Tuesday, August 24, 2010

Something about YSmtp - Update

A while ago we posted an entry regarding YSmtp and apparently quite a few people visited this blog by searching "YSmtp service".

First of all, if you are a spammer, please leave immediately as the methods described here will not help you a single bit. We are sure you have better things to do hence please do not waste your time here. Second, if you are sending bulk emails to YSmtp, please read carefully what they told you (http://help.yahoo.com/l/us/yahoo/mail/postmaster/basics/postmaster-02.html) and contact them via mail-abuse-bulk@cc.yahoo-inc.com for assistance. Third, if you have not applied DKIM and DomainKeys on your clients' domain, go ahead and do them now. Forth, if your mail server is in US, sorry the tips below may not help.

So if you are not a spammer, not sending bulk emails to YSmtp, have applied DKIM and DomainKeys on the hosted domains, there are two workarounds that you may want to explore:

Option 1 - Pass the emails to your ISP
It is known that YSmtp whitelisted some government backed ISPs in various countries, and emails sent from these servers are guaranteed to be delivered. Now, using your ISP as a delivery proxy does come with a price - as most if not all of these SMTP servers require authentication before sending, your identity is revealed to the recipients and the email header will definitely appear funny.

For example, you are authenticated as someone@myoneandonlyisp.com, but the FROM address would be your client's email address (such as sometwo@donothackmyserver.com). Note that this option will fail if the SMTP server verifies the FROM address, i.e. authenticated email must be the same as FROM address.

With this method, the delivery path will look like this:
Client (Sender) -- Your SMTP Server -- ISP SMTP Server -- Recipient

Option 2 - Pass the emails to your VPS in US
We have not tested VPS in other parts of the world, however passing emails to a server located in US does help to improve the delivery rate dramatically. This is especially true for cases which the email is "big" (read the other entry for the definition of "big").

There isn't a need to get expensive VPS just for the purpose of this email proxy. Check the offers posted on LowEndBox and choose one that you are comfortable with. Any VPS with 128MB of RAM is more than sufficient in doing the job efficiently. Do make sure that the IP that the VPS provider allocated is not listed in any of the common blacklists (use RobTex to check).

The delivery path will be something like:
Client (Sender) -- Your SMTP Server -- Your VPS in US -- Recipient

And one last note, while email delivery is one aspect of the entire issue, emails landed in Spam folder is another, which by itself needs a separate post.

Wednesday, August 18, 2010

Hello World!

We have been pretty quiet recently.

In fact, we spent some time over the last two weeks digging into our mail logs, extracting IP addresses, locating their origins, checking and validating their behaviours, and prepare a report for our internal use.

Now we present you one of the pie charts from the report.

Top 15 Helos

Now, the funny part is, other than a few countries that we know we have business with, there are somehow tons of SMTP helos coming from all over the world. If you are looking for numbers, it is actually 21764 unique IP addresses from 168 countries.

Out of all traffics coming into the server, there are some obvious illegitimate sources (58.94%) such as Egypt, Nigeria, Ukraine, Kazakhstan, and etc. Helos originated from these sources are trying extremely hard in spoofing, requesting for relay, or acting funny in some ways (such as guessing password with brute force). It is fun to see all of their miserable attempts failed miserably.

So, what are we going to do with these script kiddies? Well, nothing at all. We do however, encourage that instead of trying hard to fail, they should really be joining some charity associations and spend their time there, which is far more meaningful.


* Data was collected on two 7-day periods, i.e. 18/Jul - 24/Jul and 01/Aug - 07/Aug.