UPDATE - Outbound IPs
World Food Programme
American Red Cross
David Harley, the Director of Malware Intelligence at ESET passed on the following resource URLs :
Saturday, January 16, 2010
It is inconceivable that anyone within viewing distance of a television or computer screen this week doesn't know about the disaster in Haiti. As of this writing, 50,000 bodies have been collected from the streets of Port-au-Prince. Millions of people, a number our brains simply aren't equipped to deal with, are now homeless.
Help is needed now, and will be, for a very long time
In response, the immediate and continuing outpouring of generosity from individuals, companies and organizations, and governments has been astounding.
The outpouring has relied on the Internet and mobile phones to facilitate donations.
And, along with it, came scum attempting to defraud people with fake charities, posting links to Twitter and the inevitable spammed campaigns.
Another matter that may be interfering with charities and relief organizations to do their work are spam filters and blacklists. Unfortunately, the reality is that some charities are better at fund-raising and helping people than following email best practices, and despite the fundamental nature of their work, their IPs have ended up blocked, or they are not getting the delivery they need, particularly at this time of crisis.
So, what can we do as a community to assist them?
RECEIVERS, FILTERING SERVICES & DNSBLs
Please, Whitelist the IPs (and domains) of any charity known to be assisting in the Haitian relief effort.
Yes, I know, they might be sending lousy mail streams, lots of bounces, trap hits, etcetera. I suggest that for the next while, for whatever period of time you are comfortable, you turn a blind eye to that, instead, please cast wide-open eyes to the big picture. People, human beings like you and me need, the world's help and you can play an integral part in that effort.
If you are an ESP or ASP that is handling traffic for charities or other agencies involved in the relief effort, drop me an email to email@example.com and I will list them here, so others can use that information.
I have a long list of charities, gleaned from a few trusted sources. If you can spend a little time digging around to find outbound IPs to add to the list, that would be great. Again, firstname.lastname@example.org
ANYONE & EVERYONE
If you can think of anything beyond these measures I've suggested, I'm all ears and would happily post it here. And, of course, please donate money. I know times are tough, many of our colleagues are hard-pressed, laid-off or even fired, so those of us who can afford it, please be extra-generous in your cash donations.
Thanks for considering being a part of this. The Haitian motto, on their flag is "L'union fait la force" : Unity is strength. Let's pull together to make this happen.
UPDATE: Steve Atkins from Word to the Wise has some great points of clarification to make. Bottom line, receivers should be checking authentication of sending domains and IPs in some fashion, be it a dns-based whitelist, or IP-or-domain level authentication. Senders should be wary of any new Haitian aid entities that suddenly spring up.
Here's what he said, in full:
But don't misread Neil's suggestions as a request to give spam that claims Haiti as an excuse, or claims to be from a legitimate charity a free pass.
Legitimate charities are having their web presence advertised heavily on television and online, they're not relying critically on email spam to get donations right now. And mail to their long term subscribers is probably going to be delivered just as well, or poorly, as it was last month.
On the other hand, there's a lot of scams out there claiming to be Haiti charity related. And viruses. And probably phishing, though I've not seen that myself yet.
If anything, I'd expect the legitimate charities to not want ISPs and filtering companies to give Haiti-related spam a pass, as it's less likely that their legitimate communication will be buried under the scams, viruses and junk. Someone who has sent $50 to a scam is unlikely to send another $50 to the legitimate charity. Especially do not whitelist or exempt from filtering their domains unless you're actually validating that the mail is really from them in some way, as some of the bad mail is claiming to be from legitimate domains too.
And if you're an ESP, don't believe any new client that's claiming to be a Haiti relief charity, unless you check them out more deeply than your normal due diligence.
Saturday, January 02, 2010
This just in from Lou Dobbs, to whom I never gave my email address. Complaints sent to noxsolutions.com, alchemy.net, billoreilly.com, and loudobbs.com
From: Lou Dobbs
Subject: I'm Looking Ahead to an Important Year
Date: January 2, 2010 3:54:53 AM EST
To: Neil Schwartzman
Received: by 10.142.157.12 with SMTP id f12cs1033423wfe; Sat, 2 Jan 2010 00:52:26 -0800 (PST)
Received: by 10.220.121.143 with SMTP id h15mr6137490vcr.55.1262422345174; Sat, 02 Jan 2010 00:52:25 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [126.96.36.199]) by mx.google.com with ESMTP id 28si46909341vws.112.2010.01.02.00.52.24; Sat, 02 Jan 2010 00:52:25 -0800 (PST)
Received: (qmail 81148 invoked by uid 1014); 2 Jan 2010 08:52:24 -0000
Received: (qmail 81146 invoked from network); 2 Jan 2010 08:52:24 -0000
Received: from mail2.billoreilly.com (mail2.billoreilly.com [188.8.131.52]) by mail1.iecc.com ([184.108.40.206]) with ESMTP via TCP id 116769523; 02 Jan 2010 08:52:22 -0000
Received: from noxweb7 ([10.1.2.65]) by mail2.billoreilly.com with Microsoft SMTPSVC(6.0.3790.3959); Sat, 2 Jan 2010 00:52:19 -0800
Received-Spf: neutral (google.com: 220.127.116.11 is neither permitted nor denied by best guess record for domain of email@example.com) client-ip=18.104.22.168;
Authentication-Results: mx.google.com; spf=neutral (google.com: 22.214.171.124 is neither permitted nor denied by best guess record for domain of firstname.lastname@example.org) email@example.com
Content-Type: text/html; charset=Cp1252
X-Mailer: Nox Solutions Mail 2.1.0
X-Originalarrivaltime: 02 Jan 2010 08:52:19.0164 (UTC) FILETIME=[E41169C0:01CA8B88]