Anti-Spam Sites Block Microsoft Hosted Exchange Services

A week or so ago, some customers started noting a rising tide of blocked spam originating from an internet address registered as FrontBridge. Microsoft acquired FrontBridge and its "e-mail hygiene" technology in June 2005 last year and subsequently incorporated it into its Exchange Hosted Services offerings.

The customers traced the blocked spam to a server in Washington state. They contacted customer service and received this response: "We are currently aware of this server having been listed on multiple block lists .. Our Network Operations team is currently investigating the reason for these listings and their removal. Although we do appreciate your alerting us to this, due to security restrictions which we employ I am unable to release any further information regarding our organization to you."

On Friday afternoon, Microsoft acknowledged and clarified the situation, saying that what customers were likely seeing was actually the blockage of non-delivery reports.

"This non-delivery report (NDR) server for Exchange Hosted Services, located in Canyon Park, Wash. Is currently listed on three block lists, including Spamhaus.org," said Jay Vernon, director of client services for Exchange Hosted Services via e-mail.

But, he said what the customers are seeing is actually blocked NDR messages. "By design, we send NDR messages from separate servers than those routing e-mail. We do this because, when a customer is affected by a spoofing or directory harvest attack, a spike in NDR messages may result, thereby landing the NDR server on the block list. By segmenting the server roles, we ensure that legitimate email is delivered, while illegitimate NDR messages are blocked," Vernon added.

"This is likely the case here. The customer may have been spoofed, and when a spoofed message is rejected by EHS or the destination mail server, this NDR server routes an NDR message. The customer could perceive the increased volume of illegitimate NDR messages as a spike in spam messages " though there is no actual increase in spam," he continued.

On the plus side, as EHS gathers samples of illegitimate NDR messages, it can fashion and enforce custom rules to block the NDRs altogether. Interpreted this way, the generation of this mass of NDR messages actually is a spam-fighting technique.

"At no time during this type of incident would a customer experience any degradation in e-mail service quality from EHS," Vernon contended.

If a blacklist or watchdog site's standard operating procedure is to flag a company for sending too many NDRs and block them, that is "exactly why Microsoft has created the multiple streams that they have," a Microsoft spokeswoman told CRN.

The NDRs emanating from the Microsoft service were flagged by www.uceprotect.net, cbl.abuseat.org, and spamhaus.org, the spokeswoman said.

This story was updated Tuesday afternoon with more information on the anti-spam sites that took action.