Announcing MxToolbox Professional

Our team is happy to announce the release of MxToolbox Professional, our new power user interface.  A lot of hard work and a lot of feedback from our great users went into the creation of this new integrated interface.  We know you made the product even better!

MxToolbox Professional UI

What is MxToolbox Professional?  It is a new user interface integrating all the tools you rely upon with monitoring services.  This new UI will enable you to seamlessly transition between lookup tools and monitors without changing pages.  Power users get a highly customizable user interface featuring:

  • Favorites
  • Type Ahead
  • Lookup History
  • User-defined Tags
  • Custom Filters

You can get more information about MxToolbox Professional here.

How do you get MxToolbox Professional?  If you are an existing paid customer, you have access already.  You can switch between Professional and Classic interfaces in the Dashboard.  If you are not a paid customer, now may be the best time to look at upgrading.

Visit the MxWatch Matrix for more information.

Improved SPF Tool RFC changes

Over the past few weeks we’ve been working hard to improve our SPF Record Testing Tool to help people check and monitor SPF records. We’ve added some improved diagnostic testing capabilities to give you more specified details if we discover an issue with your SPF Record.

One of the big SPF events that occurred this year and spurred these updates was a significant change in SPF best practices, namely RFC 7208.  This new document advises the administrators to discontinue using the alternative SPF RR type that was formerly supported during the experimental phase of SPF. SPF records must only be published as a DNS TXT Resource Record. Due to this change we have updated our SPF Lookup tool and now report the status of the following problems you might encounter with SPF:
SPF problems

SPF Record Deprecated - If you still have an SPF type record, we will warn you. Simply remove these records to clear the warning.

SPF No Records – If you have no Sender Policy Framework records, we issue this warning. SPF participation is voluntary, but if you want to remove this warning you will need to create an SPF record and publish it as a TXT type record. There are several good tools for creating SPF records such as http://www.spfwizard.net/.

SPF Invalid Syntax – This is the only problem that will cause a domain to show as error. We have detected some type of syntax problem in your SPF record. This could cause real problems when recipients attempt to decode it.

SPF Multiple Records – The RFC only allows a single SPF record per domain. If you have more than one, we will display a warning. Ideally, you should ensure that only a DNS TXT Resource Record is published and all others SPF records are removed to clear this warning.

You might be listed and not listed on Barracuda right now

Recently, several of our users contacted us, asking us what is going on with the Barracuda blacklist. Our monitoring tools have alerted many administrators that their IP is blacklisted by Barracuda.

The problem that is currently happening is that one of the two DNS servers run by Barracuda is stale (shown in the image below). This is causing email servers that are doing lookups to show some people as being listed even though Barracuda considers them as not listed. This is why their web lookup tool will show them as clean, but the listing is still being published via DNS.

Barracuda DNS Screenshot

For a refresher course on How Blacklists Work you can check out one of our past blog posts.

We’ll update this post as we get new information

Have You Checked Out Domain Health Yet?

You might have noticed several months ago we began to roll out the Domain Health Report as our newest tool on the site. After listening to a lot of feedback from users like you, we started building this new tool that performs a full diagnostic check on your domain and all your servers associated with your Mx Record.

With Domain Health you can quickly get a complete picture of your domain’s health. For each domain you enter we run over 140 tests including mail server, web server, DNS, and blacklist tests and identify any critical errors or warnings that could be affecting the performance of your domain.


Domain Health for google.com

If you haven’t run a Domain Health Report on your domain yet give it a try here – Run Domain Health Report

In addition to providing this powerful new report tool for your domain – we also recently added Domain Health Monitoring. You can give us a domain name and we will run tests on all of your Web, DNS, and Email Servers every 15 minutes and alert you if we detect a critical problem or warning that you need to know about. We also alert you to any Mx or SPF Record changes that we detect.

Learn more about Domain Health Monitoring.

How blacklists work behind the scenes

Every now and then we get an email from a user who wants to know why our Blacklist tool shows them as being on a blacklist but when they use the check tool on the blacklist’s web page, it shows them as being clear or vice versa. A little bit of background on how DNSRBLs work will explain why this happens and I hope you find it helpful when trying to troubleshoot blacklist problems.

Blacklist Results

Blacklist operators generate lists of IP addresses or domain names that they would like to share with the world. DNS is a great way to publish IP addresses and hostnames in a very lightweight, fast, distributed way. The operator creates a domain zone and publishes records on their DNS server. So let’s say we create a blacklist called Example. We announce it to the world and let everybody know we are going to publish it at rbl.example.com. For every IP Address that we want to add to our list, we publish an A record in our zone. Mail servers would attempt to resolve the IP at our domain and if an A record is returned they would know that the IP in question is “on the blacklist”. Domain based lists work similarly.

Just like with all other DNS records, you do not need to always ask the DNS server that actually host the zone for an answer. In fact most DNS queries are made against nearby DNS servers. Most people first query their ISPs DNS servers. Many business networks are setup with a local DNS server for security as well as performance reasons. This way once one person gets an answer for the IP address google.com additional queries are returned very quickly without having to traverse the internet. How long these cached results are stored is determined by the time to live (TTL) settings that are configured by the owner of the zone. This means that in addition to determining who they want to put on their list, blacklist operators determine how long you should remain listed even after they remove you from the zone. They could do this for policy reasons or for performance of their DNS servers. But what it means is that every person who finds out that you are on the list will consider you “listed” until that TTL expires.

So I think you can see now how you could get a different answer from our tool than from the blacklists own check tool. Either we got a negative answer recently and are caching that and showing you as not listed when you in fact are, or we have a legitimate listing record on our server that hasn’t expired yet and we will show you listed even after you have been taken off at the source. It is important to realize that we report these cached results for the reason that this is what other email servers in the wild will see. If you get a positive result on our tool, once you request delisting you should check with the provider’s own check tool to see if you have been removed. Then you can see from our tool how long your TTL is before you will appear clean again to the email server’s of the world.

IPv6 Addresses added to MX record results

We continue to add support for IPv6 to our tools and this week we are going to start showing IPv6 addresses for Mail Exchange records that have AAAA records for their hostnames.

IPv6 in MX records

Our last blog post went over a lot of the basics of IPv6 for folks who would like some background. We are going to continue adding support for IPv6 in more of our tools over time as we strive to keep our tools as awesome as possible in the ever changing world of technology.

AAAA DNS Lookups are now available

world IPv6 launchWe have recently added the ability to perform AAAA record DNS lookups in order to resolve hostnames to IPv6 addresses. Here’s a bit of background on IPv6 and AAAA records.

DNS is the backbone of computer networking today. Every time you use a web browser or other internet connected technology that references a server by name, it uses DNS to turn that name into a numeric address. Since the early 1980′s that numeric address was an IPv4 IP address. These “IP Addresses” are 32-bit numbers that can be written as a decimal number from 0 to 4294967295. The IP for MxToolbox.com is currently written as a decimal number as 1075110789.  An easier to read “dotted quad” format is more popular, with 4 8-bit numbers from 0 to 255 separated by periods. In this notation the IP Address for MxToolbox.com is 64.20.227.133.

IPv4 has served well for over 30 years, but it has a limitation. It only has 4.29 billion addresses. In 1981 when specification was published, computers were large, shared, and not terribly common. Today many people have multiple computers and internet connected devices, each needing an address. The solution for this dilemma is IPv6, an update that brings with it an increase in address space. IPv6 allows for 340 billion, billion, billion, billion addresses, so we shouldn’t run out of room too soon.

Having so many addresses is critical, and the by far the largest benefit to IPv6, however trying to communicate such a large number is problematic. For example, as of the time of this blog post our tool reports that google.com resolves to 2607:f8b0:4000:804::1004. However that same IP Address can be written several different ways. Here’s that IP as 128 binary 1′s and 0′s - 100110000001111111100010110000010000000000000000001000000001000000000000000000000000000000000000000000000000000001000000000100. Another not very practical method is to use decimal numbers, in our case the address is written as 50552053919381933569817860797397733380. Here’s that number again with comma’s so you can get a grasp as to how large that number really is 50,552,053,919,381,933,569,817,860,797,397,733,380.

The most common way to write IPv6 is so use hexadecimal, which uses 0-9 and then a-f to represent 16 bits as a single character. Our IPv6 looks like this in hex 2607:f8b0:4000:0804:0000:0000:0000:1004. There are several methods for “compressing” this number to remove unneeded characters. You can turn any group of 0000 into just one 0, after all zero is zero. That gets you to 2607:f8b0:4000:0804:0:0:0:1004. However you can also replace any group of zeros with a single double colon so you get back to our optimal version which we return - 2607:f8b0:4000:0804::1004. You are only allowed to use the :: once per address.

IPv6 and it’s super large address pool is great, and some organizations are using it, but since it’s incompatible with IPv4 directly, there has been and will continue to be a long road as the internet transitions from the old version to the new one. Many people have IPv6 addresses and the AAAA DNS record is how those addresses are published. The path forward to implementing and converting networks to IPv6 is a much longer story and there are plenty of places to read about it online. But for now, if you want to lookup AAAA records and PTR records for IPv6, the MxToolbox tools are ready to help.

Create a Dashboard with the REST API

Viewing your monitors is fairly simple on MxToolBox’s website, but wouldn’t it be nice to have your monitor status on your website? This post shows off a sample dashboard using HTML, Javascript, and the REST API we talked about in our previous blog post and on our websiteYou can view the sample or download the files

Breaking Down the Sample – How It Works

Note that this sample is using the sample API Key, which can only query “example.com.”  You will need to use your own api key within sample.js.  Search for “add your api key here, ” use your api key, and you are running.

dashboard
The mechanics start with calling the Monitor API to get the status, then it’s mostly a matter of formatting.  This api will return each of your monitors’ status:

  {
    "MonitorUID": "e442d19c-5746-4816-b5af-65624757c297",
    "ActionString": "blacklist:example.com",
    "LastTransition": "2009-11-03T06:15:34.867",
    "LastChecked": "2013-12-02T15:23:35.78",
    "MxRep": "100",
    "Failing": [],
    "Warnings": []
  },

This javascript is composed of the following frameworks -

On DocumentLoad, we use the monitor details to determine the status of the monitor based on the problems listed in “Failing” and “Warnings.”  We then pass that jsRender to create a nicely formatted table.

Extend the Dashboard with Tags

Some customers segment their monitors by tagging them.  You can use the monitor API to query by tags by adding a ‘tag’ querystring parameter to the api.  The link below gets only the example.com monitors that have the “blacklist” tag:

http://api.mxtoolbox.com/api/v1/monitor/?authorization={your_api_key_goes_here}&tag=blacklist

One customer uses the tag filter to create dashboards for each of his regions, and another uses it to show only his blacklist monitors.

Learn more about the REST API

Blacklist Activity

Have you ever wondered which Blacklists are the most active?

At MxToolbox, we generate gigabytes of global blacklist activity data weekly from our public tool usage. This type of data is especially useful to determine when a blacklist goes does down or a dns service falls over and can relay that information to you. Like the rest of you, we use multiple monitors to let us know when an event occurs.

The most useful data we look at is the number of blacklists “Adds” (or listings) that occur.  A sharp/sudden spike or drop usually indicates a problem with a blacklist.

All Recent Blacklist Activity

Blacklist Activity

Top Activity By Blacklist

Blacklist Activity

You can see these charts on your free Dashboard and they are included in our free weekly Summary email.

As of 11/8/2013, these blacklists (below) have the most “adds” or listings by each respective blacklist operator. Each “add” or blacklisting is equivalent to one IP Address or one Domain being added to each list.

Spamhaus-ZEN

spamhaus-zen Activity

CBL

CBL Activity

Spamcop

Spamcop Activity

Barracuda

Barracuda Activity

Analysis

As of 11/8/2013, the four blacklists that recently have the most listings are Spamhaus-ZEN, CBL (Spamhaus), Spamcop, and Barracuda. On average, these blacklist have generated the highest volume of listings for the last several years, and we do not expect that to change soon. SORBS and Lashback blacklists are usually close behind. IP Addresses and domains that make up these listings can be added by these blacklists for a variety of reasons such as spam and virus/malware infections. You can run a quick Blacklist Check on your domain name or IP Address here to make sure your IP Address or Domain are free of blacklist issues.

 

Network Solutions DNS problems

We have seen a large number of alert emails go out from our Monitoring System and they appear to be caused by problems with Network Solutions DNS  servers being intermittently unavailable. No word yet as to when it might be resolved.

Network Solutions Facebook – https://www.facebook.com/networksolutions
Network Solutions Twitter – https://twitter.com/netsolcares

You can check your DNS with our tool - http://mxtoolbox.com/DNSLookup.aspx. Network solutions servers names end with .worldnic.com.