Related Domain/IP Information

We’re constantly looking for ways to improve our products and tools to make work easier for our customers.  We know you need more information to accomplish your daily tasks, whether you’re trying to setup a server, recover from an outage, or investigate a security threat.  Knowledge is power, right?

Our Investigator Tool now includes information that we feel will be incredibly important to whatever problem you are investigating:  Related Domains and Related IPs.  

Investigator_related_domains.jpg

Now you will know what domains and IPs are related to the domain you are researching.

  • Is the domain hosted on the same IP as a potentially bad actor?
  • Does the site have subdomains or associated domains that might be problematic?
  • Is the domain associated with strange or unsavory types?
  • Is this connected by IP address or Google Adwords ID?

With Related IPs you can quickly see GeoLocation, ASN and CIDR block information for IPs related to the domain you’re searching.

More information to make your research easier and more comprehensive.  Check out the new Investigator today.

Response Transcripts

We recently launched a powerful new feature that gives our paid MxWatch Monitoring customers more information about our tests on their servers and services and why our customers were alerted to a system being out.

Response Transcripts provide the full JSON transcript of the actions and sub-actions run against your server and their values.  From this you can review how your server was tested and what failed so that it is easier for you to determine what steps to take to fix your issues.

To find the Response Transcript:

  • Login to MxToolbox, and click on a monitor
  • On the right hand side, select the History tab

screen-shot-2017-01-13-at-4-51-29-pm

  • You will see a list of Test Results and their Status
  • Click the Details button on the row about which you’d like more information
  • The row will expand to provide you with the complete JSON transcript

screen-shot-2017-01-13-at-4-32-14-pm

We feel the more information you have, the easier it will be for you to diagnose your issues.  With Response Transcripts you get everything we know about the tests we’re making on your systems.

Questions?  Contact our Support Team and we’ll help you out and add it to the blog.

Need monitoring?  Get MxWatch Monitoring, the best comprehensive suite of monitoring tools to ensure the uptime and quality of your services.

EFnetrbl.org Blacklist Alarms

We are currently investigating this event.  It may be a signal that they are shutting down operations. As such, we have stopped monitoring them until we can ascertain their status.
You do not need to worry about any impact on your monitors, as it appears to be either an issue with their systems (did not renew their domain) or they are in the process of shutting down.

Still listed?

Every so often a customer contacts us because they feel it is taking too long to be de-listed from a blacklist or they were almost immediately re-listed on a blacklist.  We have a few recommendations for you:

First, be patient!  Some blacklists are operated by a small team that must field hundreds or thousands of requests every day.  They need time to get to your issue.  Some blacklists require a minimum delay before they will delist an IP address or domain.  This is for everyone’s protection.  They have no credibility as an anti-spam service if they delist a regular spammer or if they delist someone with a malware infestation before it has been remedied.  Blacklist administrators need time to trust your servers again.  Give them time.  It’s painful for you, but it’s temporary.

Second, research your issue!  You may not think you have an issue, but it is very rare that your email randomly dropped into a honeypot or other spamtrap that blacklist administrators use to create their lists.  You have an issue, somewhere.  It might be a malware infection, it might be an accidental   inclusion in an email campaign, it could be an internal user sending malicious email by accident.  Regardless, you need to do some research into your systems to make sure it doesn’t happen again!  And, you may need to look into your internal email controls and policies.  You should be doing this anyway, but now is the time to make a special effort!

Finally, fix your issue!  Put new policies in place.  Invest in new email controls.  Talk with Marketing about how they do campaigns.  Setup user controls.  Sweep your systems for malware.  Clean your house.  This will save you time and money down the road.  And, you can mention all this in your next request to delist.  The blacklist provider will appreciate the work.

Why do all this work if it was an accident?  How do you know it was really an accident you were listed?  You don’t unless you look into it and there’s tremendous risk in assuming that you’re “okay”.  The downside of being listed a second or third time is severe:  you will be listed for a much longer time and it will be much more difficult to be delisted.  In fact, most blacklist administrators have a three-strikes policy.  A third listing and you’ll likely be blacklisted for the better part of a year.  Continued listing could get you on their permanent blacklist.

Yes, I am trying to scare you.  Yes, this is serious.  Yes, this requires you to work to fix the issue.  Get started!  The downside is much more severe than the minor inconvenience you are experiencing with your first blacklisting or even with your delisting request being delayed.  And, remember, paid MxToolbox users don’t have to go it alone: we provide delisting support services to help you get off these lists.  But, we can’t magically delist you:  you still have to do the work.

Blacklist, No-List, Delist, Whitelist

Everyday we get requests to “Whitelist” an IP.  To quote the great Inigo Montoya, “I do not think it means what you think it means.”  When talking about Blacklisting, Delisting, Whitelisting and not being on a list at all, you need to need to understand exactly what it is you are requesting. So, here are a few definitions to help you talk about what is actually going on.

Blacklist

When an IP or domain is blacklisted, traffic from or to that location is cutoff.  Typically, blacklisting is due to some bad action on the part of the IP address or domain owner, like sending spam, being infected with malware or viruses or facilitating spam through a bad mail configuration.

Short-term blacklisting is a wake up call to fix problems and harden your email or web server security.  Long-term blacklisting will cripple the business run from that IP address or web server.  We provide much more information on blacklisting throughout our blacklist-specific blog articles.

For more information on the blacklists we curate, check out our blacklist information page.

No-List

No-list simply means that you are not listed on a blacklist, whitelist or greylist.  This is good.  It means no one out there is concerned about your IP address or domain.  Basically, no-list is business as usual.

Delist

When you are on a blacklist, you can ask to be removed from the blacklist.  This is called delisting.  A delisting request should be made to the blacklist agency that has you listed.  MxToolbox aggregates and curates our list of blacklists and provides delisting support to our paid customers.  We don’t run the lists and we cannot help you if you haven’t already performed the necessary minimum steps for delisting:

  • Remedy the problem with your servers.  Stop the spam, fix the configuration, purge the malware or viruses, rebuild if you have to.
  • Contact the blacklist and request delisting.  Some blacklist will not have a contact for and will automatically delist you after a period of time wherein no new spam issues arise.
  • Wait.  Delisting takes time.  We understand the pain of being blacklisted and how that can affect your business and revenue, but delisting does not happen overnight.  Blacklists need to wait to make sure they are delisting legitimate businesses while still catching spammers.  If they delist you too early, they lower their reputation as a valuable mechanism to combat spam.

Greylist

Many blacklist operators have a second, less severe category for activity that isn’t considered overtly malicious, but is considered to be problematic.  These operators may choose to classify an IP address or domain name in this state as greylisted.  Greylisted simply means that the servers have done something bad, but not enough to have traffic completely banned.  Greylisted IP addresses and domain names could eventually be promoted to full blacklisting or unlisted entirely.

At MxToolbox, we are primarily concerned with Blacklisting.  Greylists are less common and the coding for greylists is inconsistent across blacklist providers.  If this is something you would like us to add, send email to our feedback address.

Whitelist

Many of our customers ask us to whitelist their IP address or domain names.  First, let me be 100%, we will never whitelist you.  I will explain.

Whitelisting an IP address or domain name means that we will always accept traffic from that server.  Whitelisting implies that the server is 100% clean, trusted and traffic from there is always valid.  Most companies will only whitelist highly trusted, internal, highly secured servers.  While we love our customers, we don’t know you that well!

If you are blacklisted, asking a company to whitelist you is like toilet papering a house and then asking for keys to the front door.  Fix your mistakes, build up your reputation, make amends, then maybe you will be trusted at some point down the road.  Not today.  What you really want when you are blacklisted is delisting.  

Note:  MxToolbox maintains a list of servers that we use to monitor our customers’ systems and setups.  These should be whitelisted so that we can accurately monitor your servers.

For more information on our monitoring solutions, check out our feature comparison page.

MegaRBL.net

We would like to address the false positive issue regarding the French blacklist, megaRBL.net (http://megarbl.net). 

During this past weekend they experienced a DNS issue, that caused a massive amount of IP Addresses to be listed by them.  This is common behavior when a blacklist goes offline.  We joking refer to it as “blacklisting the world”.

We monitored the situation, and decided after a period of time to disable that list from our tool set.  Their website currently shows that they have resolved their issues, and are back online.  With that being said, we have yet to re-enable that list within our system, and are continuing to monitor their functionality and discussing when or if we will re-enable them.

If there are specific RBLs you would like to suppress such as MegaRBL, you could do so through our Paid Monitoring feature “Ignored Problems”. Paid Monitoring customers have the ability to add specific diagnostic checks to their “Ignored Problems” list. This also includes specific blacklists. When a check is added to this list we will no longer send notifications regarding the specific check. The “Ignored Problems” feature is accessible in the “Settings” section of your Monitoring account.  Simply click on the drop-down menu in the upper right-hand corner of the site (next to your user-name). You will see the “Ignored Problems” tab there. For more information on Paid Monitoring options, check out our comparison matrix.

Confirming the “Down”

Sometimes MxToolbox may report your server as “Down” when you can reach it via browser or other connection.  How is this possible?

First, MxToolbox makes at least two attempts to contact your server before listing you as “Down”.  We make an initial contact on a preset periodic basis, governed by the monitor type.  If the connection is successful, your site is listed as “Up”.  If the connection times out, we attempt to make a second connection to verify that you are indeed down.  This second connection attempt is made from a different geographical location. If the second connection times out, then you will be marked “Down” and reported as such using your Notification settings.  We will continue to attempt connections to a “Down” system on the preset interval for up to 30 days, after which the system will be marked as permanently down. In the case that during the second connection attempt we are able to connect to your servers, we will ignore the initial check and report that your server is still in the “Up” state.

You are reported “Down” only when we have verified we cannot connect to you twice.  This is similar to what a customer would experience.

Second, you may have access to your servers because you are on a local network, have cached DNS, or are simply physically closer to your servers than we are.  When our connections time out, it could be due to a number of issues:

  • Network Connection Lag – If the server is slow to respond or the network takes too many hops, our process may time out.
  • DNS Misconfiguration – If we can’t find it, we can’t connect to it.
  • Firewalls – A firewall may block our access to your server but allow you to access, either via VPN or ACL.
  • Server Load – Sometimes your servers may be overloaded, causing low response times and our connections to time out.
  • Wrong Port – Our monitors can be configured to check specific services on specific ports.  Failure to connect might be because you are running a traditional service on a different port from the monitor.  Check monitor settings to verify.

Our transcript results always provide some indication of why the system was reported as “Down” to help you troubleshoot the issue.

Check Now

On every monitor, we have a “Check Now” button that will immediately start to recheck the server.  If you can connect and we report you “Down” then try this.  If it comes back up, it may be due to one of the conditions above having been remedied.  This will also restart services to a monitor that has been down for more than 30 days.

Monitoring Services

For more information on our monitoring services, check out our handy comparison chart here.