Trends The World’s Most Popular SMTP Error Responses By Ken Simpson | 3 minute read We recently took a look at about 9 million delivery attempts through one of our outbound spam filtering customers’ systems and compiled a list of the most common spam connection rejection messages. I’ll share the list with you later in this blog post. But first, a bit of technical background for the uninitiated. Most mail servers are configured to reject connections from IP addresses that appear on a black list. A notable exception to this would be Google, who through the sheer might of their infrastructure appear to accept connections from anyone, perhaps in order to beef up their spam folder size (to make it appear like they are doing more than they really are to reduce spam). In any case, if your SMTP connection is rejected because your IP address is found on a blocklist, you will get an error message from the receiving mail server that looks like the following: Mail from 192.0.32.10 not allowed - 5.7.1 [BL23] Connections not accepted from IP addresses on Spamhaus XBL; see http://postmaster.yahoo.com/errors/550-bl23.html [550] This rejection message is packaged up into a non-delivery receipt by your mail server, which sends this to your mailbox. You then hopefully click on the link, read Yahoo’s excellent error message documentation, and then take steps to have your IP address removed from the Spamhaus XBL as instructed. I wanted to see which messages were the most popular, so I used our powerful log indexing system to pull out an hour’s worth of rejection notices. I then ran these through a very simple Map-Reduce script to count up the error responses, stripping out random variations like IP addresses and transaction IDs. What resulted is the following list of the world’s most popular blocklists — at least, from the perspective of error responses: 25% 5.7.1 [BL21] Connections will not be accepted from 1.2.3.4 10% Mail from 1.2.3.4 not allowed - 5.7.1 [BL23] Connections not accepted from IP addresses on Spamhaus XBL; see http://postmaster.yahoo.com/errors/550-bl23.html [550] 8% You are not allowed to connect. 8% 5% Service unavailable; Client host [1.2.3.4] blocked using Trend Micro RBL+.Please see http://www.mail-abuse.com/cgi-bin/lookup?ip_address=1.2.3.4 3% Mail from 1.2.3.4 not allowed - 5.7.1 [BL21] Connections not accepted from IP addresses on Spamhaus PBL; see http://postmaster.yahoo.com/errors/550-bl21.html [550] 3% IP:1.2.3.4 - A problem occurred. (Ask your postmaster for help or to contact tosa@rx.t-online.de to clarify.) 2% Transaction failed. For explanation visit http://freemail.web.de/reject/?ip=1.2.3.4 2% No SMTPd here 1% 5.7.1 5.7.1 Client host rejected: Dynamic IP addresses are blocked. Please contact your email provider. 1% Denied by policy 1% Email from 1.2.3.4 is currently blocked by Verizon Online's anti-spam system. The email sender or Email Service Provider may visit http://www.verizon.net/whitelist and request removal of the block. 100604 1% RBL rejection: http://www.spamhaus.org/query/bl?ip=1.2.3.4 1% 5.5.0 Improper use of SMTP command pipelining 1% Mail from 1.2.3.4 not allowed - VS98-IP1 deferred - see http://help.yahoo.co.jp/help/jp/mail/anti-spam/anti-spam-24.html 1% 5.7.1 CCRX 1.2.3.4: Connection refused. Your IP address is blocked(anti-spam). If you need [truncated] 1% 5.7.1 service refused. Client host 1.2.3.4 blocked for spamming issues. Adresse IP source 1.2.3.4 bloquee pour incident de spam. Ref http://r.orange.fr/r/Oassistance_adresserejetee . 1% Blocked - see https://support.proofpoint.com/dnsbl-lookup.cgi?ip=1.2.3.4 1% 5.7.1 service refused. Client host 1.2.3.4 blocked for spamming issues. More information available at http://help.orange.c [truncated] 1% 5.7.1 Service unavailable; Client host [1.2.3.4] blocked using Trend Micro RBL+. I’m amazed at how dominant Yahoo is in this list. Perhaps we chose a window of time during which this particular ISP network was hammering them especially hard in preference to the other networks.