31st January 2021

Spamcop email rejections

Servers impacted: Ocean, Aus, Acadia, Eagle, Banshee, Friday, Longhorn, Safari, Lucy, London

Today we saw reports of rejected emails due to positive tests against the Spamcop RBL. This meant that when we checked to see if the connecting IP address had been blacklisted with Spamcop, the function reported true for every IP that connected to deliver mail. During this time, all inbound email to these servers should have been rejected. The reason all tests came back positive is due to the spamcop.net domain expiring, which caused the registrar to park the domain. The DNS server for parked domains always returns every DNS query as true, by it's nature. As a result of this event, we have removed Spamcop from all servers and will no longer be using third party blacklists moving forward.

In determining the scope of this event, we are not able to provide 100% accurate results. Here's how we achieved the results below:

  1. Pick the server with the most rejections by Spamcop RBL in the last 24 hours.
  2. On that server, identify the hour where elevated rejections began, and which hour had the first 0 rejections.
  3. Count all spamcop RBL rejections for the whole day on all servers.

This method is enough to give us a rough idea of what happened, and the values will be close enough to the truth for discussion purposes. Here are the results:

Between 4am and 10am US/Central we saw 12,715 emails rejected due to Spamcop collectively across the servers mentioned above. That vast majority, 5,540 emails, were rejected on the Lucy server. Out of that 5,540 number, 2,517 of those came from one sender: StackCommerce. These were all to one recipient who appears to have signed up for their service using thousands of randomly generated email names, which is a violation of our policy and another matter.

The next two significant numbers came from Safari at 2,605 emails, and London at 2,348 emails. These were both a healthy mix between legitimate email and actual spam.