far too much.  Things like, “why did I get listed?”, “when did I get listed”, “when will I be delisted?”, “why do I have to keep asking to be delisted?” or “show me a sample of messages that caused your actions”.  They respond that their systems are too busy blocking mail (legitimate mail IMHO) to be able to handle this.  Huh?  They say that they have software reading activity logs and can block an IP address, but it cannot be coded to also send an E-mail to the registered technical administrator for the domain?  A lot of other blacklist sites like SpamCop  have been doing this for years.  This is not news; it’s an expected way of doing business with your peers and the administration community.  They also say that they cannot keep a sample or at least a header of the messages that caused the IP address to be banned.  It’s hard to keep from just screaming, “Liar!” at the top of my lungs.  I believe that they cannot provide the messages because they simply don’t exist.  I am suspicious that they have started by blocking large IP address blocks (like in the old days of blocking anything from UUnet as an example) and will only unblock them upon request.  They will undoubtedly contest this argument, but they are so secretive and unwilling to be open about their system, that they have lost any credibility.  If I am correct, this assumes that everyone is guilty unless proven innocent.  That may work in Canada, but it’s just unacceptable in today’s high-tech world.

And it does not end there.  Take a look at the non-delivery report (NDR) that they send out!  It is not even written in proper English.  What gives with that nonsense?  I’ve seen phishing E-mail scams that have better grammar than that.  It almost looks like SPAM itself for crying out loud.

Here is the NDR that I just received [slightly edited to remove personal information].  I underlined the error — anyone heard of a period?

How did this get by anyone in QA?  I’m sure that anyone who got these messages thought they were a forgery like I did.  That is, until I checked it out.

Reporting-MTA: dns;host.domain.com
Final-Recipient: rfc822;recipient@domain.com
Action: failed
Status: 5.5.0
Diagnostic-Code: smtp;550 Service unavailable; Client host [xxx.xxx.xxx.xxx] blocked using 88.blacklist.zap; Mail From IP Banned To request removal from this list please forward this message to delist@frontbridge.com

OK.  Not bad enough, you say?  Then take a look at their response when this is forwarded to delist@frontbridge.com.  Again, I have underlined the offensive text.

Hello Steve,

Thank you for your delisting request (080813-000544). Your information has been forwarded to our Abuse Team, who will investigate and remove your IP address from our blocklist. If for any reason we are not able to remove your IP address from our blocklist, one of agents will get respond to you. If you do not hear anything from us within 24 hours, you should be able to send email through our network.

Thank you,

Technical Support

There is a growing sentiment that a class action lawsuit needs to be brought up against these morons before the screw up the entire Internet with their junk.  I for one have already stated that I am “all in” on that idea.

This is bad technology and bad business.  Microsoft should dump this technology faster than you can say, “Microsoft Bob”.

Article by Steve Van Domelen

Steve has written 47 awesome articles.

2 Pingbacks/Trackbacks

  • Thanks for the nice write-up. I just can’t understand why people so misunderstand how to proper anti-spam :/
    These bullshit blacklists (that don’t even have a proper way of interacting with them in order to de-list false positives) just put a burden on those of us e-mail solution providers. sigh.

    felix

  • steve

    Dear Felix — I could not agree more. People just refuse to learn that working with your peers and collaboration are the keys to success. I don’t get it. As you said, “sigh”.

  • Pingback: BarracudaCentral - another blacklist black hole | Just A Word (or two) From Steve()

  • John

    Yup, They suck, 3 of my users have had problems in one day from out of nowhere and I have no idea when they’ll “delist” us!?! Most RBL’s make it easy to understand what happened, it’s frightening that such a large company can hijack an essential business service (the internet is built on trust). That 88.blacklist.zap sounds like a virus.

  • Ken

    I just had a new incident with a long time client who installed a barracuda filter just two days ago. now my emails are being bounced due to 99.blacklist.zap from out of the blue. I have lots of other clients with barracuda’s who are not blocking me, because the do not use this RBL. I certainly think we need to expose Microsoft as the tyrantical service that they are, and encourage every IT admin NOT to use their RBL in the filter they deploy, lest they block good mail.

  • Dmitriy

    Ha, it is even better than that. The NDR recommends to:

    Mail From IP Banned To request removal from this list please forward this message to delist@frontbridge.com ##

    So my question to these morons is: How do you expect me to forward this message to you from my IP address if you blocked me to begin with? Silly me i did try for the heck of it and of course I got NDR for NDR. So now what?

  • Milos

    Same here Dimitriy,

    some of our employees are having problems sending mail to a few of quite big clients of the company I work for.

    I have to say, at first I was baffled by the stupidity of the mechanism and even more by the fact that nobody else reported it before you.

    At least now I know I’m not the only one with this problem.

  • Jim

    Echo to Dmitriy’s post, we too had our de-listing request bounced back…

    What a bunch of idiots…

  • Milos

    I had my IP removed from the list by sending the request via e-mail from non-banned IP.

    But this all seems to me like this is an issue to be resolved by the receiver’s sys. admin, rather than sender’s.

  • Stefan Lazarevic

    Just received spam response. I than checked our IP on http://www.mxtoolbox.com/blacklists.aspx against all known blacklist servers, we are ok and that is more than weird!?! I didn’t have any other option but to send request for unlisting…

  • Markus Bisanz

    It seems that this goes on since 2006, and they seem not to have changed anything in their services.
    Maybe the open source community could offer these poor folks at Microsoft (TM) some hints on how to operate such a list, install a webserver, set up a page to get some infos regarding the list, like when was I added, why was I added, and maybe as the icing on the cake a comprehensible method of requesting removal- well I must be daydreaming, poor MS will not be able to afford this.. economic crisis and all that…

  • Andrew

    Here is a kicker I sent the NDR to the e-mail address they had listed in the NDR delist@frontbridge.com and IT GOT KICKED with an NDR. Hows them apples!!! Sh!t how do you get out of that one.
    Also here is another bizzare twist to all of this: Originally I had our mail server fail over to our ISP’s mail server if it had any problems sending directly. This got changed due to another delivery issue with a different client and know the messages are being blocked by frontbridge.
    They problably were for a long time but got around the problem by ending up going throut our ISP’s mail server which for some reason isn’t blacklisted. Go figure.

  • H

    I completely agree with you Steve. Having a blacklist and use it (abuse it) like they do is not how you should do business. The least you should expect them to provide you with is some kind of information of the spam that has been sent from the server.
    But i found a page with somm more info from on xx.blacklist.zap-issues:
    https://messaging.custhelp.com/cgi-bin/messaging.cfg/php/enduser/std_adp.php?p_faqid=102&p_created=115200&p_sid=gOBs-Tuj&p_accessibility=0&p_redirect=&p_lva=&p_sp=cF9zcmNoPTEmcF9zb3J0X2J5PSZwX2dyaWRzb3J0PSZwX3Jvd19jbnQ9MSwxJnBfcHJvZHM9JnBfY2F0cz0wJnBfcHY9JnBfY3Y9JnBfcGFnZT0xJnBfc2VhcmNoX3RleHQ9YmxhY2tsaXN0LnphcA**&p_li=&p_topview=1

  • zihad

    I am facing same problem There was a SMTP communication problem with the recipient’s email server. Please contact your system administrator.
    #5.5.0 smtp;550 Service unavailable; Client host [xxx.xx.xxx.xxx] (there was my ip but i dont want to show my ip) blocked using 88.blacklist.zap; Mail From IP Banned To request removal from this list please forward this message to delist@frontbridge.com> but when i want to sent mail that also bounsed. any one get solution for the same problem? if yes then help me

  • CJ

    My wife’s communications with her clients have come to a near standstill because of this . . . “service.” Please keep everyone posted as to any information regarding a lawsuit. They are, at the very least, hindering interstate commerce.

  • Gomez

    Boo hoo my IP was blocked because it was spamming Frontbridge’s customers!!!!! What else to do but go online and bitch about it?! Surely I wouldn’t consider asking Frontbridge nicely why the IP was blocked… that would require communication, which I am NOT interested in. What we need to do here is combine all of our nerd rage and put it somewhere obscure. Threatening legal action against valid and completely legal business practices also sounds like a good idea.

    • steve

      Gomez,
      You either work for Microsoft/Frontbridge or completely failed to read my post and the comments. Defendable, business-critical, and legitimate mail was being blocked and they were asked numerous times in a professional and courteous manner to defend their position. They were asked to provide documentation and evidence as to why these mail server IP addresses were blocked. They refused to deal directly with the customers and wrote that they will not provide any details whatsoever. They are the ones acting unprofessional by interrupting legitimate business transactions and prohibiting commerce without any provocation or supporting materials. In that regard, Frontbridge are exhibiting non-letigimate business practices and should cease and desist until these serious complaints are addressed.

    • Gomez,
      If you re-read the thead then you will find that this thread invoves the blocking of valid business email without any way to determine the cause. This interrupts valid business transactions between two parties.

      You will also see that attempts were made to nicely contact Frontbridge and determine the cause. Frontbridge would not provide any info to either party in these email transactions. This means that no corrective actions on either side could be taken short of the customer relocating their mail to another hosting system.

      Anyone that runs anti-spam software knows that all anti-span software produces false positives.

      This is why every other blacklisting facility that I’m aware of, other than Frontbridge, provides mechanisms for problem determination and resolution.

      I guess that the post office never delivered your mail to someone else either.

      cheers.

  • Dan

    Interesting – Google brought me here after recent dealings with this “88.blacklist.zap” – Looks to be a similar story although we chose to manage it differently.

    I’m the gateway admin for a global corporation (meaning I have some exposure to blocklists and email gateways) and a few weeks ago we found out that our email’d purchase orders to one of our suppliers (another large global corp), were being blocked by 88.blacklist.zap with the same nondescript and poorly worded responses as above.

    Following protocol, I dropped a note to the delist email addy at delist@frontbridge.com and was promptly advised by return that the IP will not be delisted until the amount of spam coming through it decreases…

    OK…

    I requested a copy of the spam and headers for perusal – this was refused (I was told they were not accessible – what sort of nonsense is this?).

    I advised that the IP in question (blocked by 88.blacklist.zap) was in fact a router IP belonging to our upstream Telco so it couldn’t be directly responsible for sending spam… Unfortunately I then was given the impression the “technician” I was conversing with really had no idea what I was talking about… He simply refused to acknowledge that such a thing was possible.

    OK – enough time wasted – the way we managed this was simple – we advised our supplier we would continue doing business with them if and when they changed their email hosting provider. They now have – problem solved – we spend $ millions with them and aren’t about to continue with this sort of crap.

  • Paul N.

    I’m facing to the same problem because accenture’s consultants are playing with this kind of toys…One more time, we, all, know how accurate are their skills and advices that they provide to their customers in new technologies…
    But I’m more against the principle of blacklists itself and guys who bind to those lists, because it starts like that and will end like Nazi, Cuba…

    Those lists are fully illegal in many countries of civilized areas, because enlisted people have this right to delist, but their managers do not care about that…Specially when they can’t prove any harm from your server to them…I don’t care about some weakness on mine that WOULD create some casualties on third parties servers. My point is I didn’t do anything, any spam to them or one of their customers, so why should I be blacklisted?
    Unfortunately, I have really no time, and it’s their chance, to play with them, because I don’t need a class action against them I’ll do a simple regular lawsuit, that all they desserve. I run for email servers for law offices, then one day it could happen

  • R.J

    Honestly,

    3/4 of the people here have not really dealt with a real black list before… It’s not a hard concept

    1) It is not Microsoft’s responsibility to monitor your mail flow
    2) More people use EHS/FOSE/Exchange Hosted Services via its reseller channels than you probably know.
    3) Spam Can be targeted via exploitable relays patching doesn’t always fix that.

    If you’ve been smart enough to use a search engine to determine 88.blacklist.zap is associated with Microsoft, your smart enough to find their toll free email address. I’ve been listed by them before to, and after working with them and asking for filtering logs… They provided them, and guess what? They were accurate and actually proved that I was spamming despite my claims of not being open relay etc.

    You also have to remember, chances are 88.blacklist.zap has been around longer than you’ve had the IP in use and could have been listed before that time.

    Ultimately.. Mail Logs are your responsibility, and being they process BILLIONS of messages a day, they won’t keep their logs for ever and expecting them to do so is more absurb them pretending you’re mail server or IP was never compromised at any point in its history

    • steve

      RJ,
      Always nice to hear directly from Microsoft (yes, I am also smart enough to track your IP address back to a system owned/operated by Microsoft Corporation). But, I will answer your comments as if they actually came from a real system administrator.

      You have no basis for your assumption that 3/4 of the people here have never dealt with blacklists before. Who are you to judge us? We are not the only people on the Internet with these complaints (I assume you took the time to read the lengthy discussions on planetmike).

      1. You are correct that it is not Microsoft’s responsibility to monitor my mail flow. Matter of fact, I want them to leave it alone. My mail servers were installed and configured by me over 10 years ago. They are fine and never listed by any blacklist until 88.blacklist.zap came around and arbitrarily nuked them as well as some non-mail server IP addresses.

      2. I don’t care about how many people use an inferior system. Just because people bought Corvairs, it didn’t make it a safe car. Poor products that do the wrong thing are just that — poor products. We will continue to point it out.

      3. We all know about exploitable relays. Fact is, that never happened and yes I have the mail logs to prove it. I asked Microsoft to back up their claims and they refused.

      You know all about E-mail and SPAM, but you mentioned a toll free E-mail address! What the heck is that?

      If you received a filter log from Microsoft, then you are the first person on the entire Internet community to ever get one. They have told us time and time again that they do not have logs and cannot and will not provide them for any reason. Perhaps you are more closely related to Microsoft than we are!?

      You’ve got to be kidding about 88.blacklist.zap being around longer than we have and having listed our IP addresses before we got them. That is the dumbest thing I have ever heard, but possibly true given the stupidity of their systems. This would mean that once a system enters their cave it never comes out. No culling of information which means it is 100% unreliable and indefensible.

      Mail logs are our responsibility. That is why we are fighting mad about this. We have the logs that say we are clean, and they are preventing legal businesses from executing E-mail transactions. They have a legal responsibility under U.S. law to document their bahavior just like we do. I can show that no SPAM has left my servers over the entire time that they had them blacklisted. If Microsoft cannot and will not do the same, then they should be shut down until they can comply. We live in the USA, where everyone is assumed innocent until proven guilty. Microsoft has no demonstrable proof, data or information that shows my E-mail server ever delivered a single piece of SPAM. They are violating laws and rights of everyone, including their own customers, from using the Internet for legal commerce purposes. That is just illegal and unethical.

  • Pingback: Frontbridge contact | Seizoenen()

  • Muzahura Frank

    same story here!

  • Radoslav Kozarev

    Same Story IDIOTS !

  • Radoslav Kozarev

    Hightech technology, reading from log file and blocking. Technology from 2030, may be ?

Previous post:

Next post: