How do I get off the Blacklist?

This is the final article in a multi-part introductory series on blacklists and blacklist activity.

Most of our customers come to us when their business has already been adversely affected by blacklisting.  Email is crippled by low deliverability rates.  The first question our experts are asked is always “How do I get off this $%&! blacklist?”  The process is really simple, but it often takes time.

First, you need to stop spamming, or sending viruses and malware.  The infected systems need to be shutdown or quarantined.  This could mean taking down email servers or infected workstations across the company.

Second, you need to put in place tools that prevent future exploitation of your systems.  MxToolbox, as an expert in email and blacklists, recommends cloud-based email security software that protects both inbound and outbound email.  You can contact our experts to learn about our Email Protection and Total Security packages.

Third, you must contact the blacklisting agency or agencies to get delisted.  If you are on multiple blacklists, you must contact each one separately as each has their own preferred delisting process.  One thing is universal: before removing you from their list, blacklist operators will require you to explain the steps you took to prevent further spam, malware or botnet attacks from your servers.

MxToolbox email experts can help you with everything you need around blacklists, including:

  • Lookup tools for identifying the blacklists you are on
  • Monitoring tools to constantly watch your domains and IP addresses for inclusion on a blacklist (and our paid monitoring solutions come with our top-notch support)
  • Cloud-based Email Protection and Total Security packages to prevent future attacks that would get you blacklisted
  • Information on blacklist and links to the blacklist, including delisting resources.

Contact us to learn more.

My small business is on a Blacklist. What did I do wrong?

If you have been referred to us by your Internet Service Provider (ISP) because of a blacklist, then this article will most likely help you with your problem.

If you are running a small business, it is unfortunately a fairly common occurrence that your mail could be blocked by a blacklist even if you do not send bulk email, spam, malware or run your own email servers.  The problem is one that can be easily corrected.

But, this may seem complicated…

When you send email, the computer you send the email from is listed as the point of origin and the IP address is recorded in the email header, which is routing instructions and history passed around with your content.  Many people still use Outlook or another email client local to their computer.  When you use a local email client, your computer’s IP address and the IP address of your router are recorded in these email headers (to learn more about email headers check out our Analyze Headers tool).  These are the IP addresses of the email’s origin.

Unless you pay extra for a dedicated IP address, the IP address of your router is dynamically assigned to you from a pool of IP addresses owned by your ISP.   Typically, these dynamically assigned IP addresses (also known as DHCP IPs) are automatically blacklisted because they can be assigned to anyone at anytime for anything.  To summarize, you have been assigned a dynamic IP address which is likely blacklisted.  This is point of origin of all your email making your email likely to be refused by servers using blacklists to filter email.

What’s the solution?

There are several solutions to this problem each with different trade-offs or costs.

Use your ISP’s webmail – Most Internet Service Providers have a webmail client you can use as part of your subscription.  These webmail clients send the email from the IP address of the ISP’s mail servers, not your IP.  Sending from their servers gives you their blacklist reputation so you should not be blocked by blacklists.  Many of these will work with your existing domain, if you have your own domain name.   However, usability and functionality may not meet your needs.  It is a good idea to look into this option as it’s free and part of your internet access.

Acquire a static IP address from your ISP – This is a good option for small businesses that want to host their own servers for websites, email or other tasks.  A static IP address is from a different pool than dynamic IPs so it is less likely to be on a blacklist.  This option will allow you to continue to use your local email client (Outlook or another), but adds the monthly expense of the static IP.

Use 3rd party webmail – There are many 3rd party web-based email tools you can use, most with a small monthly cost.  Microsoft Office 365 and Google Apps offer complete collaboration suites, with email, spreadsheets, word processing and presentation applications.  Most of these will allow you to use your local email clients and all of them should allow you to use your domain name for correspondence.  The larger app providers have their own email security options that protect your reputation.  The only downside is cost.

At MxToolbox, we understand the causes of blacklisting and can help you by:

  • Alerting you when your IP or domain is on a blacklist
  • Protecting your email from the common causes of blacklisting
  • Protecting you from malicious websites and botnet attacks
  • Providing collaboration services like Google Apps services to businesses like yours

Contact us to learn more.

How can I prevent getting on a Blacklist?

This is the third article in a multi-part introductory series on blacklists and blacklist activity.

The simple answer is don’t spam, or send malware or viruses and you won’t get on a blacklist!  Unfortunately, this is not as simple as it sounds.   As applications and operating systems get more powerful and complex, they open more possibilities for exploitation.  Spammers and hackers are finding new ways everyday to exploit these systems.  Your system administrators keep up with patches, but, often what fails isn’t the configuration, patch or security, it’s human nature.  All it takes is an errant click on the wrong link or downloading something from the wrong site and your systems can be infected with malware.

The best way to prevent blacklisting is to limit the risk of a malware infection through comprehensive email filtering.  Now that botnets are also problematic, we also recommend security software that filters website URLs and DNS to offer additional protection.

At MxToolbox, we offer comprehensive email security solutions

  • Email Protection + Continuity provides inbound and outbound mail filtering to ward off spam, malware and other email-based attacks.  Outbound filtering means that even should your servers be compromised, spam will not be passed on to your customers.  With Continuity, should your email go down, your users will still have access to send and receive email while you work the issue.

  • Total Security includes everything from Email Protection + Continuity but adds in DNS and URL filtering of websites, both of on-premise and mobile devices.  With Total Security, your users are protected even if they click on links that download botnets or malware and also protected from botnets reaching out to host servers.

Regardless of the software you choose, implementing a comprehensive email security solution is necessary to prevent blacklisting and ensure email deliverability.  Contact us for more information.

In the next installment of our series on Blacklists, I will discuss the steps you need to take to get off of blacklists.

How did I get on a Blacklist?

This is the second article in a multi-part introductory series on blacklists and blacklist activity.

At MxToolbox, our experts see the same story play out time and again:

For a few weeks or days, a small number of seemingly random emails bounce back or delivery fails.  At first, this is no real problem; email is never 100%, right?  Then, an important email to a big client goes missing and your users get nervous.  Administrators at your client’s organization says you’ve been blacklisted so they can’t accept email from you.  By then, you realize a large portion of your email isn’t getting through to anyone.  Your business is at risk and it’s all because you are on a blacklist!

Blacklist operators use a number of ways to catch and track undesirable activity but sometimes they capture legitimate businesses, like yours.  Typically, legitimate businesses get placed on a blacklist for one of the following reasons:

  • Relaying spam through in-house email servers
  • Sending malware, viruses or spam from individual accounts
  • Denial of Service (DoS) or other type attacks from malware infected servers or networks
  • Unknowingly Sending phishing emails or unsubscribe attacks
  • Operating a mail server with no reverse DNS, such as from an IP address in your Internet Service Provider’s (ISP’s) dynamic IP address pool (DHCP)
  • Failing to honor unsubscribes when mailing

So, you can see there are a number of reasons that you can end up on a blacklist without actually intending to do something undesirable.  Most often, our experts find that a blacklist issue was caused by your servers passing on spam, viruses or malware.  This condition is highly preventable!

At MxToolbox, our experts understand the common causes of blacklisting.  We can help you take immediate steps to get removed from blacklists and provide thoughtful solutions to keep you off blacklists in the future.  Contact us for more information.

In the next installment of our series on Blacklists, I will discuss some methods for preventing blacklists.

What’s going on with Barracuda blacklist results?

You may be seeing something odd with listings on Barracuda right now.  MxToolbox is reporting your IP address as listed on Barracuda’s Blacklist but when you go to Barracuda’s website, you’re not listed.  You’re probably thinking “These guys at MxToolbox have lost it”, but that’s not quite the case.  

MxToolbox subscribes in various ways to the DNSRBLs at different providers like Barracuda.  Barracuda being a large organization with a large subscriber base has multiple DNS servers providing blacklist information.  One of these servers seems to be out of sync with the others and the website database.  The questionable IP addresses appear to be coming from this one server.

Why does MxToolbox report it as blacklisted?

The MxToolbox philosophy on blacklisting is to provide blacklist results that most closely resemble real-world blacklist usage.  To do that, MxToolbox caches positive blacklist results until the TTL (time-to-live) of the record expires.  When we get a positive response, we list it regardless of how many of the DNS servers list it at the blacklisting organization, because this is how spam filters work. A spam filter will get a positive result and lock out any email from that IP address.

Am I really blacklisted even if I’m not on Barracuda’s website?

If you are listed on the out-of-sync DNS server, you are technically blacklisted.  Spam filters that subscribe to Barracuda may connect to this DNS server,  receive your IP address on the blacklist and then begin to refuse your email.

What can I do?

To get off the blacklist, you must contact Barracuda and let them know that you are listed on one of their servers.  When we investigated, we found the results were coming from a server in their geons01.barracudacentral.org DNS server pool (see the image below).  We have opened our own case with Barracuda.

Three direct lookups of a particular IP address on Barracuda's DNS servers.  Note that the same server pool provides different results.

Three direct lookups of a particular IP address on Barracuda’s DNS servers. Note that the same server pool, geons01, provides different results. 

 

What is a Blacklist?

This is the first article in a multi-part introductory series on blacklists and blacklist activity.

A Realtime Blacklist, or RBL, is a list of IP addresses and domain names that an organization has decided to block, typically for spam.  There are many Blacklists, and each focuses on different types of undesirable behavior.  For example:

  • CBL or Composite Blocking List is a DNS-based blackhole list of suspected e-mail services sending SPAM email resulting from virus or malware infections.
  • Listing on Backscatterer blacklist indicates that your server is issuing “backscatter” in the form of Non-Delivery Reports (bounces) to external users, or misdirected autoresponders and sender callouts.
  • Inclusion in either of the MAILSPIKE Blacklists (BL or Z) means that your IP Address has most likely been identified as being part of a real-time spam outbreak.

Blacklists are typically used to block undesirable internet traffic.  For example:

  • Blocking access to websites on domains known for malware
  • Blocking incoming email from IPs or domains known to be spammers
  • Blocking access to IP addresses based in risky countries

MxToolbox does not own or operate any of these blacklists.  Instead, our email experts curate a list of over 100 blacklists and aggregate blacklist information into a single, central lookup tool.  Our tools enable you to check your mail server IPs and domain names against all these blacklists in a single consolidated interface.  Our monitoring packages enable you to monitor your domains and IP addresses for blacklist activity and get instant notification when placed on a blacklist.  We built our lookup and monitoring tools to help you navigate the complicated world of blacklists.

Your email deliverability depends on staying off of blacklists.  Get protected today.

In our next installment of our series on Blacklists, I will discuss how legitimate businesses sometimes end up on blacklists.

Is Go Daddy DNS Up or Down?

The short and confusing answer is both.  Let me try to explain.

The Down

As of this morning, the authoritative DNS nameservers at Go Daddy were unavailable.  These servers provide the IP addresses of local DNS servers containing domains hosted on Go Daddy.  So, if you’re hosted on Go Daddy, you’re DNS is in one of these local DNS servers.  External queries would not be able to find your IP address because the authoritative servers at Go Daddy could not resolve the local DNS server containing your information.  You are essentially down to authoritative DNS lookups and anyone without a cache containing the local DNS server with your IP address.

The Up

For most people, this is not an issue. Go Daddy is large enough with enough regular traffic to generate a large cache of DNS entries.  If you are hosted on Go Daddy, returning customers will have cached DNS information and be able to navigate to your site without the need to hit the authoritative DNS servers.  Even many new customers can navigate to your site based on cached resolutions to the DNS servers with your domain information.  However, new customers will be unable to resolve if they or their ISP has not cached DNS for your site.

The Upshot

MxToolbox DNS lookups show Go Daddy DNS and DNS for domains hosted on Go Daddy as down.  We do this because the authoritative DNS servers cannot resolve the local DNS servers, so the lookup chain is broken.   Our lookups and monitors always start from the root and do not use cached information, so you get a complete look at the DNS configuration.

Further, this issue may eventually cause a situation where your site becomes completely inaccessible.  DNS entries have a limited TTL (Time to Live).  When TTL expires, the entry is erased from the cache.  Should Go Daddy’s outage last longer than your domain’s TTL, customers will be unable to resolve your IP address and unable to connect to your site.   MxToolbox recommends DNS Monitoring or Domain Health Monitoring for your mission critical domains so you are warned of these issues before it becomes an outage.

 

Announcing MxToolbox Professional

Our team is happy to announce the release of MxToolbox Professional, our new power user interface.  A lot of hard work and a lot of feedback from our great users went into the creation of this new integrated interface.  We know you made the product even better!

MxToolbox Professional UI

What is MxToolbox Professional?  It is a new user interface integrating all the tools you rely upon with monitoring services.  This new UI will enable you to seamlessly transition between lookup tools and monitors without changing pages.  Power users get a highly customizable user interface featuring:

  • Favorites
  • Type Ahead
  • Lookup History
  • User-defined Tags
  • Custom Filters

You can get more information about MxToolbox Professional here.

How do you get MxToolbox Professional?  If you are an existing paid customer, you have access already.  You can switch between Professional and Classic interfaces in the Dashboard.  If you are not a paid customer, now may be the best time to look at upgrading.

Visit the MxWatch Matrix for more information.

Improved SPF Tool RFC changes

Over the past few weeks we’ve been working hard to improve our SPF Record Testing Tool to help people check and monitor SPF records. We’ve added some improved diagnostic testing capabilities to give you more specified details if we discover an issue with your SPF Record.

One of the big SPF events that occurred this year and spurred these updates was a significant change in SPF best practices, namely RFC 7208.  This new document advises the administrators to discontinue using the alternative SPF RR type that was formerly supported during the experimental phase of SPF. SPF records must only be published as a DNS TXT Resource Record. Due to this change we have updated our SPF Lookup tool and now report the status of the following problems you might encounter with SPF:
SPF problems

SPF Record Deprecated - If you still have an SPF type record, we will warn you. Simply remove these records to clear the warning.

SPF No Records – If you have no Sender Policy Framework records, we issue this warning. SPF participation is voluntary, but if you want to remove this warning you will need to create an SPF record and publish it as a TXT type record. There are several good tools for creating SPF records such as http://www.spfwizard.net/.

SPF Invalid Syntax – This is the only problem that will cause a domain to show as error. We have detected some type of syntax problem in your SPF record. This could cause real problems when recipients attempt to decode it.

SPF Multiple Records – The RFC only allows a single SPF record per domain. If you have more than one, we will display a warning. Ideally, you should ensure that only a DNS TXT Resource Record is published and all others SPF records are removed to clear this warning.

You might be listed and not listed on Barracuda right now

Recently, several of our users contacted us, asking us what is going on with the Barracuda blacklist. Our monitoring tools have alerted many administrators that their IP is blacklisted by Barracuda.

The problem that is currently happening is that one of the two DNS servers run by Barracuda is stale (shown in the image below). This is causing email servers that are doing lookups to show some people as being listed even though Barracuda considers them as not listed. This is why their web lookup tool will show them as clean, but the listing is still being published via DNS.

Barracuda DNS Screenshot

For a refresher course on How Blacklists Work you can check out one of our past blog posts.

We’ll update this post as we get new information