Wednesday, 18 March 2020

Using a VPN can get you blacklisted

I recently helped a friend get email going out again. She uses Thunderbird and has an account with a national Internet provider. The symptom was that she could read her email with IMAPS but when she tried to reply via secure SMTP on port 465, the upload was rejected. So she had resorted to sending SMSes to friends.

I won't go through the false leads I followed but make a long story short: it was the use of a VPN that caused rejection of the outgoing email. How did this happen? The rejection message was: OB115.<ip address> blacklisted, please contact ... to resolve. When the VPN is in operation, all outgoing traffic comes from the exit IP address of the service. What had happened was that the provider had detected lots of connections from that IP address from all their customers using the VPN and concluded that it was under attack so blacklisted that address. In her former job she was required to use the VPN, which was part of an anti-virus suite. But there was no good reason to use the VPN from home, and what's more to secure TCP ports. When I disabled the VPN both immediately and at startup, outgoing mail worked again.

You might argue that the provider should have whitelisted this exit IP address, but there are so many services and exit points out there that it would be a huge task to list them all. So unfortunately the automatic blacklisting mechanisms kicked in.

If you must use a VPN, depending on the VPN software you may be able to specify that some applications or ports are exempt.

A similar thing happens when you use a VPN and websites using Cloudflare detect too many connections from the exit IP address, then you get rejected.