Category Archives: Knowledgebase

How do I get off the Blacklist?

This is the final article in a multi-part introductory series on blacklists and blacklist activity.

Most of our customers come to us when their business has already been adversely affected by blacklisting.  Email is crippled by low deliverability rates.  The first question our experts are asked is always “How do I get off this $%&! blacklist?”  The process is really simple, but it often takes time.

First, you need to stop spamming, or sending viruses and malware.  The infected systems need to be shutdown or quarantined.  This could mean taking down email servers or infected workstations across the company.

Second, you need to put in place tools that prevent future exploitation of your systems.  MxToolbox, as an expert in email and blacklists, recommends cloud-based email security software that protects both inbound and outbound email.  You can contact our experts to learn about our Email Protection and Total Security packages.

Third, you must contact the blacklisting agency or agencies to get delisted.  If you are on multiple blacklists, you must contact each one separately as each has their own preferred delisting process.  One thing is universal: before removing you from their list, blacklist operators will require you to explain the steps you took to prevent further spam, malware or botnet attacks from your servers.

MxToolbox email experts can help you with everything you need around blacklists, including:

  • Lookup tools for identifying the blacklists you are on
  • Monitoring tools to constantly watch your domains and IP addresses for inclusion on a blacklist (and our paid monitoring solutions come with our top-notch support)
  • Cloud-based Email Protection and Total Security packages to prevent future attacks that would get you blacklisted
  • Information on blacklist and links to the blacklist, including delisting resources.

Contact us to learn more.

How can I prevent getting on a Blacklist?

This is the third article in a multi-part introductory series on blacklists and blacklist activity.

The simple answer is don’t spam, or send malware or viruses and you won’t get on a blacklist!  Unfortunately, this is not as simple as it sounds.   As applications and operating systems get more powerful and complex, they open more possibilities for exploitation.  Spammers and hackers are finding new ways everyday to exploit these systems.  Your system administrators keep up with patches, but, often what fails isn’t the configuration, patch or security, it’s human nature.  All it takes is an errant click on the wrong link or downloading something from the wrong site and your systems can be infected with malware.

The best way to prevent blacklisting is to limit the risk of a malware infection through comprehensive email filtering.  Now that botnets are also problematic, we also recommend security software that filters website URLs and DNS to offer additional protection.

At MxToolbox, we offer comprehensive email security solutions

  • Email Protection + Continuity provides inbound and outbound mail filtering to ward off spam, malware and other email-based attacks.  Outbound filtering means that even should your servers be compromised, spam will not be passed on to your customers.  With Continuity, should your email go down, your users will still have access to send and receive email while you work the issue.

  • Total Security includes everything from Email Protection + Continuity but adds in DNS and URL filtering of websites, both of on-premise and mobile devices.  With Total Security, your users are protected even if they click on links that download botnets or malware and also protected from botnets reaching out to host servers.

Regardless of the software you choose, implementing a comprehensive email security solution is necessary to prevent blacklisting and ensure email deliverability.  Contact us for more information.

In the next installment of our series on Blacklists, I will discuss the steps you need to take to get off of blacklists.

How did I get on a Blacklist?

This is the second article in a multi-part introductory series on blacklists and blacklist activity.

At MxToolbox, our experts see the same story play out time and again:

For a few weeks or days, a small number of seemingly random emails bounce back or delivery fails.  At first, this is no real problem; email is never 100%, right?  Then, an important email to a big client goes missing and your users get nervous.  Administrators at your client’s organization says you’ve been blacklisted so they can’t accept email from you.  By then, you realize a large portion of your email isn’t getting through to anyone.  Your business is at risk and it’s all because you are on a blacklist!

Blacklist operators use a number of ways to catch and track undesirable activity but sometimes they capture legitimate businesses, like yours.  Typically, legitimate businesses get placed on a blacklist for one of the following reasons:

  • Relaying spam through in-house email servers
  • Sending malware, viruses or spam from individual accounts
  • Denial of Service (DoS) or other type attacks from malware infected servers or networks
  • Unknowingly Sending phishing emails or unsubscribe attacks
  • Operating a mail server with no reverse DNS, such as from an IP address in your Internet Service Provider’s (ISP’s) dynamic IP address pool (DHCP)
  • Failing to honor unsubscribes when mailing

So, you can see there are a number of reasons that you can end up on a blacklist without actually intending to do something undesirable.  Most often, our experts find that a blacklist issue was caused by your servers passing on spam, viruses or malware.  This condition is highly preventable!

At MxToolbox, our experts understand the common causes of blacklisting.  We can help you take immediate steps to get removed from blacklists and provide thoughtful solutions to keep you off blacklists in the future.  Contact us for more information.

In the next installment of our series on Blacklists, I will discuss some methods for preventing blacklists.

What is a Blacklist?

This is the first article in a multi-part introductory series on blacklists and blacklist activity.

A Realtime Blacklist, or RBL, is a list of IP addresses and domain names that an organization has decided to block, typically for spam.  There are many Blacklists, and each focuses on different types of undesirable behavior.  For example:

  • CBL or Composite Blocking List is a DNS-based blackhole list of suspected e-mail services sending SPAM email resulting from virus or malware infections.
  • Listing on Backscatterer blacklist indicates that your server is issuing “backscatter” in the form of Non-Delivery Reports (bounces) to external users, or misdirected autoresponders and sender callouts.
  • Inclusion in either of the MAILSPIKE Blacklists (BL or Z) means that your IP Address has most likely been identified as being part of a real-time spam outbreak.

Blacklists are typically used to block undesirable internet traffic.  For example:

  • Blocking access to websites on domains known for malware
  • Blocking incoming email from IPs or domains known to be spammers
  • Blocking access to IP addresses based in risky countries

MxToolbox does not own or operate any of these blacklists.  Instead, our email experts curate a list of over 100 blacklists and aggregate blacklist information into a single, central lookup tool.  Our tools enable you to check your mail server IPs and domain names against all these blacklists in a single consolidated interface.  Our monitoring packages enable you to monitor your domains and IP addresses for blacklist activity and get instant notification when placed on a blacklist.  We built our lookup and monitoring tools to help you navigate the complicated world of blacklists.

Your email deliverability depends on staying off of blacklists.  Get protected today.

In our next installment of our series on Blacklists, I will discuss how legitimate businesses sometimes end up on blacklists.

Disable Outlook Filtering

Many administrators don’t realize that Outlook by default has its own filtering in place. This filtering is very basic and it doesn’t usually cause any issues with your existing mail server security or 3rd party filtering. If you have exhausted your efforts in troubleshooting missing mail or false positives you may disable this filtering to see if that helps. To disable Outlook Filtering, follow these steps:

  1. Open Outlook
  2. Click Actions > Junk E-mail >Junk E-mail Options
  3. Select No automatic filtering;
  4. Press OK.

Search Gmail logs in the administrator control panel

This is very exciting news!

What happened to an inbound or outbound message? Was a message sent to my domain and marked as spam? Which users sent or received a specific message? Starting today, domain admins can get answers to these and other such questions using Gmail log search. This feature is now available in the administrator control panel.

See Finding messages with email log search for steps on using the email log tool located within the Reports tab. See Viewing message details for a description of the output. Finally, see Interpreting message details for recommendations on using log search results to investigate delivery issues.

Guidelines

When using email log search, keep in mind these limitations and conditions:

  • Only super administrators have access to email log search.
  • Resellers do not have access to the email log search feature for a resold domain when accessing its control panel via the reseller console.
  • Messages may take up to an hour after being sent or received to appear in the email log search database.
  • Only messages from the past 30 days can be retrieved via search.
  • The maximum date range for queries is a seven-day period.
  • Log times are shown in the administrator’s own time zone.
  • Mail sent to a Google Group or other mailing list doesn’t appear unless a Google Apps user is a member of that group and a recipient of the message.
  • Focused queries are faster and recommended. For instance, a specific message ID query may take a few seconds to return results while more generic queries without a message ID may take dozens of seconds to complete.
  • Search values must be complete. No partial matches or wild cards are supported.
  • Although the subject is shown in search results, messages cannot be queried by subject.
  • Only one sender or recipient can be entered in a query. Multiple entries are not supported.

For more information:
http://support.google.com/a/bin/answer.py?hl=en&answer=2604578

New Ping and Traceroute Tools available at MxToolbox.com

Today we’re happy to announce that we have added ICMP Ping and Traceroute to our Free Tools at mxtoolbox.com. Typically you would use a Windows Command Processor or Terminal shell to utilize Ping and Traceroute to help troubleshoot issues however it is often very useful to run these tools from a location other than where you are currently sitting, so we’ve added it to the arsenal of commands available on our site.

Ping (http://en.wikipedia.org/wiki/Ping)

Ping is a commonly used tool to test the reachability of a host (IP) and also measures the round trip time on the response.

NOTE: Don’t confuse the new ICMP ping tool with our ping@mxtoolbox.com email trace tool. Ping@mxtoolbox.com was created in the spirit of ICMP ping as a quick tool to test Inbound and Outbound mail flow on a server. For more details on ping@mxtoolbox.com, go here.


Traceroute (http://en.wikipedia.org/wiki/Traceroute)

Traceroute tracks the path that a packet takes from the source to a destination address.  A traceroute also shows how many times your packets are being rebroadcast by other servers until it gets to the final destination.

Along with our Free DNS Tools, we also offer Free Server Monitoring. Our MxWatch Monitoring will allow you to setup Monitors for Blacklists, SMTP and more. You will then be alerted via email or SMS text if there is an issue with a Monitor, which can help you address problems before they escalate. The Free version of our MxWatch includes two Monitors, which can be used to check the Blacklist every seven days or any other additional alerts of your choice; SMTP, TCP, HTTP, etc. We also offer Paid Services for those individuals that want to monitor more than two sites or servers.  Why choose the paid services? The MxWatch Basic package provides up to 10 Monitors as well as access to the Tier II expertise of our rock-star Support Team!

Here is the full list of available commands for our Free DNS Tools:

Command Explanation
blacklist: Check IP or host for reputation
smtp: Test mail server SMTP (port 25)
mx: DNS MX records for domain
a: DNS A record IP address for host name
spf: Check SPF records on a domain
txt: Check TXT records on a domain
ptr: DNS PTR record for host name
cname: DNS canonical host name to IP address
scan: Perform a port scan on the host
whois: Get domain registration information
arin: Get IP address block information
soa: Get Start of Authority record for a domain
tcp: Verify an IP Address allows tcp connections (tcp:ip:port)    New!
http: Verify an IP Address allows http connections (http:”url”:”regex”)    New!
https: Verify an IP Address allows secure connections (https:”url”:”regex”)    New!
ping: Perform a standard ICMP ping  New!
trace: Perform a standard ICMP trace route  New!


As always we thank everyone for their feedback on our tools, to reach out to us please email us at feedback@mxtoolbox.com.

NOMOREFUNN Realtime Blacklist Website Having Issues

A few weeks ago we started receiving notices that the NOMOREFUNN Realtime Black List (RBL) website was down.  We’ve been monitoring their site for a few weeks and their website remains down however the RBL database itself is up and taking queries. Unfortunately we don’t have any details as to why/when the site went down.

Although the website remains down, the RBL list is answering and is being maintained. Due to the RBL List still answering and showing in an active state, we will not be removing this list from our tool at this time.

MxToolBox is not affiliated with any Blacklists nor does inclusion on our tool advocate the use of any specific lists.  We simply provide a public tool that can be utilized to see if you are on a Blacklist.   If you are on a Blacklist, or more importantly, if you are having problems with your email delivery and you’re not getting the help you expect from the blacklists themselves or the recipients to which you cannot send; MxToolBox has a Solution!  MxToolBox offers Blacklist Protection!  For more information please feel free to visit our website or email info@mxtoolbox.com.  You can always call 866-MxToolBox (698-6652) and ask to speak to any of our blacklist specialists for assistance or to learn more about our solutions.

We’re always looking for new Blacklists to add to our tools.  If you have one you would like to suggest, please send an email to support@mxtoolbox.com.

For information about other Blacklists that have shut down or Blacklists that are having problems, view this forum post.

Tax Time – Here comes the Spam!

It’s that time of year again; tax time.  Here you are preparing your tax return and you’re already getting emails about the submission before you’ve finished?   BEWARE of spammers trying to take advantage of you during this time. We have already seen several different versions of emails that spammers have sent.

The goal of these campaigns is to have you click on their spam campaign. The links in the email will direct you to a fraudulent web site. Keep in mind that these are designed to look very official and are actually composed nicely with correct grammar (most of the time) and appear to be very professional. Clicking on these emails can lead to your computer becoming infected with a virus, trojan or malware. What’s worse, these campaigns are using phishing which is designed to gather your personal information including your social security number, login information or even your credit card data.

How do you avoid these spam campaigns?
Spammers unfortunately often have the upper hand because they create the spam campaign and then Email Providers like MxToolBox have to quickly adjust their filters. While the filters are being automatically adjusted to combat these types of spam attacks you may still encounter messages like this. In addition to being aware of these potentially dangerous spam tactics we would also recommend having the correct protection! Most of us have a good Anti-virus program but that is like locking the front door but leaving a window open. If you click on an email that has a fraudulent link, you have opened the your personal window to a web-based attack. Unfortunately most networks don’t have Internet Browser Web Security so you could be very vulnerable to this type of email to web-based attack.

MxToolbox has partnered with Webroot to offer Web Security to protect your network from attacks through the web browser. Our Total Security Solution includes Business Email Perimeter Security in combination with Web Security to provide additional layers of protection to combat Email and Internet threats. Webroot eliminates spyware and viruses with best-of-breed scanning engines and offers a 100% guarantee.  In addition to protecting against malware you have the ability to enforce web access policies and generate detailed reports on your users’ browsing history.

Below are a few samples of the most recent spam campaigns we have noticed. You may notice that the third one below is not necessarily tax related, but is an inquiry from the Better Business Burea. This is not a real request and is spam. Be wary!

If you’ve ever had problems with Spam like this in your network, or worse yet, if you’ve experienced the pains and toils of the virus/malware infections that results; rest easy – there is a solution. Even if you have Anti-Virus software installed, it’s not enough; you can still be susceptible to these problems.

Please visit our Website to learn more about our Web Security Solution and call (866)-MXTOOLBOX / (866)-698-6652 to speak to one of our specialists about how you can put this problem to rest forever!

Postini – 4000 Character Approved/Blocked Sender Limit

List length limit (4000) exceeded.

If you have received this error when trying to add to your approved/blocked sender list, it can be very frustrating!

Postini has limited the number of characters (not entries) and the maximum number of characters allowed for each approved/blocked list in the Administration Console to 4000.  If each entry is 30 to 40 characters, each sender list can include approximately 100 to 130 addresses and domains.

To free up more space, we recommend deleting addresses that are no longer used. Keep in mind that if you are managing your Approved/Blocked Sender List in your Postini Message Center, you are only adjusting your personal preferences. Your administrator may consider adding an address  to the global organization-level list to improve filtering for all users. If that is done, this would mean that you could remove that particular address from your list and free up a bit of space.

Keep in mind that the approved/blocked lists are meant to allow addresses that have had issues getting through the filters; we do not recommend proactively adding email addresses to the approved sender list. Adjusting your approved/blocked senders list can allow spam through unknowingly. We also highly recommend never adding your own domain or any specific email address on your domain as that can cause spoofing and then you have opened the door to spam!