What is a Blacklist?

A blacklist is simply a list of IP addresses or domain names that an organization has decided to block for one reason or another.  Blacklists started as a means to combat email spam.    Early on, it was just a list of IP addresses or domain names that were sending junk email.  These lists were manually managed with IPs added and removed based upon human interactions between a few systems administrators.  As the Internet evolved these individual lists became larger, more centralized and list curators developed unique tools, spam traps and service models to make the lists more widely available, and more accurate.

There are a few different types of Blacklists that you need to be aware of to fully understand the market.

Public/Private

Public Blacklists are shared publicly via the web or, more traditionally, via DNS.  A public blacklist can be referenced by anyone online to check individual IP addresses.  Checking more than one list or more than one IP requires development of tools, like MxToolbox that can programmatically check these lists.  Often a subscription to the full list can be purchased for use internally, or commercially in appliances or software. Examples of public blacklist are SORBS and Spamhaus Zen.

Private Blacklists have been setup by a company for their own security usage and are not made available externally.  Often, these are considered proprietary or trade secrets because proprietary methods of data collection are used in the curation of the list.  Examples of these include your ISP’s blacklist, Microsoft’s blacklist and those used by security companies.

IP/Domain

IP Blacklists contain a list of IP addresses that are suspect.  Typically, each IP blacklist has a different method of generating suspect email or web traffic and therefore different reason for listing the IP address.  Typical reasons for listing are:

  • Spam has been received from this IP in a honey trap, directly by the organization or has been reported by subscribers to the list.
  • Malware or viruses were sent from this IP address.
  • Open relays or other configuration issues allow for bad actors to exploit the server at this IP address for spam or malware distribution.
  • This IP address has been marked as dynamic (DHCP) by the owner and leased out to their customers.  Since it is dynamic, no servers should be on these IPs and you cannot trust the ones that are.

Note: If you are on a dynamic IP address, you will automatically be blacklisted by most blacklists.  This is normal.  If you’re not sure if you are on a static IP, then you’re probably not on a static IP.

Domain Blacklists simply list domains that have been found in spam email or are known to be sources of malware infections.  There are only a handful of domain blacklists or blacklists that list domains alongside IP addresses.  While a Domain Blacklist is a useful tool to alert you to reputation issues, they do not contain comprehensive domain reputation information.  In general, checking your website’s IP address against an IP blacklist is also necessary to protect the reputation of your website and checking the IP addresses of your email servers is necessary for protecting your email reputation.

You can find the full list of blacklists checked by MxToolbox here.

Deprecating CASA

Every so often we update the list of blacklists we curate.  This is part of our service to ensure that we provide the best information for our customers.

Today, MxToolbox is taking the CASA CBL lists offline.  As of July 2016, the China Anti-Spam Alliance has announced the deprecation of the following lists:

  • CASA CBL+
  • CASA CBL-

Since these lists will no longer be supported, they are no longer useful for making decisions regarding the delivery of email.

If you have questions about these changes, please contact our Support team.

MxToolbox Status Page

Every once in a while, we, like many other providers, go offline.  Sometimes, it’s on purpose, like when we add new features and rebuild the site.  Sometimes, it’s completely accidental, like when our datacenter has an outage*.  And, you’ve been patient with us when it happens even though we’ve given you little information, typically via Twitter.

Today, that changes.  Now, you can check on our status at any time through our new StatusPage.io account.  Simply go to MxToolbox.statuspage.io to view status.  You should get a page that looks like this:

statuspage.io

Any product related issues will be flagged so that you can keep informed on the topic.  Even with this new tool, we will continue to update our followers on twitter.  We just want you to have as much information as possible.

 

*On that topic, we’re working to limit the impact of datacenter outages in the future by moving more of our tools to the cloud.

Better Insights from Updated Charts and Graphs

Here at MxToolbox, we’re big fans of good graphs and charts that provide insights, show trends and give you decision-making information.  And, it always helps if they look good.

We’ve recently launched an update to all our charts and graphs for MxToolbox Professional users.  Now, paid users get graphs that are much more interactive with much more information. In short, this:

smtp_graph

Becomes this:

MF_graph

Each data set can be selected, deselected and the timeline adjusted right from the graph.  And, we think the new graphics are beautiful, too…

We’ve added some color to our monitor tagging system

If you are currently monitoring a large volume of IP addresses or hostnames for your organization or on behalf of your clients, one of the most important requirements is the ability to quickly group and identify related monitors. For that reason, we added the ability to create tags a few years back as a way to easily identify groups of related monitors. For example: if you needed to monitor blacklists for multiple clients, you can easily create a tag for each individual client and assign that specific tag to the monitors related to that client.

As there is a growing need quickly identify groups of related monitors, MxToolbox recently added the ability to specify a color for your tags.  Now, you can make it easy to visually identify groups of related monitors. After creating a tag you can assign it one of eight color types by selecting the color palette square next to your existing tags.

Screen Shot 2016-04-07 at 12.17.13 PM

To start adding color to your tags simply login to your account and visit the Tag Manager by selecting Tags from the black navigation menu.

Screen Shot 2016-04-07 at 12.18.39 PM

Tags are available to all monitoring accounts starting at our MxWatch Basic Plan and above.  We hope that tags, and now colored tags, will make it easier for you to do your day-to-day tasks with MxToolbox.

Availability Report: Uptime % and Downtime for all your monitors

These days website or app uptime is a crucial aspect to any business online. If your website goes down for any reason your customers and business suffers. MxToolbox Monitoring offers two ways to report on the uptime of your servers:

  • Uptime Reports
  • Availability Reports

Uptime Reporting for Web, DNS, and other critical services give you Summary Uptime and Downtime reporting to protect on each monitor.  Simply select the monitor to see how we protect your business and customer satisfaction.   Uptime monitoring tracks performance over time in order to compare how your server is performing today vs last month or last week.

Screen Shot 2016-04-07 at 1.02.40 PM

Our Availability Report allows you to view the Uptime %, Downtime, and displays the current status for all your monitors. The Availability Report allows you to specify the date range so you can recall historical Uptime/Downtime statistics and issues.  This is particularly valuable when you want to show upper management how well things have been running over the past quarter or year or justify additional expenditures for servers.  In addition, you can access specific monitors directly from the Availability Report to checkout current status and specific issues.

With our new Availability and Uptime Reporting, MxToolbox Monitoring gives you even more insight into how your servers, and business, are running.

HTTP/S Screenshots: Lookups, Monitoring, History, Alerts

If you’re a fan of our HTTP/S lookup tools, you may have noticed that we added a new feature: Screenshots. Now, when you run an HTTP or HTTPS lookup on a domain you will see a screenshot of what the domain looked like when we ran the test.  If there is an error, you now have more information on what error may have occurred.

http_screenshots

 

For example: if your server was down when running the test you will see a screenshot of what your customers saw as well as any error codes.

We’ve also added this same capability to our monitoring system!  Now, when we verify your server or website is down, we will include a screenshot  in the alert notification we send you. You get a snapshot of what your customers see when an outage occurs.  Over nights and weekends, on-call teams will be able to directly see what is going on right away and make the best triage decision for the alert.

In addition, monitoring customers can also access a historical screenshots for HTTP/S monitor outages.  Whenever we capture and verify a transition event, UP or DOWN, we store the screenshot in your monitor history.  Now, you will always have a view into site performance and customer experience!

Explicit search parameters now displayed in MxWatch Monitoring

If you have a large number of monitors and wanted to find them quickly, you’ve probably used our search field, and been a little frustrated…  You could search, but it was difficult to see what parameters were in effect, sometimes even hiding monitors you knew were there.  

We decided to improve search for you.  Now, when you enter search parameters, we explicitly display your search criteria and allow you to refine your searches by removing them individually.  Whether is is a name, a type, a tag name, or other search option, it is in the Search Parameter display. 

Screen Shot 2016-04-07 at 12.27.27 PM

For example if you are looking for all HTTP monitors that contain the word example, you will now see both http and example displayed as search parameters on your dashboard. With this new feature you can quickly see what search parameters have been applied to your monitors.

Domain Blacklist vs Domain Health – What’s the difference?

MxToolbox offers two products with Domain in the name and that sometimes causes a bit of confusion with our newer customers.  I’d like to take a few moments and compare and contrast the two products to eliminate confusion and you using the right product.

Domain Blacklists

A Domain Blacklist lookup takes a domain name as the argument and does the following:

  1. Looks up the A record for the domain to get the primary domain IP address
  2. Searches over 100 IP-based blacklists for this IP address and reports the results
  3. Searches a set of domain blacklists for the domain name and reports the results

This search will tell you what blacklists your web server is on and what domain blacklists your domain may have been added to, essentially giving you an idea of your domain’s public reputation.

IP Blacklists vs Domain Blacklist

IP blacklists contain the IP addresses of known spammers, malware infectors, virus and botnet distributors and other bad actors.  When an IP is on a blacklist it is has been caught in some bad act.  Since an IP address identifies a particular server somewhere, you know that the server is performing some bad act.

Domain blacklists contain a list of domain names that have been included in known spam attempts.  This does not mean that the domain is the source of the spam, or that the server is a source of spam.  It only means that the domain name or domain URL was included in spam or malware laden emails.

So, if you are sending email, you want to check the IP address of your mail server.  If you are running a web server, you want to check the IP address of the server.  If you are concerned about your domain’s reputation, you should check your domain against a domain blacklist.

Domain Health Lookup

A Domain Health Lookup takes your domain name and provides you with a battery of tests to judge the health of all aspects of your domain:

  • Blacklist status of Mail Server, Web Server and Domain
  • Status of your Mail Server and compliance with RFCs and best practice configuration (DMARC, DKIM, etc).
  • Status of your Web Server, including HTTPS Secure Certificate and setup compliance with RFCs
  • Status of your DNS and RFC compliance

So, a Domain Health test provides everything that a Domain Blacklist lookup provides plus a comprehensive look at the health of your domain.  

Use Cases

For simply finding your Domain’s online reputation, use a Domain Blacklist lookup.  To get an early warning on changes to your domain’s reputation, use a Domain Blacklist Monitor.  

To get comprehensive information on your domain, use Domain Health.  To get comprehensive monitoring on your entire domain: web, email, dns and reputation, use a Domain Health Monitor.

 

What blacklists do I check and how should I?

Amongst our newer users, we often get some confusion between IP and Domain blacklist lookups and what the results mean. There is a distinct difference in the search and results and different benefits for performing the different lookups.  I’m hoping this will clear it up for many users and enable everyone to understand the unique benefits to each.

IP Blacklist Lookups

When you perform a blacklist lookup on an IP address, our system searches a list of 100 IP-based blacklists for the IP you gave us and returns both positive and negative results.  

An IP may be on this blacklist for any number of malicious activities:

  • Sending spam
  • Malware attacks
  • Operating a tor node
  • Hosting a botnet or virus
  • Many others…

Since an IP address represents a server on the Internet, any IP address could be blacklisted.  While any IP address may be listed, it is typically a webserver or email server that is the primary culprit.  We therefore recommend checking and monitoring the IP addresses of your web and email servers on a regular basis.

Domain Blacklist Lookups

When you perform a Domain blacklist lookup, you input a domain name.  MxToolbox algorithms do a DNS lookup of the Domain to produce the primary DNS record for that domain (an A record search).  We then run the IP address of the A record against all IP blacklists and simultaneously we run the domain name through a second set of domain blacklists.  Both could return results of blacklisting.

IP Blacklists vs Domain Blacklist

IP blacklists contain the IP addresses of known spammers, malware infectors, virus and botnet distributors and other bad actors.  When an IP is on a blacklist it is has been caught in some bad act.  Since an IP address identifies a particular server somewhere, you know that the server is performing some bad act.

Domain blacklists contain a list of domain names that have been included in known spam attempts.  This does not mean that the domain is the source of the spam, or that the server is a source of spam.  It only means that the domain name or domain URL was included in spam or malware laden emails. 

So, if you are sending email, you want to check the IP address of your mail server.  If you are running a web server, you want to check the IP address of the server.  If you are concerned about your domain’s reputation, you should check your domain against a domain blacklist.

Blacklist Monitors

MxToolbox Experts recommend that everyone with their own email servers monitor the IP addresses of those mail servers against IP blacklists.  This will give you warning that someone or something is performing a bad act through your email.  Further, it is highly recommended that you monitor you setup a domain blacklist monitor for your website.  Since domain blacklist monitors use both the IP of the web server and the domain in blacklist searches, you get extra protection of your reputation.  

Free Monitoring

MxToolbox offers one free IP blacklist monitor to our registered users.  This enables you to monitor your email server or webserver for blacklisting in the most common IP blacklists.  Our domain blacklist monitors are more comprehensive for web reputation and are therefore a paid feature.  While most of our customers find a free account sufficient for a small business, some want the additional reputation protection of a domain blacklist monitor or our Domain Health Monitoring.