22 Feb

Proofpoint – Why Apple and Me.com email Are Not Viable For Business

I’ve been in the Internet business since 1994 so I’ve seen many (including some failed) attempts at blocking spam. The most notable was SPEWS which attacked spam with a vigor (and a whole lot of collateral damage) that was previously unseen. Needless to say they didn’t last all that long as they caused way too much unnecessary angst due to their ‘escalation’ process that could see an entire organisation (thousands of IPs) blocked due to a handful of spammers. They also were anonymous, with no method of contacting them and no method of reporting a false positive. That’s a guaranteed fail :).

There are also some very reliable spam filtering services which, whilst none could say they are perfect, do for the most part keep the viagra, big boobs and make-a-million-bucks-tomorrow out of your inbox. Services such as Barracuda, Senderscore, Senderbase, Spamcop, Spamhaus and Spamassassin (all of which I have used for some years)  provide a valuable service and tools to help the responsible mail admin ensure that they are seen as good netizens.

Then there’s Proofpoint.

Proofpoint is the company that Apple uses to provide spam filtering services (via IP blocking) for their me.com and other free email services they provide. Over the past couple of years I’ve had to request de-listing of false positives several times. The IPs in question were/are managed by me and all had the following characteristics.

  • These were business IPs used for communication with customers
  • List subscriptions were all via direct customer approval or double opt-in
  • I’m on the FBL’s for all of the largest telcos and email providers and react quickly to spam complaints (Apple don’t have a FBL btw).
  • The IPs in question all had scores between 95-100 at senderscore.org
  • The IPs in question were all ranked ‘Good’ at senderbase.org
  • None of the IPs in question had been on any other RBL/blacklist (not even false positives) over the previous 2 years

In short, the emails sent and subsequently flagged by Proofpoint were all legitimate emails with the required consent from the receivers.

If your IP is listed, you will need to visit the Proofpoint IP lookup page. Don’t be surprised if your IP is listed – Proofpoint don’t automatically remove IPs and in one case I found that an IP was listed due to 1 spam email being ‘seen’ by Proofpoint in 2012. That was before my customer had even been assigned that particular IP. You can see similar cases if you scroll through the posts on Proofpoint’s Facebook page.

Out of 4 or 5 submissions I had just one reply from Proofpoint. It seems that generally they won’t email the person who submits the false positive report (though ’email address’ is a mandatory field on their submission form). I’ve also found that the best way to ensure a fairly quick response (i.e. within a day or two) is to follow up the false positive submission with a post to their Facebook page and/or a direct message to them from their Facebook page.

So, back to the original topic of this post. It seems just a little mind boggling to me that an organisation as big as Apple would continue to use, what seems to be, a somewhat overly aggressive spam prevention service. All spam prevention services get false positives from time to time but Proofpoint seem to do it more regularly than similar service providers. This leads to legitimate emails being blocked.

All of the above raises the question (at least in my mind)… is Proofpoint bad? Well, probably not, but just not as good as some of their competitors. Partly because of the false positives and partly because they don’t communicate very well.

The most important take aways from this are:

1. DON’T ever trust your business (or other important) emails to a free email service such as me.com (or Hotmail, Livemail, GMail etc).

2. DO have someone (or at the very least, a service such as MXToolbox.com) monitoring your mail server IP.

3. You get what you pay for…