Another Advantage of Feedback Loops
A blog entry at Word To The Wise talks about a new exploit discovered in the IronPort A60 series:
IronPort Open Relay Vulnerability
Systems Affected
IronPort A60 running software version 2.5.4-005. According to IronPort, later devices and software versions using the same filtering mechanisms are vulnerable.Overview
In recent weeks, one or more rogue spammers have been using misconfigured IronPort A60s as open relays to send unsolicited emails for AOL users via open relay. It is important for IronPort device administrators to review their configuration to shore up any vulnerability to this web server exploit.Diagnosis
A seemingly minor configuration mistake made years ago internally has been exploited over the last several weeks to send out massive amounts of unsolicited email to AOL users. The spam mail originated from an outside zombie server, apparently infected with remote mailing viruses (such as BackDoor.Servu.76) according to the IT contact at IP 66.139.77.16. <ESP> has a filter specifically designed to deliver email over IP ranges set for AOL only. However, it was listed before a filter designed to log and discard bounced emails coming in through the Internet-facing of the IronPort appliance.Impact
We have received 6,500 customer complaints so far through the AOL feedback loop. As the IronPort devices are black boxes, we are unable to determine how many unsolicited emails were delivered across them. It is difficult to ascertain whether or not the rogue spammer(s) knew only AOL addresses were delivered using this exploit. It is important to note that only AOL addresses were delivered in our specific case due to the order of the filters.Solution
The solution was simple: move the filter designed to log and drop bounce messages coming in from the Internet to the top of the filter list so it will run first, as other filters may direct the IronPort device to deliver the emails through this vulnerability.Authors: Jake Lanza, Baigh Auvigne, Daniel Fox
Word to the Wise rightly points out that this shows a great side-benefit of FBL emails: when watched closely they can indicate that you are operating as an open relay, allowing third parties to send mail through your server. If not corrected quickly this can lead to blocking and blacklisting.
FBL, or FeedBack Loop emails are sent by certain ISPs to registered senders allowing the senders to know when users click the ‘This is Spam’ button, allowing senders to remove those users from their mailing lists and also gain insight into how their subscriber base responds to their mailings.
While FBL emails provide no improvement to deliverability as far as reputation and filtering are concerned, they are invaluable in helping shape future mailings and maintaining list hygiene.
The following ISPs provide feedback loops, any legitimate sender would want to sign up for as many as possible:
There’s a good article on FBLs at http://www.clickz.com/showPage.html?page=3623337