Proofpoint blacklist

Proofpoint keep blacklisting every new MiaB that send email to icloud domains, is there anyone who got the same issue on this update?

How do you determine this? It seems very specific.
Proofpoint has a Faq and an Ipcheck page to help you. I gather these are good starting point to get unblocked.

I’ve recently had mails bounced by a server that uses proofpoint. Suffice it to say, I now consider proofpoint to be a bad actor. The reasoning for this opinion is as follows.

  1. I’ve been operating MIAB on the same Digital Ocean IP address for a long time. (Since the Ubuntu 22 migration, so at least a year.) My server is clean and most definitely not a source of spam (I’m the only person who uses it). If they are specifically blocking my IP address on the basis of spam that predates this, they could avoid doing so by means of a simple aging algorithm.
  2. It’s very obvious that my IP is in a range assigned to a public cloud provider. If they are blacklisting entire IP ranges, this is plainly not appropriate.
  3. When reporting a false positive to Proofpoint, their website makes it clear that they wil prioritise fixing false positives for IP addresses belonging to their own customers. So they are causing a problem, and then selling the solution to their customers as a service, leaving other victims to continue suffering the problem.
  4. MIAB comes loaded for bear when it comes to anti-spam measures. Surely a valid DKIM header etc, etc, etc ought to be enough to allow them to automatically determine that it isn’t spam. Why make people have to go through a whole rigmarole?

For what it’s worth, I also reported this to Digital Ocean, and their response was meh. If you don’t like it, don’t run a mail server… or some such.

1 Like

@DominicCronin I agree with you. I saved a message from a Spamhaus delisting chat in which the support person admits they are blacklisting entire ranges since the introduction of the stricter antispam policy. It seems this is triggered by Google and they Spamhaus, just replicate the rule on the entire range. Google blocks all my messages via IPV4 and this could have been triggered by just 3 spam reports or by my bad neighbor (the real spammer) in my IP range. They do not provide mitigation and they are not disclosing for how long an IP (or a range) will remain blocked. I am fully DKIM DMARC SPF aligned. It seems there is no point in reporting a spammer in ones IP range because cloud providers think that we should not be running our own SMTP servers in the first place.

Honestly your issue is digital ocean. I was hosting there and they are the largest source of spam on the internet. Lots and Lots of bad actors.

I’ve decided to host myself (servers on prem and business class ISP) which is expensive but haven’t had one issue.

I was using Vultr and I can report that things went pretty smooth with them too, you will need to create an account there and wait several months before they will allow you to own port 25 by providing them a very well thought out business case.

I think that is actually better then what digital ocean was just allowing everything under the sun and then they basically were blocked by most “big tech” for spam – but honestly they were sending spam – lots of bad actors there.

Let me guess they sent you this article? Why You May Not Want To Run Your Own Mail Server | DigitalOcean

Been there done that, and good riddance to DO

I don’t see Digital Ocean as the problem, although I do think they would do well to be actively involved in seeing to it that spam blacklists don’t block entire ranges. They are entirely correct to follow the principles of net neutrality. Proofpoint, on the other hand, are ignoring net neutrality, and blocking entire ranges in the full knowledge that individual IPs are in the hands of distinct players. As I said, they are creating a problem and then charging their customers for the solution, while denying the solution to others.

Yes - DO did send me to that article. Honestly, it’s a reasonable article for many people who are considering running their own mail server. I only run my own mail server because I’m stubborn.

1 Like

I am on Oracle and they are much more reputable than Digital Ocean. You have to agree that you will not use port 25 for unsolicited mail. And yet they are not discontinuing the service to spammers. Honestly I checked their ranges and they own approx. 350 K IPV4 addresess. Talos Intelligence reports only 7 IPs in their global ranges as heavy spammers. Why would they allow 7 spammers to ruin the reputation of all the rest, that is the question?

I do hope Digital Ocean will remove spammers for breaching their TOS, but that’s not the point. If a blacklister marks out entire IP ranges as tainted, knowing they are on a public cloud, then it’s the blacklister who’s wrong. Yes - it’s a shame Digital Ocean aren’t willing to invest resources in tackling the blacklisters, but it’s still not their fault. Blacklisting my IP is effectively slander, and an unfair restraint on my activities. Unfortunately - going after blacklisters who make money from this is beyond an individual.

You are completely right. I hope someone gets them to court for restricted access based on some AI filtering rules which don’t make sense. I hope they end up like Apple in the EU paying 1.8 billion for unfair competition.

Anyupdates on Proofpoint? My DO MAIB server is having real problems. The problem is a lot of my gov clients use proofpoint as an email for business and now with upgrades to a new DO larger server cannot get around the Proofpoint system.