Trend Micro is Blocking All Mail from Amazon's Cloud

Bookmark and Share Monday, November 16, 2009

UPDATE: As of Thursday, 11/19/2009, EditMe has moved email capability out of Amazon's EC2 service. This change immediately resolved the problem for those users who were unable to receive email from EditMe. Although Amazon did finally respond, it was with an indication that the problem would not be solved in a timely manner.

Trend Micro: No mail for you.

Last month it was Spamhaus blocking mail from all of Amazon's EC2 cloud because of a rogue spammer abusing the service. In that case, the ball was in Amazon's court to stop the spammer and show Spamhaus and other similar services they were taking steps to prevent future abuse of their cloud. And they did. Because of that block, Amazon started putting limits on mail sent from new EC2 accounts. Account holders must now request a lifting of that limit for specific mail servers with fixed IP addresses they intend to operate on the service. A little heavy handed on the part of Spamhaus? Yes, absolutely. But, at the same time, understandable at some level, and it worked.

Trend Micro, on the other hand, decided recently to block all mail from Amazon's massive EC2 hosting cloud, but not because of spam. Instead, Trend Micro has put all of EC2's IP address space into their DUL list. The DUL list is intended for dynamic IP addresses, like the one you get for your laptop when you sign onto the Internet from home. Ridiculous? You bet.

I've confirmed with Trend Micro that this is not limited to EditMe, but affects all of Amazon's customers. As a result, companies using Trend Micro's spam blocking service will not receive any mail from any server hosted within Amazon's cloud. That's an estimated 80,000 servers on the Internet that Trend Micro is blocking... just 'cause.

According to Trend Micro: "All Amazon's EC2 cloud space were blocked by Trend-Micro, were working with them but still we haven't heard anything from them."

OK, I'll excuse the butchered grammar, but... Heard what? That these IP addresses are in fact servers in Amazon's cloud? That's public knowledge. Trend Micro knows that. It's unclear what Trend Micro needs to hear to satisfy this itch.

It would seem this comes down to a technicality - a matter of semantics. The way Amazon's cloud works is that "servers" are virtual and ephemeral. They can be brought up and taken down within minutes. When a new server is created, it's assigned an IP address from a pool of lots of addresses. When the server is taken down, the IP address is released back into the pool. These are servers, mind you, and you need to be pretty geeky to create and do anything with one of them. But, technically, these addresses are dynamic, and so Amazon has them marked as such. Should Amazon mark this space as statically allocated, even though it's not, just to appease Trend Micro? I'm going to say no on that, which is probably why Trend Micro hasn't heard back on their little nit.

So, if you or your users are not getting email from your EditMe site, I apologize. I have contacted both Trend Micro and Amazon about the issue. Thankfully, logs indicate a relatively small number of recipients have been affected by this problem.

If you're among those affected, there may be something you can do. Ultimately, your IT department (or Internet service provider) is blocking your mail based on a bad recommendation from Trend Micro. My advice is to use a different spam service, or if that decision isn't in your hands, complain to your IT department or Internet service provider. They may be able to "white list" EditMe's mail server. Contact support for that information if this is the case. I'll update this post with any news I hear.

Stay Connected with EditMe

Subscribe via Email

Your Email:

Delivered by FeedBurner