Norman SecureMail: Outbound Mail & Real-Time Block List Procedures

Descrizione del problema

Overview

Like other reputable hosted service providers, Norman prohibits its customers from sending unwanted email or spam through our servers. Norman holds such messages in quarantine, and the senders are alerted that they have violated company policy. In many cases, these violations are innocent mistakes by inexperienced users. On occasion, however, we find that the customer’s computer(s) have been exploited and have become part of a spammer’s botnet. In these instances, we require the customer to clean and secure the device before sending mail through our Norman SecureMail servers.

Proactive Monitoring of Client Mail

Outbound mail is subject to many of the same technical security tests as inbound messages. In addition, our team members keep watch on the servers and pay close attention to outgoing mail volume. This alerts us to unusual activity that might indicate a spam campaign is underway.

Real-Time Block Lists

Norman and other major email hosting services – Microsoft, AOL, Google and Yahoo, for example – all maintain real-time block lists. These lists ensure that mail from domains and URLs that are known to send spam is blocked before it reaches a customer’s network. Each has its own criteria for placement on the list as well as procedures for being removed from it. Some even notify the sender that he or she has been blocked. In addition, there are numerous smaller block lists that are available for free online. The quality of such lists varies and the criteria for inclusion can be somewhat arbitrary. Because there are so many of these services in use, it is difficult for our team to monitor them with the same frequency as the major provider lists. Also, most don’t offer any notification, so the first indication we have often comes from a customer whose mail has been blocked.

Steps to Restore Service

In all cases, if we find that a customer domain or URL has been blacklisted, we take the following actions:

  • We determine which RBL is blocking the mail and why. Different RBLs offer different degrees of transparency, so the time this takes can vary.
  • If spam messages triggered the block, we alert the customer so they can adjust their sending procedures accordingly or clean and secure their devices, depending on whether or not the action was intentional.
  • Once we have isolated the problem and notified the customer, we approach the RBL provider either directly or online and follow their procedures for having the URL or domain de-listed.

Some RBLs require no action on our part, but instead remove the block after a certain amount of time has passed with no additional spam attempts. Others require a simple request or an explanation of the issue. Among the less reputable RBLs, there are some that ask for payment before removing a sender. Norman does not pay for removal. In those cases, we refer the matter to the sender and recommend working it out with the recipient who is using this type of service.

Summary

Norman's goal is to ensure that all of our customers enjoy smooth, trouble-free service. We take proactive steps to ensure their mail is sent and received without issue, and when it is interrupted we take the necessary actions to correct the situation as swiftly as possible. Where this involves third parties, we reach out to them and follow their procedures for restoring mail flow.

Soluzione del problema

If you are in a situation where you suspect that mail are being blocked due to a RBL, please contact your local Norman support department and supply the following information about at least one of the blocked mails:

  • Sender
  • Receiver
  • Subject
  • Time when the mail was sent

Based on this we will search through our server logs to investigate why the mail has been stopped, and then confirm wheter it is caused by a RBL or not.



Data di pubblicazione:: 2014.03.25   Data di aggiornamento: 2014.03.25