UPDATE Pipex Email Servers Blacklisted After UK ISP Ignored Warnings

Internet security experts at Trend Micro have warned UK ISPs to pay more attention to their abuse departments after it was forced to block Pipex’s (TalkTalk) spam spewing email servers for almost a week because the provider “choose not to man their abuse desk” and did not respond to the warnings.

As a result of the blacklisting Pipex’s subscribers would have suffered significant problems when attempting to send emails, which was an especially big problem for their business users. Trend Micro’s Rik Ferguson told The Register: “The IP addresses of the Pipex MTA have been sending spam and also malicious emails, probably because they have client PCs on their network that are infected and originating spam.”

Apparently all TalkTalk needed to do to get the ban lifted was reply to Trend Micro’s message, which was sent to their abuse desk at abuse@talktalkplc.com (perhaps it got stuck in their spam filter 🙂 .. no seriously).

Trend Micro’s Rik Ferguson said:

“Once a Realtime Blackhole List (RBL) listing is made, we require the ISP to take effective action to stop the spam. We monitor this action, and if the investigator sees the spam stop, they will remove the listing.

Because there are multiple people involved with checking an RBL listing, it is exceedingly rare that a mistake is made. In each case of an RBL listing, we have spam-on-hand, and can produce that on request for the ISP. The size of the ISP behind any given IP address is not a factor in our decision to list on the RBL; the fact that we have spam from that address, and that there has been no action to reduce the spam, is.

Because the ISP receives at least two notices from us, we feel that they have adequate time to deal with the problem.”

Thankfully the problem has now disappeared, although TalkTalk have so far failed to provide a clear explanation for the situation. In the meantime Ferguson has said that some ISPs do not man their abuse desk, automatically redirect messages to end users or impose spam filters on the abuse desk contact. Ugh.

UPDATE 25th May 2012

TalkTalk have responded.

A TalkTalk spokesperson told ISPreview.co.uk:

“Some Pipex customers may have had difficulty sending emails to NHS and other government agencies after a number of customers’ computers were infected with malicious software and started sending out spam. We have taken measures to tackle the problem and reduced spam messages by 70 per cent since the start of May.”