I run a small business, how do I protect my online presence?

This is another installment in our on-going series to help small businesses on the Internet.

Large organizations have hundreds or thousands of IT experts to protect their businesses from spam, viruses, malware, hackers and other things that go bump in the night.  This team often includes specialists in system configuration, software development and IT security.  As a small businesses you cannot afford to hire an army of specialists, but you still need their expertise to protect your online presence.

Let’s start with online risks for a small business

As an online business, I’m assuming you have a domain name, something like ‘mydomain.com’.  You’re probably running a website and sending email using your domain.  However it’s configured and hosted, your domain is your biggest online asset; it is your business card, your showroom, your marketing and your livelihood.  Anything that affects your domain, tarnishes your image and affects your business.  Unfortunately, there are quite a few things that can go wrong.

DNS Risks

Your website sits on a server in a facility along with your email server and many like them.  If you are in a shared host environment, your website could be one of many domains hosted on the same servers.  Similarly, you could be hosting email in a group setting as well.  Customers can find you because the Internet uses a sort of roadmap called DNS that tells your customers’ computers where in the world your servers are and routes traffic through the proper networks to the right servers.

DNS is a robust system but susceptible to misconfiguration and, occasionally, attack.  As DNS points customers to your website or your email server, you need to be aware of changes that could affect this roadmap.  Typically, your Internet hosting provider has DNS configuration tools to help you with your configuration and maintenance.  MxToolbox provides free DNS lookup tools so you can verify how your DNS configuration appears to your customers and others outside your service providers network and ensure they can find you on the internet.

In addition to configuration issues, DNS is also susceptible to occasional attack.  Scammers can try to hijack your DNS and repoint it to their servers to steal your customers’ information.  That’s why MxToolbox recommends regular monitoring of DNS configurations to prevent outages, especially A, MX and PTR record analysis and monitoring.

Learn More about DNS Monitoring

Risks to Email

The biggest risk for a small business is email deliverability.  Issues like blacklisting, server performance, spam, malware, viruses and email system availability can all affect email deliverability and impact your business and online reputation.  At minimum, any business should monitor their domain name and email server IP address for blacklisting.  Blacklisting could be a sign of something more sinister, like malware or viruses.

Learn More about Email Deliverability

Risks to the Website

Operating your own website has its own difficulties.  Content creation and management, ecommerce and lead generation are typically top of mind for small businesses.  Unfortunately, businesses also need to be concerned about the technological risks, which are similar to email.  Viruses and malware can affect your servers, and cause your domain to be listed on blacklists.  Further, system configurations can leave doors open for hackers or make transactions less secure.  Finally, even services for your website could go down or slow down due to load, configurations or installed software, effectively shutting down your business.  This can be compounded by using a shared host environment where multiple domains are hosted on the same server. In this situation, your reputation can be affected by your neighbors, over which you have no control!

MxToolbox recommends monitoring your domain for blacklisting and your website for uptime and configuration issues, at minimum.  This should give you early warning of issues that might become outages.

MxToolbox’s Solution

At MxToolbox, we understand the technical challenges small and medium businesses face on the Internet.  That’s why we created a turn-key monitoring solution that automatically sets up all the monitoring a small business typically needs.  MxToolbox’s Domain Health uses a unique algorithm to determine the best monitors for your configuration so that you don’t need a technical background to protect your online business.  A Domain Health Monitor is bundled with each of our Standard and Pro monitoring packages.

Learn more about Domain Health

New Servers to Whitelist

MxToolbox uses a set of servers as part of our monitoring products.  These perform the heavy lifting like making SMTP calls to your servers or checking your DNS records.  If you are using MxToolbox monitoring for any system behind a firewall, you will probably need to whitelist our servers to get accurate monitoring service.

The current list of keeper IP addresses to whitelist is:

  • 64.20.227.128/28
  • 54.84.234.24
  • 54.164.124.219
  • 54.88.4.135

Please contact Support@MxToolbox.com if you have any issues.

I didn’t do anything, but my domain is on a Blacklist

At MxToolbox, we occasionally see a domain on an IP blacklist as a source of spam or malware when the owner of the domain has done nothing wrong.  This article will discuss the issue and potential solutions.

The first thing we always recommend to customers with a potential spam or malware problem is to review the following things:

  1. Have you violated any CAN-SPAM regulations recently?
  2. Have you had a virus or malware outbreak in the recent past?
  3. Do you run your own mailserver?  Has it been on a blacklist recently?

If you answered “Yes” to any of these questions, you may have earned your spot on the blacklist but we can still help you with some tools and techniques.  Learn more about our blacklist solutions.

If the answer to all of these questions is “No”, you may still be on a blacklist through no fault of your own.  If you are hosting your domain in a shared environment, it is typical that the IP address associated with your domain is the same as the IP address associated with several other domains. These shared environments use the same servers for multiple domains.  In this case, the IP address of the server has been blacklisted.  This may be due to one of the other domains on this server having trouble with spam or malware.  It’s not your fault, you’re tainted by association.

What can you do?

You have a few options that involve talking to your Internet Service Provider (ISP).  First, you must notify your ISP that your shared host has a blacklist issue.  This problem affects all the domains hosted on that server and your ISP needs to notify other customers on the affected server.  Also, they may need to protect other servers, or run anti-virus and anti-malware protection on the server as the blacklisting may have been as a result of an infection.  Second, you can ask your ISP to move your domain and website to another server or have the IP address of your server changed to one that is not blacklisted.  If the domain that caused the blacklisting remains on the same server, however, your blacklist problem will only go away temporarily.  Another option is to move your domain to a dedicated host, where you are not sharing a server.  This may be more expensive but will make you entirely responsible for the blacklist health of your domain.

MxToolbox email experts can help you with everything you need around blacklists, including:

  • Lookup tools for identifying the blacklists you are on
  • Monitoring tools to constantly watch your domains and IP addresses for inclusion on a blacklist (and our paid monitoring solutions come with our top-notch support)
  • Cloud-based Email Protection and Total Security packages to prevent future attacks that would get you blacklisted
  • Information on blacklist and links to the blacklist, including delisting resources.

We also offer a turn-key Domain Health Monitoring solution that automatically monitors all the important aspects of your domain, from blacklists to email to website health.

Contact us to learn more.

How do I get off the Blacklist?

This is the final article in a multi-part introductory series on blacklists and blacklist activity.

Most of our customers come to us when their business has already been adversely affected by blacklisting.  Email is crippled by low deliverability rates.  The first question our experts are asked is always “How do I get off this $%&! blacklist?”  The process is really simple, but it often takes time.

First, you need to stop spamming, or sending viruses and malware.  The infected systems need to be shutdown or quarantined.  This could mean taking down email servers or infected workstations across the company.

Second, you need to put in place tools that prevent future exploitation of your systems.  MxToolbox, as an expert in email and blacklists, recommends cloud-based email security software that protects both inbound and outbound email.  You can contact our experts to learn about our Email Protection and Total Security packages.

Third, you must contact the blacklisting agency or agencies to get delisted.  If you are on multiple blacklists, you must contact each one separately as each has their own preferred delisting process.  One thing is universal: before removing you from their list, blacklist operators will require you to explain the steps you took to prevent further spam, malware or botnet attacks from your servers.

MxToolbox email experts can help you with everything you need around blacklists, including:

  • Lookup tools for identifying the blacklists you are on
  • Monitoring tools to constantly watch your domains and IP addresses for inclusion on a blacklist (and our paid monitoring solutions come with our top-notch support)
  • Cloud-based Email Protection and Total Security packages to prevent future attacks that would get you blacklisted
  • Information on blacklist and links to the blacklist, including delisting resources.

Contact us to learn more.

My small business is on a Blacklist. What did I do wrong?

If you have been referred to us by your Internet Service Provider (ISP) because of a blacklist, then this article will most likely help you with your problem.

If you are running a small business, it is unfortunately a fairly common occurrence that your mail could be blocked by a blacklist even if you do not send bulk email, spam, malware or run your own email servers.  The problem is one that can be easily corrected.

But, this may seem complicated…

When you send email, the computer you send the email from is listed as the point of origin and the IP address is recorded in the email header, which is routing instructions and history passed around with your content.  Many people still use Outlook or another email client local to their computer.  When you use a local email client, your computer’s IP address and the IP address of your router are recorded in these email headers (to learn more about email headers check out our Analyze Headers tool).  These are the IP addresses of the email’s origin.

Unless you pay extra for a dedicated IP address, the IP address of your router is dynamically assigned to you from a pool of IP addresses owned by your ISP.   Typically, these dynamically assigned IP addresses (also known as DHCP IPs) are automatically blacklisted because they can be assigned to anyone at anytime for anything.  To summarize, you have been assigned a dynamic IP address which is likely blacklisted.  This is point of origin of all your email making your email likely to be refused by servers using blacklists to filter email.

What’s the solution?

There are several solutions to this problem each with different trade-offs or costs.

Use your ISP’s webmail – Most Internet Service Providers have a webmail client you can use as part of your subscription.  These webmail clients send the email from the IP address of the ISP’s mail servers, not your IP.  Sending from their servers gives you their blacklist reputation so you should not be blocked by blacklists.  Many of these will work with your existing domain, if you have your own domain name.   However, usability and functionality may not meet your needs.  It is a good idea to look into this option as it’s free and part of your internet access.

Acquire a static IP address from your ISP – This is a good option for small businesses that want to host their own servers for websites, email or other tasks.  A static IP address is from a different pool than dynamic IPs so it is less likely to be on a blacklist.  This option will allow you to continue to use your local email client (Outlook or another), but adds the monthly expense of the static IP.

Use 3rd party webmail – There are many 3rd party web-based email tools you can use, most with a small monthly cost.  Microsoft Office 365 and Google Apps offer complete collaboration suites, with email, spreadsheets, word processing and presentation applications.  Most of these will allow you to use your local email clients and all of them should allow you to use your domain name for correspondence.  The larger app providers have their own email security options that protect your reputation.  The only downside is cost.

At MxToolbox, we understand the causes of blacklisting and can help you by:

  • Alerting you when your IP or domain is on a blacklist
  • Protecting your email from the common causes of blacklisting
  • Protecting you from malicious websites and botnet attacks
  • Providing collaboration services like Google Apps services to businesses like yours

Contact us to learn more.

How can I prevent getting on a Blacklist?

This is the third article in a multi-part introductory series on blacklists and blacklist activity.

The simple answer is don’t spam, or send malware or viruses and you won’t get on a blacklist!  Unfortunately, this is not as simple as it sounds.   As applications and operating systems get more powerful and complex, they open more possibilities for exploitation.  Spammers and hackers are finding new ways everyday to exploit these systems.  Your system administrators keep up with patches, but, often what fails isn’t the configuration, patch or security, it’s human nature.  All it takes is an errant click on the wrong link or downloading something from the wrong site and your systems can be infected with malware.

The best way to prevent blacklisting is to limit the risk of a malware infection through comprehensive email filtering.  Now that botnets are also problematic, we also recommend security software that filters website URLs and DNS to offer additional protection.

At MxToolbox, we offer comprehensive email security solutions

  • Email Protection + Continuity provides inbound and outbound mail filtering to ward off spam, malware and other email-based attacks.  Outbound filtering means that even should your servers be compromised, spam will not be passed on to your customers.  With Continuity, should your email go down, your users will still have access to send and receive email while you work the issue.

  • Total Security includes everything from Email Protection + Continuity but adds in DNS and URL filtering of websites, both of on-premise and mobile devices.  With Total Security, your users are protected even if they click on links that download botnets or malware and also protected from botnets reaching out to host servers.

Regardless of the software you choose, implementing a comprehensive email security solution is necessary to prevent blacklisting and ensure email deliverability.  Contact us for more information.

In the next installment of our series on Blacklists, I will discuss the steps you need to take to get off of blacklists.

How did I get on a Blacklist?

This is the second article in a multi-part introductory series on blacklists and blacklist activity.

At MxToolbox, our experts see the same story play out time and again:

For a few weeks or days, a small number of seemingly random emails bounce back or delivery fails.  At first, this is no real problem; email is never 100%, right?  Then, an important email to a big client goes missing and your users get nervous.  Administrators at your client’s organization says you’ve been blacklisted so they can’t accept email from you.  By then, you realize a large portion of your email isn’t getting through to anyone.  Your business is at risk and it’s all because you are on a blacklist!

Blacklist operators use a number of ways to catch and track undesirable activity but sometimes they capture legitimate businesses, like yours.  Typically, legitimate businesses get placed on a blacklist for one of the following reasons:

  • Relaying spam through in-house email servers
  • Sending malware, viruses or spam from individual accounts
  • Denial of Service (DoS) or other type attacks from malware infected servers or networks
  • Unknowingly Sending phishing emails or unsubscribe attacks
  • Operating a mail server with no reverse DNS, such as from an IP address in your Internet Service Provider’s (ISP’s) dynamic IP address pool (DHCP)
  • Failing to honor unsubscribes when mailing

So, you can see there are a number of reasons that you can end up on a blacklist without actually intending to do something undesirable.  Most often, our experts find that a blacklist issue was caused by your servers passing on spam, viruses or malware.  This condition is highly preventable!

At MxToolbox, our experts understand the common causes of blacklisting.  We can help you take immediate steps to get removed from blacklists and provide thoughtful solutions to keep you off blacklists in the future.  Contact us for more information.

In the next installment of our series on Blacklists, I will discuss some methods for preventing blacklists.

What’s going on with Barracuda blacklist results?

You may be seeing something odd with listings on Barracuda right now.  MxToolbox is reporting your IP address as listed on Barracuda’s Blacklist but when you go to Barracuda’s website, you’re not listed.  You’re probably thinking “These guys at MxToolbox have lost it”, but that’s not quite the case.  

MxToolbox subscribes in various ways to the DNSRBLs at different providers like Barracuda.  Barracuda being a large organization with a large subscriber base has multiple DNS servers providing blacklist information.  One of these servers seems to be out of sync with the others and the website database.  The questionable IP addresses appear to be coming from this one server.

Why does MxToolbox report it as blacklisted?

The MxToolbox philosophy on blacklisting is to provide blacklist results that most closely resemble real-world blacklist usage.  To do that, MxToolbox caches positive blacklist results until the TTL (time-to-live) of the record expires.  When we get a positive response, we list it regardless of how many of the DNS servers list it at the blacklisting organization, because this is how spam filters work. A spam filter will get a positive result and lock out any email from that IP address.

Am I really blacklisted even if I’m not on Barracuda’s website?

If you are listed on the out-of-sync DNS server, you are technically blacklisted.  Spam filters that subscribe to Barracuda may connect to this DNS server,  receive your IP address on the blacklist and then begin to refuse your email.

What can I do?

To get off the blacklist, you must contact Barracuda and let them know that you are listed on one of their servers.  When we investigated, we found the results were coming from a server in their geons01.barracudacentral.org DNS server pool (see the image below).  We have opened our own case with Barracuda.

Three direct lookups of a particular IP address on Barracuda's DNS servers.  Note that the same server pool provides different results.

Three direct lookups of a particular IP address on Barracuda’s DNS servers. Note that the same server pool, geons01, provides different results. 

 

What is a Blacklist?

This is the first article in a multi-part introductory series on blacklists and blacklist activity.

A Realtime Blacklist, or RBL, is a list of IP addresses and domain names that an organization has decided to block, typically for spam.  There are many Blacklists, and each focuses on different types of undesirable behavior.  For example:

  • CBL or Composite Blocking List is a DNS-based blackhole list of suspected e-mail services sending SPAM email resulting from virus or malware infections.
  • Listing on Backscatterer blacklist indicates that your server is issuing “backscatter” in the form of Non-Delivery Reports (bounces) to external users, or misdirected autoresponders and sender callouts.
  • Inclusion in either of the MAILSPIKE Blacklists (BL or Z) means that your IP Address has most likely been identified as being part of a real-time spam outbreak.

Blacklists are typically used to block undesirable internet traffic.  For example:

  • Blocking access to websites on domains known for malware
  • Blocking incoming email from IPs or domains known to be spammers
  • Blocking access to IP addresses based in risky countries

MxToolbox does not own or operate any of these blacklists.  Instead, our email experts curate a list of over 100 blacklists and aggregate blacklist information into a single, central lookup tool.  Our tools enable you to check your mail server IPs and domain names against all these blacklists in a single consolidated interface.  Our monitoring packages enable you to monitor your domains and IP addresses for blacklist activity and get instant notification when placed on a blacklist.  We built our lookup and monitoring tools to help you navigate the complicated world of blacklists.

Your email deliverability depends on staying off of blacklists.  Get protected today.

In our next installment of our series on Blacklists, I will discuss how legitimate businesses sometimes end up on blacklists.

Is Go Daddy DNS Up or Down?

The short and confusing answer is both.  Let me try to explain.

The Down

As of this morning, the authoritative DNS nameservers at Go Daddy were unavailable.  These servers provide the IP addresses of local DNS servers containing domains hosted on Go Daddy.  So, if you’re hosted on Go Daddy, you’re DNS is in one of these local DNS servers.  External queries would not be able to find your IP address because the authoritative servers at Go Daddy could not resolve the local DNS server containing your information.  You are essentially down to authoritative DNS lookups and anyone without a cache containing the local DNS server with your IP address.

The Up

For most people, this is not an issue. Go Daddy is large enough with enough regular traffic to generate a large cache of DNS entries.  If you are hosted on Go Daddy, returning customers will have cached DNS information and be able to navigate to your site without the need to hit the authoritative DNS servers.  Even many new customers can navigate to your site based on cached resolutions to the DNS servers with your domain information.  However, new customers will be unable to resolve if they or their ISP has not cached DNS for your site.

The Upshot

MxToolbox DNS lookups show Go Daddy DNS and DNS for domains hosted on Go Daddy as down.  We do this because the authoritative DNS servers cannot resolve the local DNS servers, so the lookup chain is broken.   Our lookups and monitors always start from the root and do not use cached information, so you get a complete look at the DNS configuration.

Further, this issue may eventually cause a situation where your site becomes completely inaccessible.  DNS entries have a limited TTL (Time to Live).  When TTL expires, the entry is erased from the cache.  Should Go Daddy’s outage last longer than your domain’s TTL, customers will be unable to resolve your IP address and unable to connect to your site.   MxToolbox recommends DNS Monitoring or Domain Health Monitoring for your mission critical domains so you are warned of these issues before it becomes an outage.