Category Archives: Uncategorized

DNS Batch Tool

Have you ever needed to lookup DNS on a large list of IPs?  How about parsing a security log to see where a potential threat is coming from?  Combing through the log and getting the full list of IPs can be tedious and tiresome.  And, then you still have to run the DNS checks one-by-one or write a script to do it for you.

Or, you could come to MxToolbox where we have all the cool tools…

That’s right, we’ve launched a DNS Batch Lookup Tool that does all that for you.  Available to all MxToolbox Professional users, DNS Batch Tool eliminates the time-consuming work of parsing text for IP addresses and repetitive DNS lookups.

You can find it on the main menu of the MxToolbox Professional interface* along with our premium monitors like DNS Zone Protect and MailFlow Monitoring.

DNSBatch_link

DNS Batch Tool provides takes simple text as the main input.

DNSBatch_home

As, you can see below, I’ve copied an entire email into the tool so I can see lookup routing information for my most recent campaign.  I could also use security logs or a pre-generated list of IP addresses.

DNSBatch_hometext

DNS Batch Tool parses the text file and automatically extracts all the IP addresses.

DNSBatch_extract

 

Processing these IP addresses yields reverse host name, country, region and city information, AS number and AS name.

DNSBatch_results

 

Note: you must be a paid user to access MxToolbox Professional.

Reputation Lookup

Your domain’s reputation has become increasingly important to email deliverability, website accessibility, brand reputation and overall business performance.  No business can afford to ignore their domain’s online reputation.  Many companies, like Google and PhishTank, publish APIs to their online reputation databases, enabling businesses to check their online status or check the status of a website before accessing it.  However, researching and monitoring all these sites creates a lot of work.

Brand Reputation - Bad

A typical example of a domain with a poor online reputation.

Brand Reputation - Good

An example of a website with a good online reputation.

Fortunately, Mxtoolbox can help!  Our new Reputation Lookup tool provides you with a consolidated view of your domain’s online reputation.  On first release, our one-stop Reputation Lookup checks Google and PhishTank.  As we discover new reputation databases, these will be added to increase your insight into your online reputation.  Check out your domain in our tool!

Did DNS Propagate?

If you have multiple DNS servers, one of your biggest concerns is probably the propagation of changes across your pool of servers.  Once you make a change, add a record or remove a record is that record getting updated on all your servers?  Are you serving up the same records or is one server out of sync?   Are your registrar’s servers syncing your changes?

MxToolbox's DNS Propagation tool, available in Classic and Professional interfaces

MxToolbox’s DNS Propagation tool, available in Classic and Professional interfaces

MxToolbox is happy to announce our new DNS Propagation tool.  Our tool checks all of your DNS servers simultaneously when you lookup a record, compares the Start of Authority record to all servers and highlights the server(s) that are different.  In one lookup, you can view the propagation of your records across your entire DNS pool.

dnspropagation

A well-timed search for Google.com’s A record shows them in the process of propagation across servers.

Are your emails deliverable?

One of the biggest concerns in email marketing and online commerce is the deliverability of email.  Can you do business if the email server at your target customers refuses to accept your email?

There are many types of email deliverability rankings, some focus on marketing deliverability to specific customers, bulk email services or even online management of email reputation.  MxToolbox focuses on the fundamental questions of email function:

  • Are your email headers properly formed?
  • Is SPF configured properly?
  • Is DKIM configured?  And, what is the signature?
  • What’s the round trip processing time and for each hop in the email?

Our new Email Deliverability analysis tool provides insight into your email configuration which will help you ensure email delivery to your customers, prospects and business partners.

Email Deliverability Report

An example MxToolbox email deliverability report.

Looking Up ASN

Autonomous System Numbers or ASNs are provided by Internet registries to Internet Service Providers as a unique identifier of their network.  ISPs may have multiple networks and therefore multiple ASNs, one for each non-contiguous subnet, which may get confusing for network managers or customers, as you can see in this example below.  ASNs are also used to configure Border Gateway Protocol (BGP) between two networks or between two subnets.

ASN Lookup Example

Level 3 Communications owns multiple ASNs. With our tool, it’s easy to find the appropriate one for your project.

MxToolbox has developed an ASN Lookup Tool that takes an ISPs name and returns the ASNs they own. In addition, the tool can accept an ASN and return the name of the owner.  This tool can be useful for network managers working with large ISPs or trying to determine ownership of a particular ASN or attempting to setup BGP.

 

More threats to DNS

As reported by Cisco, Domain Shadowing attacks have risen more that 4x in the last year.  This is a disturbing trend, that concerns all businesses, whether small, medium or large.  DNS Shadowing attacks utilize a business’s reputation to acquire access to important personal or financial information typically by leveraging a subdomain of the business.  For example, an attacker with access to your DNS configuration can setup an spam.yourdomain.com subdomain and route your customers to a website with your look, feel and branding.  From there, your customers will be prompted to login, and expose their credentials and personal information.

This type of threat even affects government agencies, as recently seen with the St. Louis Federal Reserve.  Attackers gained access to the DNS servers and added a subdomain on a foreign server where they gathered login credentials from researchers.   While gathering researchers credentials may not seem frightening, there is potential that these credentials could have been leveraged to access more financially relevant systems.

Incidents like these highlight the need for multi-layered threat protection that protects your servers and your reputation across multiple technologies and externally monitors threats.  At MxToolbox, we offer comprehensive monitoring solutions, like DNS Zone Protect, to help protect our customers from new and emerging threats. DNS Zone Protect gives you peace of mind knowing that changes to your DNS are being externally monitored by MxToolbox.

Did your DNS change last night?

As your company grows, so does access to your DNS.  Often multiple groups can make changes to DNS: Development, IT Operations, Marketing and even consultants.  Keeping track of who has access and what changes were made or were not made can be a difficult, but important exercise. Servers on subdomains left publicly visible long after the project is over can be used for exploitation by attackers.  Or, someone could inadvertently tell the world about a new product by setting up the subdomain early.  Finally, there is real risk in someone making an unauthorized change to DNS that shuts down critical systems.  Monitoring your DNS for changes is a business-critical task.

MxToolbox recently launched DNS Zone Protect, a monitoring solution for all your DNS, that gives you immediate warning when any change is made to your DNS.  With DNS Zone Protect, you get peace of mind knowing that changes to your DNS are being externally monitored by MxToolbox.

A new threat to your reputation via DNS

We’ve heard time and again that phishing attacks are the most popular method to obtain access to sensitive company data, but now, phishing is being used to get access to DNS. Lately, a new attack called DNS Shadowing has become increasingly popular, with growth of over 300% in the last year, and it threatens your online reputation.

DNS Shadowing involves phishing or otherwise obtaining access to your DNS accounts. From there, an intruder can create subdomains of your domain and point these entries to their servers without your knowledge. They use these false entries as part of email campaigns to your customers to gather credit cards and financial information. Since these attacks have legitimate appearing sites on URLs that appear to be part of your networks, it appears that you are asking for this information! Your reputation can be used to attack consumers that don’t even have business with you. Talk about a blow to your online reputation!

MxToolbox recently launched DNS Zone Protect, a monitoring solution for all your DNS, that gives you immediate warning when any change is made to your DNS. With DNS Zone Protect, you get peace of mind knowing that changes to your DNS are being externally monitored by MxToolbox.

Announcing New Email Deliverability Lookups and Monitors

This week we released tools and monitors that test your servers for DKIM and DMARC standards compatibility.  These two standards help companies send and receive email more safely and should be used by any company running their own email servers to ensure email deliverability.

What are these standards?

DKIM

DKIM, or DomainKeys Identified Mail, is a standard that allows an organization to cryptographically sign an email message in order to take responsibility for that message.  Receivers can then use this digital signature in their process for approving or rejecting the email in their spam filter.  As DKIM signatures are associated with a domain, the reputation of that domain is the basis for evaluation.

DMARC

DMARC, or Domain-based Message Authentication, Reporting & Conformance, is a standard for how email receivers authenticate email messages using SPF and DKIM.  DMARC policies are published by senders via DNS.  These policies tell a receiver that the messages sent were protected by SPF and DKIM and how to respond to messages that did not pass the receivers filters, such as spam filters or virus filter.

Why do I need it?

Email is a generally insecure method of communication.  Spam and phishing attacks leverage email because it easy to spoof and highly trusted by naive consumers.  For example, many people trust an email simply because it contains a company’s logo and appears to come from that company’s email address, both of which are easy to fake.  Email service providers like Google (Gmail), Microsoft (Hotmail/Outlook.com), and Yahoo! value DKIM and DMARC because it simplifies their algorithms for filtering trusted email from spam and phishing attacks.  If you are a small business targeting business or consumer customers, you need to adopt DKIM and DMARC to ensure your emails get through to your customers.

How do I use MxToolbox?

Once you have DKIM and DMARC setup, you can use MxToolbox to check your configurations and ensure they are accessible to the outside world.  We even offer these as monitors which will alert you if DKIM or DMARC is unaccessible or changes.

DKIM lookup result for mailjet.com using their google key

dkim

Typical DMARC lookup results for google.com
dmarc

As with all our DNS monitor types, DKIM and DMARC monitors check your configuration every 5 minutes.

The Ransomware Threat to Small Business

Today’s Wall Street Journal article, ‘Ransomware’ a Growing Threat to Small Businesses, is a great synopsis of the threat organized and skilled cyber criminals pose to small businesses every day.  Many small businesses run without any sort of spam, virus or malware protection so they make easy and attractive targets for criminals looking to make an easy buck (or bitcoin).

At MxToolbox, we see this issue arise daily.  Small businesses contact us because they are on a blacklist only to discover that it was a malware infection caused by malware from spam or an infection caused by following a spammy link.  Ransomware attacks start in exactly the same way, a spam email with a legitimate looking website or an attachment.  All it takes is an errant click or opening the wrong attachment and you’re infected and your business grinds to a halt.  Recovery can take you hundreds of dollars or dozens of hours, whether you pay or recover from a backup.

Do you have an offsite backup?

Most small businesses don’t.  Our first recommendation for your small business to survive a ransomware threat, a fire, a tornado or any business continuity issue is to immediately invest in a cloud-based or other type of offsite backup, and backup your entire business.  This will protect against these large issues but also against simple accidents that could harm your business.  Have you ever deleted a file and immediately wished you hadn’t cleaned your Recycle Bin?

Protect your email

If you are running your own email system, you need to protect it.  We highly recommend some sort of comprehensive spam, virus and malware protection on your servers.  Basic spam filtering isn’t enough and will not capture the zero-day outbreak type malware or attachments that are used by ransomware attacks.  You need to filter for malware and viruses as well.

Protect your team from malicious links

This one is a little harder.  Spam email, especially with zero-day outbreak attacks, can include links to sites that are neutral at the time the email is sent, but activated shortly after to become malicious.  This type of attack is very difficult to protect against and often uses phishing style emails that look completely legitimate.  Exploits like ransomware get you to click on these links and download software to infect your systems.  New technologies can protect you from these types of seemingly normal, but malicious links.

MxToolbox Solution

At MxToolbox, we offer comprehensive email security solutions

  • Email Protection + Continuity provides inbound and outbound mail filtering to ward off spam, malware and other email-based attacks.  Outbound filtering means that even should your servers be compromised, spam will not be passed on to your customers.  With Continuity, should your email go down, your users will still have access to send and receive email while you work the issue.

  • Total Security includes everything from Email Protection + Continuity but adds in DNS and URL filtering of websites, both of on-premise and mobile devices.  With Total Security, your users are protected even if they click on links that download ransomware, botnets or malware and also protected from botnets reaching out to host servers to start the encryption process.

Note:  As of Monday, April 20th, PBS has another article on Ransomware.