Thursday, June 29. 2006
We are now enabling Sender Policy Framework (SPF) checking for email destined to our members' mail forwarding or backup smtp spooling domains.
If the SPF validation equates to hardfail for a domain with SPF validation enabled, our mail servers will reject the inbound message, all other outcomes will be prepended into an additional SPF-Received: header in the message and processed normally. Members can then add additional filters keying on this header in their mail clients or downstream MTAs.
This feature is currently in beta , if you wish to be a beta tester for SPF checks, please contact support and ask to have your beta user settings activated.
For more background on Sender Policy Framework (SPF) and how it can reduce email forgery, see our SPF tutorial and the SPF homepage
Tuesday, June 27. 2006
Mail forwarding speeds are returning to normal, we will continue to add additional servers to the mail pool this week and are preparing to roll out additional antispam mitigation systems. More details to follow.
It is with regret that we have come to the following conclusion, but here it is: Offsite backup SMTP spoolers and backup mail exchangers have become worse than useless
The problem is spam and the software that delivers it exploiting the weak authentication schemes inherent in the SMTP protocol itself. It used to be an annoyance, then it became a concern, it is now an epidemic and has resulted in the death of the offsite backup MX handler.
What happens is this: spammers try "dictionary attacks" on target domain names, trying to deliver email messages at random usernames at the target domain. The primary mailserver knows which usernames are valid and rejects the rest. The offsite backup MX spooler doesn't know what usernames are valid and what are junk, so it just forwards everything it receives for a domain it is spooling for to the primary MX handler.
Spammers and other malicious parties know this, so they may not even bother trying the primary MX at all, they'll just throw everything at the backup mail spooler which dutifully forwards it all (or tries to) to the primary. It is a dead-easy method of launching a Denial-Of-Service attack as well.
So it is with a heavy heart we have to admit that any utility of having an offsite backup MX handler is in most cases far outweighed by the advantages it hands to spammers and other miscreants.
The good news is this: without a backup mail spooler defined for your domain, originating mail servers simply queue the mail locally for a later retry. So owing to the design of the SMTP protocol, you do not really lose any redundancy when you remove a backup MX spooler from your DNS settings. But you probably cut down on the amount of spam your domain receives through the back door that is the backup MX spooler.
We are currently experiencing longer-than-normal mail delays due to an increase of emails with non-existant destination email addresses. This is increasing the amount of email that our mailservers have to process, and increasing the delays in processing legitimate email.
We are taking steps to address this issue, but at this time, there is unfortunately not an ETA available."
Monday, June 26. 2006
We have cut the GST from 7% to 6% 5 days in advance of the official change date.
All invoices containing a GST charge generated from 11:30AM on Monday June 26th, 2006, will reflect the 1% cut in GST.
Enjoy.
Tuesday, June 20. 2006
XE.com is a site I was using for years every time I needed to do a quick currency conversion before I realized they were a member. Nice easy and quick interface which allows me to quickly see the direction of the market across all the major currencies. They also provide data feeds via XML and CSV.
They are currently ranked 546 on Alexa
Monday, June 19. 2006
I'm always doing whois lookups all day long for various reasons. Today the concept of "usability" struct me as I was previewing YASBS (Yet Another Social Bookmarking Site) and on a whim (many of the whois lookups I conduct are, in fact, whimsical) I looked up usable.ca and got that warm fuzzy feeling I experience when I look up a seemingly random domain name and see those easyDNS nameservers scrolling past my screen "Aha!" I think to myself "...another customer :)" and then I go check out their website and what they're all about.
So the subject of our inaugural installment of "Who Uses easyDNS" is Usable Interactive Development, a web design and custom applications firm here in Toronto with some clients I recognize like Young and Rubicam, i|money and Grocery Gateway (another easyDNS DNS hosting customer)
This was an idea we had back at the beginning, a kind of take off on "whois" to show "Who Uses" easyDNS. Only problem at the time was: we didn't have any customers yet.
So with regular frequency, a lot of high-end, relevant, fun or otherwise interesting websites that use us as a registrar or more often, as a DNS hosting provider, come to my attention. We'll start highlighting some of them here.
Friday, June 16. 2006
We have found it necessary to turn on SPF checking for the hotmail.com on the smtp2 (backup MX) pool after a massive dictionary attack on a customer domain using forged hotmail.com addresses got us blackholed at hotmail's servers. This meant we were not able to send over legitimate hotmail.com mail from the smtp2 pool.
Now most hotmail.com destinations from here are used in mail forwarding, not backup spooling, so nobody really noticed. But that said, microsoft mail admins made it clear to us in no uncertain terms, this is our problem, not theirs and we're facing more connectivity issues with them if it happens again.
This left us few options (and paying Microsoft to forward their mail to them was not high on the list of solutions for us) , which left us with SPF. Hotmail.com publishes SPF data and we are now checking all mail that claims to come from hotmail.com against this data on the smtp2 pool and refusing mail that doesn't match.
Due to an overwhelming amount of spam our customers are receiving, there may be longer-than-normal delays in the forwarding of email for those with domains that use easyDNS' mailservers for email forwarding. This does not mean that you will lose email destined for external email accounts as listed within your mailmaps, rather, there will be an unfortunate delay before it is relayed on to the destination mailserver.
We are aware of the issue and are actively working to resolve this as soon as possible, however, at this time, an ETA is not available. Please understand that this is a slowdown brought about by a recent surge in spam emails, and not an indication of regular easyDNS performance.
We apologise for any inconvenience.
Tuesday, June 13. 2006
It has come to our attention that Hotmail is blocking email being relayed from "smtp2.easydns.com". This should not affect overall email forwarding performance, as the use of "smtp2.easydns.com" should be one of backup, with "smtp.easydns.com" as a primary MX record for all email handled by easyDNS for our customers.
However, we are actively communicating with the systems personnel at Hotmail, and hope to have the block placed upon "smtp2.easydns.com" removed as soon as possible. At this time, "smtp.easydns.com" is able to successfully relay email to Hotmail.
For further information, please contact "support@easydns.com".
The previous issue of Earthlink's mailservers rejecting email that was being forwarded from easyDNS' mailservers has been resolved.
At this time, all our mailservers are able to successfully relay email over to the mailservers within Earthlink's mailserver pool. However, normal anti-spam filtering on their end does apply.
We apologise for the inconvenience previously experienced, and ask that if anyone continues to have troubles with email forwarding to Earthlink accounts from easyDNS mailservers, please contact "support@easydns.com".
|
