Client's domain/IP blacklisted and they can't send out emails
How Do I?
I hardly have any details yet as I personally haven’t talked to their IT guy, but figured I would start this post to get some ideas. The IT guy is suggesting that the website is at fault and that it has been sending spam emails. What kind of things can I check? I don’t even know anything about their email system, or the hosting as I didn’t set it up. Will have more details soon, thanks!
A couple of things come to mind.
I had a client who had an insecure password to an FTP account. Someone hacked in and set up a PHP script and was using php send mail to mass spam. Check for any php scripts you don’t recognize.
The other thing is to check for a compromised Super Admin account with access to EE email tools.
That’s all that comes immediately to mind for now.
To start you might check a 3rd party to see if the domain / server are coming up as spam source as well, i.e.: http://mxtoolbox.com/blacklists.aspx
A couple of things come to mind. I had a client who had an insecure password to an FTP account. Someone hacked in and set up a PHP script and was using php send mail to mass spam. Check for any php scripts you don’t recognize. The other thing is to check for a compromised Super Admin account with access to EE email tools. That’s all that comes immediately to mind for now.
Thanks TJ, I had my client’s IT guy reset the FTP passwords. I don’t see any PHP files on the server that shouldn’t be there. Would there be server logs that show email sent from the site? I asked the IT guy to look into that. There’s only one Super Admin account, and it’s mine, doubt it was compromised. Thanks!
Have they been able to indicate where they are being blacklisted yet? What led them to that conclusion?
To start you might check a 3rd party to see if the domain / server are coming up as spam source as well, i.e.: http://mxtoolbox.com/blacklists.aspx
I did this and everything looked ok, the IT guy said that one of them wasn’t marked as ok yesterday, but it appears to be fine today.
Have they been able to indicate where they are being blacklisted yet? What led them to that conclusion?
Their email stopped sending out and would bounce back. IT guy noticed one of the blacklists was marked on mxtoolbox.com, but it seems fine today when I checked.
If they can, I would recommend switching to an external service for transactional email, like Mandrill, which has easier to access logging, and instructions and tools to help ensure mail is deliverable and you stay off of blacklists. If this site was on a shared server, for instance, the spam could have come from any account’s app and an IP based blacklist would affect everyone on that server.
If they can, I would recommend switching to an external service for transactional email, like [Mandrill](http://mandrill.com), which has easier to access logging, and instructions and tools to help ensure mail is deliverable and you stay off of blacklists. If this site was on a shared server, for instance, the spam could have come from any account’s app and an IP based blacklist would affect everyone on that server.
They have an exchange server setup for their company email. The IT guy mentioned they have their own IP address and it ins’t shared with other sites. I’m trying to eliminate the website as a possible cause. I doubt it has anything to do with it though.