SMTP Greylisting vs. Facebook.com battle

Post your MailEnable suggestions here.
Post Reply
kbuchl
Posts: 4
Joined: Sun Sep 30, 2012 5:14 pm
Location: Vienna, Austria

SMTP Greylisting vs. Facebook.com battle

Post by kbuchl » Thu Nov 08, 2012 8:36 pm

Hello,

I want to open this discussion, because of hundreds of facebook mailservers trying to deliver one message.
This is likely to be an endless try and "451 your message is delayed" responses.

A look at the SPF dns entry of facebook.com shows this:

TXT record: Name=facebook.com, TTL=1800, Text: v=spf1 ip4:69.63.179.25 ip4:69.63.178.128/25 ip4:69.63.184.0/25 ip4:66.220.144.128/25 ip4:66.220.155.0/24 ip4:69.171.232.128/25 ip4:66.220.157.0/25 ip4:69.171.244.0/24 mx -all

This results in hundreds of possible sender IP addresses, and it is getting a lottery until the resend is done using the same IP address as the first greylisted try - because facebook is using them on a round robin mechanism.
You can imagine, that it could take hours and days until you will receive such an email - not thinking about the extra traffic that your mailserver faces, plus extra consumption of resources.

One solution to this is - ofcorse - to add these entries to the greylisting exceptions list, and then check now and then for changes in the SPF record, if new addresses apear and others are dropped. But what if there are hundreds of domains using the same mechanism - eg. hosting providers?

Another solution would be to have the greylisting mechanism checking the SPF records for the sender's IP/Domain.
This would make life easier for administrators, as they do not need to check for changes in the SPF records of possible thousands of domains.

What do you think about this?

Regards,
Klaus-Dieter

Post Reply