What causes Spamhaus CSS listings?

Discussion in 'Noob Central' started by roundabout, Sep 27, 2012.

  1. roundabout

    roundabout VIP

    Joined:
    Feb 17, 2011
    Messages:
    2,713
    Likes Received:
    154
    Trophy Points:
    63
    What causes Spamhaus CSS listings

    Today’s Wednesday Question comes from Zaib F.

    I’ll preface this by saying I don’t know what the specific Spamhaus criteria are for listing on the CSS. I do know the overall goal of the CSS list is to catch snowshoeing. I also know some general things about how Spamhaus works. Spamhaus has access to lots of different email feeds that they use as data sources for their various lists. I believe that Spamhaus feeds are built around email addresses that are kept private. I do not believe Spamhaus uses those addresses to sign up for mail, nor do they ask or encourage other people to add those addresses to lists. Spamhaus has access to other types of data like BGP feeds and tools to organize and visualize the data.

    Snowshoeing is where the sender uses a large number of IP addresses to send mail to avoid reputation based filtering. There isn’t a specific line between responsible mailing and snowshoeing. But it’s usually clear when a range is being used for snowshoeing.

    Snowshoe spam isn’t just about a single email (or a few emails) being received. It’s about a pattern of identical emails coming from a range of IP addresses. It’s about rotating domains in the From: line with the same email content. It’s about random domains that don’t relate to the sender, or the ESP or the brand. It’s domains hiding behind proxy services. It’s mail that is clearly from the same templating engine, selling very different products. It’s rotating reverse DNS. It’s a lot of little things, none of which are problematic by themselves but put together indicate that the IP range might just be infested with spammers.

    The direct answer to your question is: Yes I think spamtraps play a role in CSS listings. I think that mail sent to addresses that didn’t request the mail will trigger investigations. But it’s not the trap hit, or the mail to a person, that causes a CSS listing, though. A spamtrap hit is neither necessary nor sufficient for a CSS listing. It’s the technical characteristics and the behaviour that causes a range to be listed on the CSS list.

    I’ll also point out that some of the ISPs also have CSS like detectors and they will block, defer or otherwise deal with mail from ranges that they think are sending snowshoe spam.

    Source:
    http://blog.wordtothewise.com/
     
  2. mrlucky123

    mrlucky123 Member

    Joined:
    May 4, 2012
    Messages:
    182
    Likes Received:
    7
    Trophy Points:
    18
    another thing I want to add is, if you want to avoid CSS, you need to clear the spool before continue sending the next drop, this may trigger css as well.
     
  3. noobking

    noobking Member

    Joined:
    Nov 28, 2011
    Messages:
    209
    Likes Received:
    5
    Trophy Points:
    18
    for GI you can also switch IP after every 500k going out, but like what mrlucky123 said, clear the spool
     
  4. Mike91TT

    Mike91TT VIP

    Joined:
    Apr 29, 2011
    Messages:
    300
    Likes Received:
    17
    Trophy Points:
    18
    Location:
    Los Angeles,CA
    Clearing queue and mailing 500k or less per IP will not stop major CSS issues. It helps, but CSS can hit within 5 minutes of mailing regardless
     
  5. noobking

    noobking Member

    Joined:
    Nov 28, 2011
    Messages:
    209
    Likes Received:
    5
    Trophy Points:
    18
    you still use onpoint? i never get one after switching...
     
  6. Mike91TT

    Mike91TT VIP

    Joined:
    Apr 29, 2011
    Messages:
    300
    Likes Received:
    17
    Trophy Points:
    18
    Location:
    Los Angeles,CA
    Yeah but I've been cool lately. What did you switch to?
     
  7. kasiegee

    kasiegee VIP

    Joined:
    Jul 22, 2013
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    Can the lack of an unsubscribe link cause listings?
     
  8. DKPMO

    DKPMO VIP

    Joined:
    Mar 31, 2011
    Messages:
    1,452
    Likes Received:
    68
    Trophy Points:
    48
    Location:
    Elaborate Underground Base
    /facepalm
    /facepalm
    /facepalm
     
  9. dea4cim

    dea4cim Banned

    Joined:
    Feb 14, 2014
    Messages:
    35
    Likes Received:
    4
    Trophy Points:
    0
    We have been mailing from 4 here and setup and managed more than 200 high volume server. Our experience and analysis says that if you are mailing majority on Yahoo domains and your list have so many inactive yahoo email IDs , It would cause SBL CSS.
     

Share This Page