Cloudmark De-Listing

Discussion in 'Mail Chat' started by DaMadHatter, Apr 22, 2011.

  1. DaMadHatter

    DaMadHatter Active Member

    Joined:
    Mar 1, 2011
    Messages:
    720
    Likes Received:
    51
    Trophy Points:
    28
    Location:
    In the Void
    Who's having success with it? :itsme:
     
  2. DKPMO

    DKPMO VIP

    Joined:
    Mar 31, 2011
    Messages:
    1,452
    Likes Received:
    68
    Trophy Points:
    48
    Location:
    Elaborate Underground Base
    Couldn't you just request delisting if you are a new owner of a range?

    A more interesting question is how to avoid getting listed to begin with. Do they go by traps? Complaints? Content triggers?
     
  3. DaMadHatter

    DaMadHatter Active Member

    Joined:
    Mar 1, 2011
    Messages:
    720
    Likes Received:
    51
    Trophy Points:
    28
    Location:
    In the Void
    Yes.

    An interesting thing happened for a client recently. We requested a de-listing, and they initially said yes. Then they contacted us a day later and said they looked at the domains and rDNS and then refused. They said that they would de-list the ranges once that client was gone and after a period of time should the range show no abuse/spam.

    In this case, apparently the rDNS from the client and his domains looked spammy so that set off a flag. However, at the ISP level they will remove a range as long as you are the new owner and do not have something like happened in this particular case.

    As for what had gotten this guy Cloudmarked in the first place, we are not 100%. However, based on what we had saw for behavior. It would appear when he first was testing his range, he did not submit rDNS, and have it properly set up. Apparently if you try and mail with no rDNS you can Cloudmark your range immediately. This particular client does not do the Yahoo/AOL/Hotmail. He is just doing Cox/SBC.
     
  4. DKPMO

    DKPMO VIP

    Joined:
    Mar 31, 2011
    Messages:
    1,452
    Likes Received:
    68
    Trophy Points:
    48
    Location:
    Elaborate Underground Base
    Hmmm... No rDNS seems like a very obvious way to flag yourself...

    What have you seen could get ranges Cloudmarked without rookie mistakes, like no rDNS? What was this client's "spammy rDNS pattern" once some rDNS was put in place?
     
  5. DaMadHatter

    DaMadHatter Active Member

    Joined:
    Mar 1, 2011
    Messages:
    720
    Likes Received:
    51
    Trophy Points:
    28
    Location:
    In the Void
    Agreed. Doing a 'test mailing' without proper, non-spammy, rDNS set up is a good way to burn your ranges up coming out of the bard door.

    I would have to look back at some other examples where we have seen it happen. It is very rare, at least that we have seen, where people get CloudMarked like that and it is 99% of the time a user's error. When they do, it is typically no rDNS, or really shitty and spammy looking. Oddly, we've seen this happen with more established guys as well as noobs. I guess they simply 'forget' or are in a rush.

    Cloudmark otherwise is fairly understanding, and will clear a range upon request.
     
  6. DKPMO

    DKPMO VIP

    Joined:
    Mar 31, 2011
    Messages:
    1,452
    Likes Received:
    68
    Trophy Points:
    48
    Location:
    Elaborate Underground Base
    Here are specific things I am curious about those "spammy rDNS patterns" that got cloudmarked:

    1) Number of IPs sharing the same second-level domain (1, 5, 10, 20 or 100 ballpark)
    2) Subdomain patterns (gibberish names; use of numerals; words like 'host', 'mail', 'mx' or 'smtp'; same rDNS repeated; no forward A record)
    3) Gibberish or .info second level domain, lack of a website on those domains/subdomains

    I am also wondering if Cloudmark scans/listings are fully automated or they have an investigator review every case, like at Spamhaus.
     
  7. DaMadHatter

    DaMadHatter Active Member

    Joined:
    Mar 1, 2011
    Messages:
    720
    Likes Received:
    51
    Trophy Points:
    28
    Location:
    In the Void
    1. The last client I saw this with had a /22 across four different ISP ranges.
    2. They were very spammy, and repetitive, yes.
    3. They were also the classic gibberish.info type of stuff. That is also correct.

    Nope. They also do not (to my knowledge) have 'investigators' pro-actively looking for ranges or doing the scans. They are automated however. They also tend to knock out a whole /24 or larger ranges. Not just the /27.
     
  8. DKPMO

    DKPMO VIP

    Joined:
    Mar 31, 2011
    Messages:
    1,452
    Likes Received:
    68
    Trophy Points:
    48
    Location:
    Elaborate Underground Base
    Using the same spammy-looking rDNS domain for /22 seems a little crazy. But if it is just an automated scan it is not that hard to beat if you are careful to not create an obvious pattern.
     
  9. DaMadHatter

    DaMadHatter Active Member

    Joined:
    Mar 1, 2011
    Messages:
    720
    Likes Received:
    51
    Trophy Points:
    28
    Location:
    In the Void
    1. Well, in this chappy's case, he started mailing before rDNS was set up. That got him Cloudmarked round 1.
    2. He then had to get new ranges, and put up spammy rDNS and domains across the /22, and 3 of 4 again CM'd for round 2.
    3. We contacted CM to clear the ranges, and they saw his rDNS and domains, and said no dice. We must clear the range(s) of him.
     
  10. emailjedi

    emailjedi VIP

    Joined:
    Apr 26, 2011
    Messages:
    138
    Likes Received:
    7
    Trophy Points:
    18
    Location:
    The Outer Rim
    cloudmark insights

    Cloudmark has a pretty huge footprint in terms of inbox control.

    They are used by a # of big cable ISPs including Cox and Comcast. Hotmail references their #s as well.

    They are fairly easy to get delisted. Here is what they like to see:

    1. you tell them that you will be mailing to ENGAGED users only (openers and clickers) = and of course you gotta do it.

    2. you not ask for delisting on a regular basis (and never try to automate delisting requests - trust me).

    3. you build a relationship with them and let them know that you understand where they are coming from and you want to work with them (helps me with MANY antis and rbls and 3rd party filtering services).

    As to how do you get on their list?

    Here is a direct quote taken from an email direct to me:


    Cloudmark's reputation database is based on user feedback from the Cloudmark
    community as well as honeypot/spamtrap hits. Once we stop seeing spam reports
    about, and spamtrap hits from, an IP, its reputation can improve.

    Yes, its kinda canned but it gives you an insight into that.

    They have spam filtering software (Free) that is HUGE on Thunderbird and OE. If recipients hit block it goes into their algorithm and counts as a complaint against you and they do NOT provide an FBL.

    Hope this helps,

    Jedi
     
    Last edited: Apr 30, 2011
  11. roundabout

    roundabout VIP

    Joined:
    Feb 17, 2011
    Messages:
    2,713
    Likes Received:
    154
    Trophy Points:
    63
    Source:
    http://blog.exacttarget.com/blog/al-iverson/espc-call-cloudmark-and-bestworst-practices

    My two cents: Cloudmark will be around way after the other RBL sites go under. They aren't militant, they're strong but fair, and they are gaining more support and respect every year.
     

Share This Page