Google blocking...again...

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

Google blocking...again...

SH Development
I'm about at my wits end with Google.

A couple of weeks ago, we had a user account get compromised.  About
11,000 spam emails were sent through the account over a 24 hour period
before we caught it and shut it down.

Of course we were on RBL's for a day or so, but all of that cleared up,
we made the appropriate contacts where necessary.

Everything is back to normal now EXCEPT we still cannot send to any
Google servers as we apparently are being blocked due to spam.

We have not altered any of our sending settings, we have met Google's
minimum requirements for email senders in the same way we always have,
but after almost 2 weeks since the incident, we are still blocked.

Of course there is no one to contact, no way to contact anyone anyway.

Any constructive suggestions would be helpful.

Jeff J.
Reply | Threaded
Open this post in threaded view
|

Re: Google blocking...again...

lists@lazygranch.com
How about setting up a relay? Maybe you are blocked by IP.


  Original Message  
From: [hidden email]
Sent: February 1, 2019 2:28 PM
To: [hidden email]
Subject: Google blocking...again...

I'm about at my wits end with Google.

A couple of weeks ago, we had a user account get compromised.  About
11,000 spam emails were sent through the account over a 24 hour period
before we caught it and shut it down.

Of course we were on RBL's for a day or so, but all of that cleared up,
we made the appropriate contacts where necessary.

Everything is back to normal now EXCEPT we still cannot send to any
Google servers as we apparently are being blocked due to spam.

We have not altered any of our sending settings, we have met Google's
minimum requirements for email senders in the same way we always have,
but after almost 2 weeks since the incident, we are still blocked.

Of course there is no one to contact, no way to contact anyone anyway.

Any constructive suggestions would be helpful.

Jeff J.
Reply | Threaded
Open this post in threaded view
|

Re: Google blocking...again...

SH Development
I already know it's blocked by IP.  The bounce message says so.  But
there is no indication anywhere on the internet that our IP is on an
RBL, or that the reputation is bad.  And Google is the only one
blocking.

Jeff J.


On 2019-02-01 17:12, Gary wrote:

> How about setting up a relay? Maybe you are blocked by IP.
>
>
>   Original Message  
> From: [hidden email]
> Sent: February 1, 2019 2:28 PM
> To: [hidden email]
> Subject: Google blocking...again...
>
> I'm about at my wits end with Google.
>
> A couple of weeks ago, we had a user account get compromised.  About
> 11,000 spam emails were sent through the account over a 24 hour period
> before we caught it and shut it down.
>
> Of course we were on RBL's for a day or so, but all of that cleared up,
> we made the appropriate contacts where necessary.
>
> Everything is back to normal now EXCEPT we still cannot send to any
> Google servers as we apparently are being blocked due to spam.
>
> We have not altered any of our sending settings, we have met Google's
> minimum requirements for email senders in the same way we always have,
> but after almost 2 weeks since the incident, we are still blocked.
>
> Of course there is no one to contact, no way to contact anyone anyway.
>
> Any constructive suggestions would be helpful.
>
> Jeff J.
Reply | Threaded
Open this post in threaded view
|

Re: Google blocking...again...

Alice Wonder
Google doesn't have to justify themselves to anyone, the luxury of
monopoly, they can even cold shoulder their own customers.

Unfortunate reality is changing IP may be only solution.

I was on a google blacklist and couldn't get off because unlike other
services, they wanted me to log in into a g-suite account to submit a
support request and I don't have one nor do I want one.

I don't know if I'm still on that list or not, told the user I couldn't
do anything about the block and so they are now no longer my user.

Weird that sending to gmail worked fine, only (some) gsuite users were
blocked. Clueless how to de-list if it happens again without a g-suite
account, they didn't have link like most black lists do. Can't wait
until that company gets split by the DoJ.

On 2/1/19 3:51 PM, [hidden email] wrote:

> I already know it's blocked by IP.  The bounce message says so.  But
> there is no indication anywhere on the internet that our IP is on an
> RBL, or that the reputation is bad.  And Google is the only one blocking.
>
> Jeff J.
>
>
> On 2019-02-01 17:12, Gary wrote:
>> How about setting up a relay? Maybe you are blocked by IP.
>>
>>
>>   Original Message
>> From: [hidden email]
>> Sent: February 1, 2019 2:28 PM
>> To: [hidden email]
>> Subject: Google blocking...again...
>>
>> I'm about at my wits end with Google.
>>
>> A couple of weeks ago, we had a user account get compromised.  About
>> 11,000 spam emails were sent through the account over a 24 hour period
>> before we caught it and shut it down.
>>
>> Of course we were on RBL's for a day or so, but all of that cleared up,
>> we made the appropriate contacts where necessary.
>>
>> Everything is back to normal now EXCEPT we still cannot send to any
>> Google servers as we apparently are being blocked due to spam.
>>
>> We have not altered any of our sending settings, we have met Google's
>> minimum requirements for email senders in the same way we always have,
>> but after almost 2 weeks since the incident, we are still blocked.
>>
>> Of course there is no one to contact, no way to contact anyone anyway.
>>
>> Any constructive suggestions would be helpful.
>>
>> Jeff J.
Reply | Threaded
Open this post in threaded view
|

Re: Google blocking...again...

Philip
Give it some time, and generally if you're on googles feedback loop then
you'll get details of how to unblock.

https://postmaster.google.com/

Philip

On 2/02/2019 1:17 PM, Alice Wonder wrote:

> Google doesn't have to justify themselves to anyone, the luxury of
> monopoly, they can even cold shoulder their own customers.
>
> Unfortunate reality is changing IP may be only solution.
>
> I was on a google blacklist and couldn't get off because unlike other
> services, they wanted me to log in into a g-suite account to submit a
> support request and I don't have one nor do I want one.
>
> I don't know if I'm still on that list or not, told the user I
> couldn't do anything about the block and so they are now no longer my
> user.
>
> Weird that sending to gmail worked fine, only (some) gsuite users were
> blocked. Clueless how to de-list if it happens again without a g-suite
> account, they didn't have link like most black lists do. Can't wait
> until that company gets split by the DoJ.
>
> On 2/1/19 3:51 PM, [hidden email] wrote:
>> I already know it's blocked by IP.  The bounce message says so.  But
>> there is no indication anywhere on the internet that our IP is on an
>> RBL, or that the reputation is bad.  And Google is the only one
>> blocking.
>>
>> Jeff J.
>>
>>
>> On 2019-02-01 17:12, Gary wrote:
>>> How about setting up a relay? Maybe you are blocked by IP.
>>>
>>>
>>>   Original Message
>>> From: [hidden email]
>>> Sent: February 1, 2019 2:28 PM
>>> To: [hidden email]
>>> Subject: Google blocking...again...
>>>
>>> I'm about at my wits end with Google.
>>>
>>> A couple of weeks ago, we had a user account get compromised. About
>>> 11,000 spam emails were sent through the account over a 24 hour period
>>> before we caught it and shut it down.
>>>
>>> Of course we were on RBL's for a day or so, but all of that cleared up,
>>> we made the appropriate contacts where necessary.
>>>
>>> Everything is back to normal now EXCEPT we still cannot send to any
>>> Google servers as we apparently are being blocked due to spam.
>>>
>>> We have not altered any of our sending settings, we have met Google's
>>> minimum requirements for email senders in the same way we always have,
>>> but after almost 2 weeks since the incident, we are still blocked.
>>>
>>> Of course there is no one to contact, no way to contact anyone anyway.
>>>
>>> Any constructive suggestions would be helpful.
>>>
>>> Jeff J.
Reply | Threaded
Open this post in threaded view
|

Re: Google blocking...again...

SH Development
How much time?  It's already been close to 2 weeks.  I AM on Google's
feedback loop, have never received anything from it.  I have verified
the domain with Google, correct reverse DNS, SPF, none of that has
changed.

The postmaster.google.com shows no data about our domain, shows no spam
reports, no reputation problems, nothing.  I have been all over the
postmaster.google.com and there are no details anywhere that would help
resolve the issue because I have already met the requirement they
specify.  The site is worthless.

Something's broken and there's no way to get it fixed or even notify a
real person that something is wrong which is why it is so aggravating.

In the meantime, as a result, I have lost several clients because of
these jokers and I'm sick of it.

I'll play the whack-a-mole game of changing the server's IP address, but
I'm thinking of taking some action on this end, such as delaying
incoming gmail to our server with a response that it's being delayed
because Google is a piss poor net citizen, and that their email will be
delayed from 1 to 72 hours.  I know, small chance of it being seen, but
considering the lack of other alternatives.

At the very least, the end gmail user trying to send to us can open up a
ticket. They seem to pay more attention to end user problems than
service providers.

Jeff J.



On 2019-02-01 20:27, Philip wrote:
> Give it some time, and generally if you're on googles feedback loop
> then you'll get details of how to unblock.
>
> https://postmaster.google.com/
>
> Philip
Reply | Threaded
Open this post in threaded view
|

Re: Google blocking...again...

Daniel L. Miller
On 2/1/2019 9:20 PM, [hidden email] wrote:
How much time?  It's already been close to 2 weeks.  I AM on Google's feedback loop, have never received anything from it.  I have verified the domain with Google, correct reverse DNS, SPF, none of that has changed.


Visit this page and fill it out *completely*.  And do it again daily for a few days.  You also need to have been cleared from most RBLs.

https://support.google.com/mail/contact/msgdelivery

-- 
Daniel
Reply | Threaded
Open this post in threaded view
|

Re: Google blocking...again...

Benny Pedersen-2
Daniel Miller skrev den 2019-02-02 06:32:

would you mind disable html ?
Reply | Threaded
Open this post in threaded view
|

Re: Google blocking...again...

Micah Anderson-2
In reply to this post by SH Development
SH Development <[hidden email]> writes:

> I'm about at my wits end with Google.
>
> A couple of weeks ago, we had a user account get compromised.  About
> 11,000 spam emails were sent through the account over a 24 hour period
> before we caught it and shut it down.

I know it doesn't help your current situation, but I highly suggest you
setup postfwd with some sending limits, so that this does not happen
again in the future.

--
        micah
Reply | Threaded
Open this post in threaded view
|

Re: Google blocking...again...

Ignacio Garcia
In reply to this post by SH Development


El 2/2/19 a las 6:20, [hidden email] escribió:
I'll play the whack-a-mole game of changing the server's IP address, but I'm thinking of taking some action on this end, such as delaying incoming gmail to our server with a response that it's being delayed because Google is a piss poor net citizen, and that their email will be delayed from 1 to 72 hours.  I know, small chance of it being seen, but considering the lack of other alternatives.

At the very least, the end gmail user trying to send to us can open up a ticket. They seem to pay more attention to end user problems than service providers.


Delaying mail coming from google, IMHO, is not going to improve the initial situation, that your emails are not being delivered to google customers. I've been there, I know how you feel. We too thought about doing that (to hotmail in this case), but at the end that would have ended in having lots of customers complaining about not getting incoming emails in time from hotmail.com users.


At the end, we decided to change IPs, have a fresh start, remove one-and-for-all any non-encrypted communication (I've noticed your company still accept passwords on clear channels), and protect yourselves from hijacked accounts. One of the things we do here: most hijacked accounts connect and send emails from different countries. We geolocate successful logins and automatically block accounts if they send emails from more than 4 countries in a 24-hour period. Check this postfwd plugin: https://github.com/Vnet-as/postfwd-anti-geoip-spam-plugin


Good luck!


Ignacio

Reply | Threaded
Open this post in threaded view
|

Re: Google blocking...again...

Scott Lambert
In reply to this post by Micah Anderson-2
On Sat, Feb 02, 2019 at 11:46:35AM -0500, micah anderson wrote:

> SH Development <[hidden email]> writes:
>
> > I'm about at my wits end with Google.
> >
> > A couple of weeks ago, we had a user account get compromised.  About
> > 11,000 spam emails were sent through the account over a 24 hour period
> > before we caught it and shut it down.
>
> I know it doesn't help your current situation, but I highly suggest you
> setup postfwd with some sending limits, so that this does not happen
> again in the future.
>

Seconded.  Setting sending limits, with a process for expanding the
limit for customers who legitimately need expansion, completely stopped
us being added to RBLs at my former employer.  

The customers who needed more messages per hour/day got a lecture
about keeping their passwords safe and an explanation of the financial
penalties we would exact from them should their account get us RBLed.

For us, 100/hour 500/day was a sufficient default for 99.99% of our
users.  We had maybe 25 clients setup with expanded limits five years
after implementing the policy deamon.

We also trolled the log files to count the total number of e-mails
sent per user each day.  We got an emailed report hourly.  We often
identified compromised accounts before they hit the limits when the
spammer was sneaky enough to slow send.  Submitting e-mail from three
continents in an hour is a pretty good indicator of a compromised
account.

PolicyD meant it was okay if we took some time for sleep or missed the
hourly reports for a weekend.

--
Scott Lambert                    KC5MLE                       Unix SysAdmin
[hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Google blocking...again...

CSS-4

> On Feb 2, 2019, at 4:36 PM, Scott Lambert <[hidden email]> wrote:
>
> On Sat, Feb 02, 2019 at 11:46:35AM -0500, micah anderson wrote:
>> SH Development <[hidden email]> writes:
>>
>>> I'm about at my wits end with Google.
>>>
>>> A couple of weeks ago, we had a user account get compromised.  About
>>> 11,000 spam emails were sent through the account over a 24 hour period
>>> before we caught it and shut it down.
>>
>> I know it doesn't help your current situation, but I highly suggest you
>> setup postfwd with some sending limits, so that this does not happen
>> again in the future.
>>
>
> Seconded.  Setting sending limits, with a process for expanding the
> limit for customers who legitimately need expansion, completely stopped
> us being added to RBLs at my former employer.  
>
> The customers who needed more messages per hour/day got a lecture
> about keeping their passwords safe and an explanation of the financial
> penalties we would exact from them should their account get us RBLed.
>
> For us, 100/hour 500/day was a sufficient default for 99.99% of our
> users.  We had maybe 25 clients setup with expanded limits five years
> after implementing the policy deamon.

I was hoping that the rate-limiting was enough, but I found that whatever was spamming through the compromised accounts was intelligent. If we let 100/hour through, they’d ratchet down to 50/hour…

Just a reminder you need a rate limit and a total.

Charles

>
> We also trolled the log files to count the total number of e-mails
> sent per user each day.  We got an emailed report hourly.  We often
> identified compromised accounts before they hit the limits when the
> spammer was sneaky enough to slow send.  Submitting e-mail from three
> continents in an hour is a pretty good indicator of a compromised
> account.
>
> PolicyD meant it was okay if we took some time for sleep or missed the
> hourly reports for a weekend.
>
> --
> Scott Lambert                    KC5MLE                       Unix SysAdmin
> [hidden email]