"505Turbeaux" (505turbeaux)
03/17/2015 at 09:19 • Filed to: None
0
10|
"505Turbeaux" (505turbeaux)
03/17/2015 at 09:19 • Filed to: None | 0
| 10 |
I am not an IT professional, but I have a client who is totally in the dark (car dealer, somewhat related) and I know my way around. They called me yesterday with an issue with their email. Their ISP called in to inform them they are blacklisted from sending email because Google and AOL blackballed them for spam. I am privy to alot of the outbound commercial emails that go out from that IP and they are legit, opted in, and have an unsubscribe link that is active. I am figuring somebody was looking at too much porn and they have a zombie in there. We are talking maybe 10 computers total, dont know if they have a firewall and server in house. They called me because it has to do with computers - ugh. What am I looking for here, what steps should I take to at least get them able to send outbound emails again before I go to Google, AOL and a few other spam lists for a delisting?
Thank you Oppo, Alfa for your time
RamblinRover Luxury-Yacht
> 505Turbeaux
03/17/2015 at 09:25 |
|
I wonder if you can get a report from Google on the spam content. If the business is small, it wouldnt' take that many spam reports to put them in the junk bin - a higher percentage of the total being a smaller number. Such a report also might cover some aspects of what the vulnerability is - a zombie or just a server being used as a proxy or the like. I'm not an IT guy, so take that with a grain of salt.
Mattbob
> 505Turbeaux
03/17/2015 at 09:26 |
|
They need to hire an IT person for that job. Ugh, I used to deal with that shit at my fraternity. When I did it there, I got a packet sniffer so I could see all the traffic. Once I identified the culprit I put down hammer, and disconnected them till their computer was fixed.
|
505Turbeaux
> RamblinRover Luxury-Yacht
03/17/2015 at 09:28 |
|
getting anything from google - even as a google partner - beyond analytics is like pulling teeth out of an elephant. I tried yesterday and just got confirmation they are blackballed and that is it. I dont care much about the AOL report, you can look at them sideways and they flag you. I am just a little perturbed their ISP shut down all outbound email traffic over it
itschrome
> 505Turbeaux
03/17/2015 at 09:28 |
|
What makes them think they are black listed? Are they receiving and STMP errors on bounce back of their sent emails? have they confirmed their emails don't just go to spam? there a big difference between getting black listed and being tagged as spam. either way in each case contacting google can help clear things up.
https://mail.google.com/support/bin/re…
|
505Turbeaux
> Mattbob
03/17/2015 at 09:29 |
|
yeah, I hear you. I am just doing them a solid because usual IT guy is on vacation.
|
505Turbeaux
> itschrome
03/17/2015 at 09:31 |
|
I want to be sure they aren't still sending out zombie emails before bringing it up to google. It is their ISP that put the ban hammer down on them from outbound traffic, and I did confirm G, AOL and SORBS have them blacklisted
jariten1781
> 505Turbeaux
03/17/2015 at 09:35 |
|
I didn't deal with it directly, but our company got blacklisted for a day or two on something called 'SpamHaus'. It was a huge PITA, because someone else on the IP had been spamming so SpamHaus blocked the whole XXX.XXX.XXX.0-255 range and our IP took their word as gold and shut down our SMTP port. It think there were two IT guys on the phones full time for two solid days until that got sorted.
|
505Turbeaux
> jariten1781
03/17/2015 at 09:37 |
|
yeah the dealerships question was: "can I just get a new IP address"
hahaha yeah right, they flagged and done until it gets sorted
Confused Miata
> 505Turbeaux
03/17/2015 at 11:30 |
|
I'm just a nerd but I would look through their email accounts to see if it's just one person's or multiple that are sending this out. I would then try to narrow down which computer(s) are infected. You could use a packet sniffer or if it's one persons account and they have their own computer... Once you know which one it is, run a virus scan or do a clean OS install if that's a possibility for them.
If they have a wireless network and all email accounts and computers appear clean someone could be piggybacking and there are simple ways to get rid of that.
|
505Turbeaux
> Confused Miata
03/17/2015 at 11:40 |
|
yeah I am going to do a sniff because I assume I know who might be clicking on something nefarious between 3-4 computers, I think it is a total of 10 in the building, and I hope I know it isnt one of the F and I computers. Thanks!