Over the past week we have seen a huge number of 'bots' trying to guess customer email credentials in order to try to send email through our outbound email servers: smtp.aa.net.uk.
The attempts were being blocked due to wrong passwords being used, but this caused significant load on our severs due to all the database lookups involved. To address this, we are blocking IP addresses that are listed on the Spamhaus 'Exploits Blocklist (XBL)' and the Spamhaus 'Combined Spam Sources (CSS)' lists. -These are typically IP address known to have hijacked in some way or known spam senders.
This has reduced the load on the email servers significantly, however we are are still blocking around 1.5 million unique IP addresses each day.
We have had a small number of legitimate customers affected by this as their IP address is on these blocklists. (IPs can be looked up on https://check.spamhaus.org). In these cases, please do contact support and we can discuss workarounds.
We have had a few customers who are using other ISPs and who are behind 'CGNAT' - this is where the IP address that is used to access the internet is shared with a number of other customers of that ISP. As the IP address is shared with others the listing of it in the Spamhaus lists could be due to the actions of any other customer of the ISP who also uses the shared IP address. In these cases, we'd suggest the following:
We are blocking around 200,000 bot IP addresses per day, however we have had a small number of legitimate customers being blocked. As a result, we have made a change which will help these customers.
We ask that if customers are having problems sending email due to their IP being listed on the Spamhaus block lists that they set the port they use for sending email to smtp.aa.net.uk to be 587. Our mail servers will block the first attempt but will then allow subsequent attempts through.
Due 16¾ days ago (overdue)