One of the worst nightmares to have as an email administrator is to have his or her mail server flagged for spam. There are many spams one may be flagged for, and RATS Spam is one of them. For those who have this problem and are at loss as to how to delist from RATS spam; this article explains how.
How to delist from RATS SPAM
RATS spam refers to an Internet Protocol (IP) address or a group of IP addresses that have been blacklisted for being abusive, in other terms, the IP address does not fit in the common kinds of threats. This can occur due to compromised servers or virus traffic arising from one’s servers as is the case in open relays. Since these do not dispatch a lot of data, it could be a false threat and is only used if the server supports a stricter stance. It normally occurs when a server has been observed to be attempting too many deliveries and occasionally normal email servers due to FTP bounce attacks.
This implies that one’s IP address has been defaulted for sending unsolicited bulk email, whether or not they arise from the server’s IP address. This is especially worse when they are accompanied by viruses.
The solution in these cases is to strengthen one’s servers, especially by closing one’s relays. These may occur either from a security flaw in the software or misconfiguration by the system administrator. And because open email relays do not attempt to validate the sender of an email, it means a forged email server address may as well go undetected.
Why mail servers are blacklisted as RATS Spam
To understand how to delist from RATS Spam, you might first want to know why your IP address is listed as a RATS Spam in the first place. It’s most likely due to one of the following reasons:
- Compromised servers: This usually includes open relays and will be discussed below
- Virus traffic arising from the server: This occurs as a result of compromised server, even if (as in most of the cases) these do not arise from the original IP address
- FTP bounce attacks: this is similar to open relays but may occur with even normal servers. Though this is even less common especially with modern FTP server programs.
What are Open relays?
Considering that most cases of RATS spam are bordered around open relays, let’s take a look at what they are. These are Simple Mail Transfer Protocols (SMTP) servers that allow anonymous users to send emails through it, even when they are not from the original user’s IP address. This means that servers on open relays can be exploited by various spammers to send unsolicited emails to users; this may then be caught by the Spamrats spam traps, blacklisting the server.
Over the years, this has become quite uncommon due to its exploitation by spammers and worms and now only accounts for only about five percent of Spamrats. Users can confirm if their servers are configured to open relay on; checkor.com or mxtoolbox.com
How to close open relays
Since open relays are in most cases the problem, let’s take a look at how to avoid them or otherwise close an open relay. This is dependent on the server; in some cases, it requires a simple command (e.g. Exchange 2007 and 2010 servers), while in other cases it is a step by step process (Exchange 2013 onwards, Lotus Domino, etc.), but we won’t get into any of the details.
Afterward, the server should be checked again to see if the attempt at closing the relay was successful or not. Aside from that, in cases where the server is not secure, the security patch up should be updated to that effect.
What to consider before delisting?
As discusses above, RATS spam, the most implicated factor is the issue of the server’s competence. And to be able to delist one would have to beef it up especially by closing the relay. This can either be due to
- Misconfiguration; hence the systems admin has to reconfigure the server to accept only a certain group of messages and forward those.
- A security flaw in the system in which case security patches will have to be applied for the relay to be closed
Why you should delist from RATS spam
Once an IP address has been flagged as RATS Spam, i.e. blacklisted, it means all emails arising from that IP address, will either not go through to the receiver or end up in spam. And until the users delists from it, none of the sent emails get through to the receiver’s inbox.
How to check that an IP address has been flagged RATS Spam
To know if one’s IP address has been flagged, one would first have to know the site that has the IP address blacklisted and the type of spam it was flagged for. And find out how to delist from RATS spam, if that is what it’s flagged for. Then the user might then consider contacting the website administration for delisting. But then it is best to rectify one’s server before doing this to prevent a repeat of the whole process again.
How to prevent being listed to RATS Spam
The best way to manage this problem is by not having it in the first place and that is quite an easy task. This would include
- Using modern servers: Most modern servers operate closed relays and hence this is has done well to reduce the problem
- Close open relays: If the server’s relay is already open (for whatever reason) then it should be closed as discussed above
- Update security: This is also as discussed previously
Unlike most spams, the RATS spam is relatively uncommon, but it happens anyway; and mostly occurs when there is a compromise on the server’s security. This compromise usually allows spammers to access the server and send spam contents to recipients. For how to delist from RATS Spam, one must first rectify the problems with the server and then contact the website administration for delisting.