Blacklist, No-List, Delist, Whitelist

Everyday we get requests to “Whitelist” an IP.  To quote the great Inigo Montoya, “I do not think it means what you think it means.”  When talking about Blacklisting, Delisting, Whitelisting and not being on a list at all, you need to need to understand exactly what it is you are requesting. So, here are a few definitions to help you talk about what is actually going on.

Blacklist

When an IP or domain is blacklisted, traffic from or to that location is cutoff.  Typically, blacklisting is due to some bad action on the part of the IP address or domain owner, like sending spam, being infected with malware or viruses or facilitating spam through a bad mail configuration.

Short-term blacklisting is a wake up call to fix problems and harden your email or web server security.  Long-term blacklisting will cripple the business run from that IP address or web server.  We provide much more information on blacklisting throughout our blacklist-specific blog articles.

For more information on the blacklists we curate, check out our blacklist information page.

No-List

No-list simply means that you are not listed on a blacklist, whitelist or greylist.  This is good.  It means no one out there is concerned about your IP address or domain.  Basically, no-list is business as usual.

Delist

When you are on a blacklist, you can ask to be removed from the blacklist.  This is called delisting.  A delisting request should be made to the blacklist agency that has you listed.  MxToolbox aggregates and curates our list of blacklists and provides delisting support to our paid customers.  We don’t run the lists and we cannot help you if you haven’t already performed the necessary minimum steps for delisting:

  • Remedy the problem with your servers.  Stop the spam, fix the configuration, purge the malware or viruses, rebuild if you have to.
  • Contact the blacklist and request delisting.  Some blacklist will not have a contact for and will automatically delist you after a period of time wherein no new spam issues arise.
  • Wait.  Delisting takes time.  We understand the pain of being blacklisted and how that can affect your business and revenue, but delisting does not happen overnight.  Blacklists need to wait to make sure they are delisting legitimate businesses while still catching spammers.  If they delist you too early, they lower their reputation as a valuable mechanism to combat spam.

Greylist

Many blacklist operators have a second, less severe category for activity that isn’t considered overtly malicious, but is considered to be problematic.  These operators may choose to classify an IP address or domain name in this state as greylisted.  Greylisted simply means that the servers have done something bad, but not enough to have traffic completely banned.  Greylisted IP addresses and domain names could eventually be promoted to full blacklisting or unlisted entirely.

At MxToolbox, we are primarily concerned with Blacklisting.  Greylists are less common and the coding for greylists is inconsistent across blacklist providers.  If this is something you would like us to add, send email to our feedback address.

Whitelist

Many of our customers ask us to whitelist their IP address or domain names.  First, let me be 100%, we will never whitelist you.  I will explain.

Whitelisting an IP address or domain name means that we will always accept traffic from that server.  Whitelisting implies that the server is 100% clean, trusted and traffic from there is always valid.  Most companies will only whitelist highly trusted, internal, highly secured servers.  While we love our customers, we don’t know you that well!

If you are blacklisted, asking a company to whitelist you is like toilet papering a house and then asking for keys to the front door.  Fix your mistakes, build up your reputation, make amends, then maybe you will be trusted at some point down the road.  Not today.  What you really want when you are blacklisted is delisting.  

Note:  MxToolbox maintains a list of servers that we use to monitor our customers’ systems and setups.  These should be whitelisted so that we can accurately monitor your servers.

For more information on our monitoring solutions, check out our feature comparison page.

MegaRBL.net

We would like to address the false positive issue regarding the French blacklist, megaRBL.net (http://megarbl.net). 

During this past weekend they experienced a DNS issue, that caused a massive amount of IP Addresses to be listed by them.  This is common behavior when a blacklist goes offline.  We joking refer to it as “blacklisting the world”.

We monitored the situation, and decided after a period of time to disable that list from our tool set.  Their website currently shows that they have resolved their issues, and are back online.  With that being said, we have yet to re-enable that list within our system, and are continuing to monitor their functionality and discussing when or if we will re-enable them.

If there are specific RBLs you would like to suppress such as MegaRBL, you could do so through our Paid Monitoring feature “Ignored Problems”. Paid Monitoring customers have the ability to add specific diagnostic checks to their “Ignored Problems” list. This also includes specific blacklists. When a check is added to this list we will no longer send notifications regarding the specific check. The “Ignored Problems” feature is accessible in the “Settings” section of your Monitoring account.  Simply click on the drop-down menu in the upper right-hand corner of the site (next to your user-name). You will see the “Ignored Problems” tab there. For more information on Paid Monitoring options, check out our comparison matrix.

Confirming the “Down”

Sometimes MxToolbox may report your server as “Down” when you can reach it via browser or other connection.  How is this possible?

First, MxToolbox makes at least two attempts to contact your server before listing you as “Down”.  We make an initial contact on a preset periodic basis, governed by the monitor type.  If the connection is successful, your site is listed as “Up”.  If the connection times out, we attempt to make a second connection to verify that you are indeed down.  This second connection attempt is made from a different geographical location. If the second connection times out, then you will be marked “Down” and reported as such using your Notification settings.  We will continue to attempt connections to a “Down” system on the preset interval for up to 30 days, after which the system will be marked as permanently down. In the case that during the second connection attempt we are able to connect to your servers, we will ignore the initial check and report that your server is still in the “Up” state.

You are reported “Down” only when we have verified we cannot connect to you twice.  This is similar to what a customer would experience.

Second, you may have access to your servers because you are on a local network, have cached DNS, or are simply physically closer to your servers than we are.  When our connections time out, it could be due to a number of issues:

  • Network Connection Lag – If the server is slow to respond or the network takes too many hops, our process may time out.
  • DNS Misconfiguration – If we can’t find it, we can’t connect to it.
  • Firewalls – A firewall may block our access to your server but allow you to access, either via VPN or ACL.
  • Server Load – Sometimes your servers may be overloaded, causing low response times and our connections to time out.
  • Wrong Port – Our monitors can be configured to check specific services on specific ports.  Failure to connect might be because you are running a traditional service on a different port from the monitor.  Check monitor settings to verify.

Our transcript results always provide some indication of why the system was reported as “Down” to help you troubleshoot the issue.

Check Now

On every monitor, we have a “Check Now” button that will immediately start to recheck the server.  If you can connect and we report you “Down” then try this.  If it comes back up, it may be due to one of the conditions above having been remedied.  This will also restart services to a monitor that has been down for more than 30 days.

Monitoring Services

For more information on our monitoring services, check out our handy comparison chart here.

Blacklist Curation

To start, let me welcome you to the new blog.  Same content, better format!

Today’s topic is about curating the blacklists we search and how our experts decide to select a blacklist to be included on our site.

First, our experts in email deliverability look at what blacklists are being used by actual mail service providers, internet service providers and medium and large companies as part of their anti-spam filters.  Chances are good that if we list it, someone is using it to block spam somewhere.

Second, we require that there is some form of free delisting.  While the blacklist may have an express delisting fee or some other fee or donation associated with it, all our blacklists have a method of freely delisting your IP address or domain.  This may be a painfully long automatic delisting, but it’s still free.

Note:  Automated delisting is becoming more popular as delisting requests require significant oversight.  The idea behind automated delisting is that repeated issues are a sign of a repeated problem.  Delisting occurs typically when the issue for which the IP or domain was listed has not occurred in a certain amount of time, often proportional to the time the issue did occur.  Protected Sky is an example of a blacklist with an automated delisting.  Patience is required with these.

Finally, we look at relevance to our customers.  There are many blacklists out there, but are they in use?  Are they active?  Do they overlap other blacklists?  Are they limited to regional email traffic?

While we look at relevance to our customers, and where are customers are, the biggest test of relevance for your email is this:  Are you experiencing bounced email and on a blacklist? If you are experiencing bounces and on a blacklist we don’t support, let us know.  We will work to get add the blacklist if it is publicly available.  If you are on a blacklist we curate and not experiencing bounces, congratulations!  That means none of your customers or partners are using that blacklist as a spam filter.

At any time, if you have questions or comments about our blacklist curation, please email feedback@mxtoolbox.com

Deprecation of SPFBL DNSBL

We’re always happy to investigate new blacklists to see how they work for our customers and how they provide additional information on our customers’ email deliverability.  If anyone ever has a blacklist that they suggest we add, please email us.

Over the last few weeks, we’ve given SPFBL, a Brazilian-based DNS Blacklist, a trial here at MxToolbox.  Like all new Blacklists, our trip included display of results with low severity.  However, during the trial we noted that the majority of customers reporting issues with this blacklist were due to simple, and routine reverse DNS issues.  For example, reverse DNS might point to a 3rd party load balancer application, which in no way should break email delivery.

Since this is the case, we’ve decided to suspend use of SPFBL until utility of the list changes.