Iomfats email issues

[Chris James]

I don't know how many of you read at the It's Only Me from Across the Sea (IOMFATS) website, but their system of emails is down...and may be out for a while.

The reason is explained on their forums but damned if I can understand the cause, except for one thing, it seems to be spreading to other places.

Perhaps one of you computer literate people can go read the forum explanation and reply here. Is this anything we have to worry about?

Since they have my name and email address, as I'm sure they have some of you, will this backtrack here? I certainly hope not, I don't need to lose my email and we don't need to see the site damaged in any way.

[Cole Parker]

Scary!

C

[Nick Deverill]

Basically their server has been listed as in a group where a few addresses are spamming, by Spamhaus. One does not have control of the numerical address, so Timmy can't just change it and restore service.

Yahoo buy their services and thus blacklisted IOMFATs emails. And Yahoo do emails for other people so the banning reaches further than you'd think.

There is no security implications of this.

[Chris James]

So basically, if we were in the real world and not on the internet, Iomfats has been defamed by accident. In the real world they could sue for defamation of character and claim a loss of business revenue in a court of law. We know that won't happen. Perhaps a plea to Anonymous to hack into the Spamhaus IP and take them down forever.

I have always fantasized about having the power to reach out on the internet and blow up someone's server, destroying the office building or home in which it sits. Muwhaaaa, that would be loads of fun.

[Nick Deverill]

The domain is fine, but the email IP is in a group of good guys and bad guys.

Quote from Spamhaus web page when I put the IP address of the emails in (only took two minutes to track and query it).

As a precaution we are listing this range in an SBL Advisory until we are able to determine with certainty exactly who is operating these domains/hosts/servers and also verify the opt-in permission status and origin of whatever lists are used for those mailings.

So really they've covered themselves, the fact that some operators are treating range as wholly naughty is not down to Spamhaus. I imagine they don't respond to an individual saying they never sent spam in the first place.

[Hoskins]

This is a very simplified explanation, but:

An email server is assigned an IP address. They look like 198.345.234.123 or somesuch.

You can have many email domain names assigned to the same server (which is a physical machine, with a network cable attached to a network). So the server itself has one IP address.

When spammers (using their own domain names) send emails out, they all come from the same IP address. If many servers are run by the same hosting provider - which is very common - the hosting provider will buy a block of IP addresses, so 198.345.234.123 may be part of a block of 200 addresses, all assigned to servers in the same physical location as the IOMFATS server.

That's what's been blocked by Spamhaus - the address of the server, regardless of what domains are on it, because it's in one of these blocks.

When Timmy sends emails to the iomfats list, he's sending them FROM his computer, THROUGH the server, and out to the people on the list. The actual email addresses that make up the email list are not stored on the server, they're stored on Timmy's PC. The only way the spammers could get the email addresses would be to sniff out the traffic going through the server, which is Not Allowed by many service providers, and would be a major security breach. That has not happened here, according to the forum posts.

I won't go into how IOMFATS gets their server whitelisted, since it sounds like Spamhaus will be doing some of the whitelisting for the affected servers.

Just know that your email address has most likely not been compromised. Your account information at IOMFATS has not been compromised.

I work with Spamhaus a fair bit when I configure email servers for my customers. They're a decent organization doing a good thing by blocking spammers. They do that when someone reports an IP address as a spam source, by adding the IP address to a blacklist. They don't go any further than that, until they investigate the source to see if they really are spammers, and they do that through watching, and aren't intrusive at all. They don't have any access to the emails that are being sent out, and they don't have any access to account data.

So yeah, it's a pain for Timmy and the gang but it's not a security issue. Just annoying.

[colinian]

Many other providers are finding their client's email accounts are being similarly blacklisted.

Colin