I think it's because a lot of spam comes from Asian domains and IP addresses, but more and more ISPs and companies are banning email from addresses in Asia. I now get at least a few of these a day:

: host smtp1.***.com[xx.xx.xx.xx] said: 550
Rejected: No spam wanted here. Your email was deemed to be spam and is not
accepted. Send a message to postmaster@***.com if you feel this
rejection is in error. (in reply to end of DATA command)
Reporting-MTA: dns; 35.145.221.202.bf.2iij.net
X-Postfix-Queue-ID: 8880B67052
X-Postfix-Sender: rfc822; jito.***.com
Arrival-Date: Thu, 2 Aug 2007 17:53:05 +0900 (JST)
I don't know exactly what you guys can do about it, but blocking regions seems a bit blunt and rude. The IP address I'm sending from is a pretty legitimate block of address owned by WIDE.

The reason I suspect that it is an Asian thing is that the usual response from the various "postmasters" is, "oh, it's because the email is from an Asian address."

Is there any way to get my IP address added to some white-list so this doesn't happen or will the physical proximity of my mail server always cause my IP address to be painted with the spam brush?

Although I suppose that's how it feels when blog comments get stuck in my spam queue. The only difference is that I look at those regularly and let them through. These spam rejection notices are basically 86 at the door deals.

21 Comments

Forget email. It's dead.

May be you could use a proxy from an european country or so to send the email.

I often have to from via GMail Web interface to deal with the same issue.

I've heard from many Japanese people that they all reject English or anything undecipherable to them as spam. I wonder it's really practical.

I meant I often have to send from GMail Web interface.

The ironic thing is bouncing emails like that will not stop spammers at all--who would spam using their real email address as the reply-to? Someone has been spoofing my email address and spamming lately so I am getting tons of these bounce messages in my inbox. It's quite frustrating.

When one of my mails bounced back, I called the ISP in Canada and he assured me that the problem was so-net, not Asia, and that the bans only lasted a few hours at a time.

It is less common these days - at least among the larger networks - to block email just because its from Asia.

Several asian ISPs (big brand names, at that) are a few generations behind when it comes to spam filtering though - and few of them if any focus on outbound spam filtering beyond "oh, we do port 25 blocking, that should be enough", if at all they do something.

And you have several countries in asia that have broadband rolled out all over the place, even to random small villages - and a pirated copy of XP is cheaper than a coffee at starbucks. That makes for a lethal combination - huge infestation of viruses, consequent spam, DDoS etc etc.

Add dumb local marketers to that (who havent caught on that grabbing random addresses and emailing them is not a good idea), and a few other things .. it makes sure that a lot of Asian ISPs have a problem.

But the problem is ISP specific, caused by poor policy enforcement, would be the same for that ISP whether they were in asia, europe or wherever.

srs

Spam blacklists usually deny mail by the sender's IP address, usually individual addresses, but sometimes when significant amounts of spam come from a range of IPs at one ISP, and the ISP does nothing to prevent spam, a whole range of IPs will be added to the blacklist. Innocent IPs are sometimes blocked when a range of spammer's IPs are blacklisted. Most blacklists don't ban whole countries, this would be a significant impediment to their usefulness.

Try applying some pressure to your ISP, insist that they take stronger measures to remove spammers who are using their IPs and that they are taking precautions to kill botnets within their IP range.

> - Kenji JJ1BDX @ August 2, 2007 12:13 PM
> I meant I often have to send from GMail Web interface.

Haha; I have the same problem with GMail every now and then! Luckily not too often, but still...

(PS: that captcha project is so great! First time I see it.)

Joi, we don't think it's because it's coming from Asia; here's what our SPAM filter says about your mail:

Aug 1 12:36:23 dm-mail02 amavis[20517]: (20517) SPAM,
-> , Yes, score=14.055 tag=x
tag2=6.31 kill=12 tests=[AWL=-1.332, BAYES_99=3.5,
DKIM_POLICY_SIGNSOME=0.001, HELO_DYNAMIC_IPADDR2=4.395,
HELO_DYNAMIC_SPLIT_IP=3.493, RCVD_NUMERIC_HELO=2.067,
TVD_RCVD_IP=1.931], autolearn=spam, quarantine VXD5x9BRhHFG
(spam-quarantine)

AWL=-1.332
From: address is in the auto white-list
BAYES_99=3.5
Bayesian spam probability is 99 to 100%
DKIM_POLICY_SIGNSOME=0.001
Domain Keys Identified Mail: policy says domain signs some mails
HELO_DYNAMIC_IPADDR2=4.395
Relay HELO'd using suspicious hostname (IP addr 2)
HELO_DYNAMIC_SPLIT_IP=3.493
Relay HELO'd using suspicious hostname (Split IP)
RCVD_NUMERIC_HELO=2.067
Received: contains an IP address used for HELO
TVD_RCVD_IP=1.931
Received =~ /^from\s+(?:\d+[^0-9a-zA-Z\s]){3}\d+[.\s]/

Bottom line: looks like he's sending his mail through a mail server
that's on a dynamic IP, and doesn't know its own hostname. That's where
the majority of the points came from.

You're not the only one who blocked me today, but I'll look into this. Thanks John. I do know that others have told me I was being blocked "because you are Asian".

But... we're not on a dynamic IP and I do have a hostname. It might be some sort of mismatch. I'll try to track it down.

Oh, and I don't have an ISP. I'm on an academic network.

> Reporting-MTA: dns; 35.145.221.202.bf.2iij.net

JPNIC DB says 202.221.145.35 is a part of a fixed-assigned address from a commercial provider (not an academic network, Joi), and the 2iij.net PTR RR result looks like a dynamic IP indeed (whichever it is or not).

I think you need to tell your tech guys to fix your problem, Joi.

to me, this is yet another world wide segregation started happening that caused by sys admins who are lesser educated on world history, humanity and civil rights issues. it is reflecting their views to other countries and other races, I suppose.

when I started exchanging a lot of emails with my friends in Korea last year, I found strange drop off of replies from them. I checked my ISP's email chains and spam boxes and found out one of ISP had set blocking all Korean and Chinese origin emails at the default. the ISP was a Japanese one.

I immediately removed the settings but this event made me upset.

Spam filtering is very easy. Any idiot can do it. Competent spam filtering? Now that's tough.

The problem is that even people who can write sendmail.cf config files from scratch and have done email near on from the arpanet days might not be as good at spam filtering as they think they are.

For anyone who wants to do this, this guy maintains updated databases of Chinese and Korean IP blocks:

http://www.okean.com/asianspamblocks.html

Blocking these two countries cuts out 90 percent of the problem.

Check out this report to see where most spam comes from:

http://www.sophos.com/pressoffice/news/articles/2007/07/dirtydozjul07.html

Interesting to note, the US is still the biggest spam relaying country in the world.

You're missing the point, Bjorn: It's the ratio of useful e-mail to spam that's important in considering whether to block IP ranges. For many in the U.S. there is little downside and a lot of gain in blocking Asian IPs. There may be even greater gain in blocking U.S. IPs, but a massive downside, in that 99.9% of the mail they want to see disappears.

I need to get on a white list. The list that says that even though I live in Asia, I am white just like them, so let my mail through.

P.S., also see http://news.gmane.org/group/gmane.mail.spam.spamassassin.general
Where you will see

From: jm@jmason.org (Justin Mason)
Subject: Re: Bouncing emails from certain countries
jidanni writes:
> http://joi.ito.com/archives/2007/08/02/my_email_not_good_enough_for_you.html
>
> ...it's because the email is from an Asian ...
> .. get my IP address added to some white-list ...
>
> The comment I wanted to add is:
> That's right, tell them to put me on the
> white-(person-yes-just-like-them,-but-living-in-gasp--asia)-list, so let
> my mail through.
>
> However my browser can't handle the high class captcha on the blog, so
> I couldn't reply there.

I mailed Joi directly but never got a reply.

http://joi.ito.com/archives/2007/08/02/my_email_not_good_enough_for_you.html#c377788
sounds like it's more accurate as to the likely cause of most of the
problems... TVD_RCVD_IP=1.931, RCVD_NUMERIC_HELO=2.067,
HELO_DYNAMIC_SPLIT_IP=3.493, HELO_DYNAMIC_IPADDR2=4.395 all add up to a hefty
score.

Leave a comment

About this Archive

This page is an archive of recent entries in the Business and the Economy category.

Books is the previous category.

Computer and Network Risks is the next category.

Find recent content on the main index.

Monthly Archives