Monthly Archives: May 2007

Messaging Services Firm MxToolBox, Inc Adds Seven Blacklists to Blacklist Lookup Tool

MxToolBox, Inc. announced today that it has added six blacklists, also known as blocklists, RBLs, or DNSBLs, to its popular email blacklist lookup tool. The MxToolBox blacklist lookup tool will now check IP Addresses for listing on the MSRBL-Images, MSRBL-Phishing, MSRBL-Spam, MSRBL-Viruses, MSRBL-Combined and SpamHaus PBL blacklists, in addition to the 130 plus blacklists the tool currently checks.


The company added the lists to the tool to improve the quality of results for users. ?We constantly work to make sure we have the most valuable, up-to-date list of Blacklists available to our users,? Founding CEO Eric Rachal said. ?If there is a list that might cause deliverability problems for legitimate email users, we want to make sure that it is included it in our tool.?


Blacklists are lists of IP Addresses that have sent spam or have exploitable characteristics. Blacklists are commonly employed by email administrators to block incoming spam. There are dozens of blacklists available for use and each has a unique criteria for including an IP Address. For example, some lists include IP Addresses serving machines that are infected with worms and viruses, and others list IP Addresses within dynamic ranges. While blacklists certainly help fight spam, they can also block legitimate emails from non-spamming IP Addresses, an event referred to as a false positive.


The MxToolBox Blacklist Lookup tool is a free service that allows email administrators and users for non-spamming organizations who are having email deliverability problems to identify any blacklists that list their IP Addresses and see the reasons for the listing. The company also provides free blacklist consultations to companies who are listed or want to proactively avoid being listed. For non-spamming companies with blacklisted IP Addresses that cannot solve the problem, MxToolBox offers unique paid services to permanently eliminate the problem.


Joel Harvey, Director of Marketing explains, ?The blacklist tool is not about email blacklists as much as it is about email deliverability. That is what our tool and our services are designed to do?enable and ensure the delivery of legitimate, non-spam email. The first step is to find out that you have a problem, like a blacklisted IP. The next step is to find out why. You may have a virus, you may have some configuration issues, or you may have an IP Address in an un-trusted range. The final step is to take action so that your critical outbound email starts flowing again.?



About MxToolBox, Inc. is a popular website among IT professionals across the globe. The website has free tools that help users uncover, diagnose and fix messaging related problems. The company?s suite of free tools include MX Records Lookup, Server Diagnostics, Blacklist Lookup, SPF Records Lookup, and Free Mail Server Monitoring.   


MxToolBox, Inc. offers innovative on-demand messaging infrastructure to the small and medium business market throughout North America. The company provides leading edge ?Flip the Switch” messaging services to small and medium sized businesses, including email spam and virus filtering, blacklist protection, hosted email and groupware, email disaster recovery and email archiving.

Email Disaster Recovery is Email Peace of Mind

Are you ready if your email server blows up? That is the question we asked ourselves at our headquarters this past Friday morning. Fortunately for us, the answer is YES. Shortly after most of us had just come into the office and started to get the coffee flowing and neurons firing, a strong natural gas smell began to permeate the office. We all quickly grabbed our things and headed outside. Within a few minutes, inhabitants of the entire office building were in the parking lot nervously milling about. We heard sirens and saw the fire department’s special operations brigade coming towards the building….

Most of our employees use our Hosted Business Email solution, but we also run a small server in our office (note–the network of servers that support our services are geographically dispersed throughout the country), mostly for file storage and for a few of the laggards who we have not yet migrated to the hosted platform. While we were in the parking lot waiting to see if our building was going to blow up, I began to think about what would happen to our business and the businesses of all of our building mates if the building actually did go up in flames. I knew that we would be fine. The data on our servers and computers is remotely backed up, we have disaster recovery enabled for our email users who are hosted on our mail server and we could essentially continue business without any interruptions. But, what about everybody else? From the looks on their faces,  I do not think they had adequate data backup or email disaster recovery measures in place.

Luckily, the building did not blow up. As it turned out, there was a large spill of the liquid that is put into natural gas to make it smell bad about one-half of a mile upwind from our building. The smell carried into our air intake units and the building was inundated with a natural gas smell. The incident really got me thinking, though. We were close to pushing the “big red disaster recovery button,” which would have immediately switched our systems over. Even though we did not have to use it, I am more thankful than ever that we are ready to continue business in the face of any disaster. Of course, what if we did not have a rock solid messaging disaster recovery plan? What if we were like all of those other folks in the parking lot, terrified that the building might blow up and blow up their businesses with it. I guess I would not be writing about the incident…I would probably be scouring the web for a good disaster recovery service provider. But here is the biggest question–why didn?t they have a plan before today?

MxToolBox exists to keep business messaging flowing smoothly. We always say that while we are technically in the email services business, it is more appropriate to say that we are in the reliability business. Our messaging tools help administrators troubleshoot problems and our messaging services permanently solve problems. After several years in the industry, we know that nobody wants email problems, and everyone loves to solve them. But, what about the problems that don’t exist today? Some small Business IT service purchases are what you might call “reactive” purchases and others are more “proactive.”

Reactive service purchases are usually purchased as a reaction to a painful problem. For example, many of our spam, virus and blacklist solution clients became clients after one or all of these became a problem that could no longer be ignored. Likewise, many of our Hosted Email customers chose our solution only after their previous host messed up really bad, or their in-house mail server melted down at the worst time. There is nothing fundamentally wrong with this approach, so long as anyone following it can accept that at some point in the future, maybe today, maybe tomorrow, maybe next year, there will be a painful, “my hair is on fire” type problem that will grind business to a halt and leave them desperately scrambling to marshal a solution. 

On the other side of the coin, we have proactive purchases. These are purchases that are made to avoid a problem that is either non-existent, or not yet “to the level.” We have some spam, virus and blacklist solution and email hosting clients that fall into this category. Businesses in this category saw something they didn’t like on the horizon and moved to fix it before it caused them any pain. Our best example of a proactive service is Email Disaster Recovery.

The Disaster Recovery service is designed for organizations that manage an email server in-house and want an “email insurance policy” to ensure that if the mail server goes down they will not lose email. When a client adds Disaster Recovery to their service portfolio, they know that if their server goes down for any reason–natural disaster, fire, theft, loss of power, etc.–inbound email to that server will not be bounced into the ethers AND they will be given failover web mail access to continue sending and receiving email until the mail server is working again. Disaster Recovery for email servers is available as an add-on to our spam, virus and blacklist solution. Our most basic Disaster Recovery option is only $1 per user, per month. Yet, almost without fail, the majority of companies that buy the service are companies that have recently experienced catastrophic email failure and felt the dramatic impact that such failure has on a business.

It is not for nothing that email has been dubbed “the killer app.” Everybody knows that if email goes down for a substantial period of time, then business will suffer. For my money, 100 pennies a month per person is nothing for the email peace of mind I get with a rock solid email disaster recovery solution at the ready.


Note: Our Hosted Business Email clients automatically have bulletproof disaster recovery built-in to the service package.

New Image Spam Technique

Image spam gained prominece as a major vehicle for spam delivery roughly one year ago. At first, most spam filters were ineffective at blocking the image based messages. Since then, image filtering has become more effective and, as a result, spammers have had to continuously alter their images, in some cases making them unreadble. To get around this problem, the spammers are now adopting a new Image Spam delivery technique to bypass spam filters and deliver crisper, cleaner looking images. The new technique works as follows:

  • Upload Images to a Legitimate Photo Sharing Site (Flikr, Shutterfly, Picassa, etc..)

  • Imbed an image link in the body of the spam message 

  • The image is downloaded when the message is opened, or, when/if users allow their mail client to download the image

We have not had reports from our clinets that these messages are getting through to them. If you find that these messages are bypassing your filters, the simplest thing to do is to quarantine/deliver to junk mail any message containing a URL from photo sharing sites.


France Launches Anti-Spam Platform “Signal Spam”

France has launched a central platform for French internet users to report spam, which will be used to generate a blacklist, notify ISPs and prosecute spammers.

French speaking Internet users can copy and paste a spam message (and presumably the message headers) into a form on the signal spam website, or they can install a plugin that is compatible with most mail clients that will allow them to report a spam message by simply clicking a button icon in their mail client.

It will be interesting to see if a) this catches on, b) has any effect on spam levels in France, and, c) has an effect on spam levels elsewhere.

Spam and Malware a Growing Problem for Small Businesses

A survey of 400 small and medium sized business found that spam and malware infections have grown dramatically from 2006 to 2007.

In January 2006, 64% of emails received by small businesses were spam. By December 2006, the number grew to 85%. Not surprisingly, the number of spam bot infections within small companies grew from 15% to 40% during the same time period.

The findings highlight the need for enterprise grade security solutions for small companies. Small Businesses have two options:

1) Utilize an professional hosted email service that has industrial strength security, or

2) Manage email in-house and utilize an industrial strength email security service.

An inordinate number of Small businesses remain very vulnerable to the growing number and complexity of messaging threats. The cost of not plugging security holes, even for micro businesses, is far greater than the cost of implementing an appropriate solution.

Prostitute Spam

A new wave of image spam with subject lines like “Find a Girl in Your Town” touting a website that claims to help recipients find prostitutes in their area is making the rounds now. The messages contain a URL that must be typed into a browser. The URL links to an explicit web site with a search tool for prostitutes by region and city.

It is not clear if the site works, if it hosts malware, or both. As usual, if you receive this email, you should NOT type in the link and visit the site. All moral arguments aside (of which there are obviously many), you should assume that the site hosts malware and that visiting it will compromise the integrity of your computer/network.


Death Threat Spam

A new social engineering spam scam emerged last week. The Death Threat Spam has a message purporting to be from a hitman who has been hired to kill the recipient. The text of the message varies slightly, but is essentially the same–

“I have been hired to assassinate you for $_________ (the amount varies from high six figures to low five figures). I do not know why they want you dead, but you are now being watched.” The message goes on to say that the recipient is being monitored by the sender’s “boys,” that their phone is tapped and that any attempt to contact the police will result in thier immediate death. Of course, the sender provides an out for the recipient. “If you contact me within 24 hours, there may be a chance for you to live.”

Presumably, any user who is scared (gullible) enough to reply to the message will be directed to wire money to an account in exchage for their life.

Responding to the message will certainly open the door for more direct harrassment, as the spammers/scammers will assume that the person on the other end has bought the story, is scared and, perhaps, willing to play ball.

One has to wonder how many people have falled for this? Death Threat Spam…where does it end? 



MxToolBox Offers Free Email Archiving with New Email Hosting Accounts for National Small Business Month

In celebration of National Small Business Month, MxToolBox, Inc. is offering free Email Archiving for new accounts with its FlexBox Business Email Hosting service throughout the month of May. Small Businesses that take advantage of the offer essentially will have free email archiving imbedded with a premium email hosting service for life.

?Small Businesses are becoming increasingly concerned with storing and accessing electronic business communications,? said CEO Eric Rachal. ?Recent developments, such as the new Federal eDiscovery Rule and NASD Small Business Continuity Plan Requirements, are driving small business managers to consider the implications of electronic discovery requirements. Preserving the vast amount of business information that is contained within email has also become a major concern? Rachal added, ?But, until now, email archiving has been both technologically and cost prohibitive to most small businesses.?

The imbedded email archiving feature within the FlexBox Hosted Email and Groupware package is ideal for small businesses, because it eliminates the need for multiple vendors and platforms, while ensuring that all company emails are preserved and easily retrieved/reproduced for as long as company policy requires. The email archiving feature saves all sent and received emails withint a given account. Even when a user deltes a message from their mailbox, the message remains in the archiving box. All emails and files are indexed for rapid retreival.

The FlexBox Hosted Email and Groupware service is an ultra-secure, ultra-reliable email hosting system designed to give small businesses all of the features that they would get if they had a professionally managed, dedicated email server in-house, without the excessive cost and administrative burden.

?Small Businesses absolutely need the same level of sophistication and functionality from their email systems as large enterprises,? continued Rachal, ?It usually just doesn?t make financial sense for them to manage those systems themselves. That?s why we created FlexBox?to give small businesses the security, reliability, flexibility, service and collaborative features that they need, at a price that makes sense.?

FlexBox Hosted Email is based on the Hosted Zimbra mail platform and includes shared synchronized calendars, shared synchronized contacts, shared documents, enterprise grade spam and virus filtering, blacklist protection, one gigabyte of storage per user, and more. The system is designed to work with multiple operating systems, including Windows and Mac, plugs into most desktop mail clients, such as Outlook and Apple Mail, and has an intuitive, powerful AJAX web interface. As an additional bonus, customers can opt to add full synchronization of mobile devices.

When discussing the system?s features, Joel Harvey, MxToolBox?s Director of Marketing chimed in, ?These features mean less to small businesses than the results they lead to. At the end of the day, FlexBox lets business managers rest easy. They know that their email is going to work. Messages will be delivered when and where they are supposed to be. Inboxes will not be flooded with spam. Dangerous viruses will be kept off of the network. Blacklists will not be a problem. Additional service needs, such as mobile device synchronization and archiving, can be easily added. Support for PC and Mac users is equally simple. And employees will be happier and far more productive.?

To take advantage of the Email Archiving offer, businesses should contact the company at 866-MxToolBox (866-698-6652) or on the web at

About MxToolBox, Inc.
MxToolBox, Inc. offers innovative on-demand messaging infrastructure to the small and medium business market throughout North America. The company provides leading edge ?Flip the Switch? on demand messaging services, including email spam and virus filtering, blacklist protection, email hosting, and email archiving.

How Legitimate IP Addresses Get Blacklisted

“I’m Not a Spammer, so why is my IP Address Blacklisted?”

Everyday, legitimate email users find their outbound email flow blocked by recipient email servers using blacklists (aka Blocklists, RBLs) to block spam. Most of these users are shocked to find their IP Addresses on a list with IP Addresses used to flood the world’s inboxes with spam and malware. The news of their listing stirs up fear, anger, and righteous indignation. “How can we be on a blacklist when we don’t spam?” they ask. That is a great question–how do business email IP Addresses operated by non-spammers get placed on legitimate, targeted spam blacklists (i.e. blacklists that list IP Addresses that have recently sent spam, instead of lists that include large ranges of IP Addresses by default)? Simple…by spamming.

“What,” you ask, “A non-spammer that doesn’t spam gets listed on a spam blacklist for spamming?” Yes. For several years, spammers have hijacked mail servers and other computers to send spam. The spammer’s strategy has always been to find a quiet, undefended place on a network where they can send spam and perform other illicit acts without detection. A recent example from one of our clients provides a real life illustration of how this works.

Spammers Hide Clever Tools Where You Least Expect

This particular client (who will remain un-named) runs an email server, as well as an internal document server. They utilize an enterprise-grade email spam and virus filter for security and are relatively proactive in managing their network for security risks. Despite these efforts, a spammer was able to download a mass mailer program onto the client’s document server. How the spammer bypassed the client’s security is a question that remains unanswered. The payload was most likely delivered via a malware infected website. In this case a simple anti virus software solution that stops executable programs from loading without administration permissions would have stopped it, but the document server had no anti virus services running at all. What is most important to note, though, is where the spammer put the program and what the program did.

The program was a modified commercial mass mailing program know as Advanced Mass Sender 4.3 (published by KBB Software. This screenshot was forwarded to us after our client discovered the program on the document server:

Botnet Mass Mailer Screenshot

The program is touted as a powerful email marketing tool that is developed to manage and send mass quantities of email to a large number of clients, quickly and affordably. The program’s features include:

  • Built-in SMTP server, powerful, supporting packet-sending emails without using the SMTP server of your provider allows you do send up to 500 emails a minute using a modem. The unique ability to send through several SMTP servers simultaneously allows you to send up to 1500 emails a minute using a fast connection.

  • Support for large sender lists – 200000+ addresses per group.

  • Support for proxy servers.

The spammer managed to download the program onto a document server, a machine with no SMTP capabilities that most network administrators would not associate with email. But, because the program has a built-in SMTP, the spammer was able to send a high volume of spam from the server–40,000 messages in total at a rate of 1,500 per minute. (note: these volumes indicate that the perpetrator was not particularly sophisticated when compared to other bot herders. Most spammers today prefer to send low volumes of messages from multiple machines to avoid detection).

The Fallout from Hosting a Spammer

The client’s public IP address was blacklisted instantly on five widely used blacklists. Fortunately, we handle the client’s outbound mail flow through or secured connections so the backlist listings did not effect their ability to send email. Had they been sending outbound email from their own IP address, most major ISP’s and many business mail servers would have blocked their email. And, if their local service provider would have seen the traffic coming off of his network they likely would have stopped all SMTP traffic, causing catastrophic email failure.

This particular client is proactive and technologically savvy, so they quickly determined that something was not right on their network, found the problem and terminated it. But, what if they had not been so fast? What if they did not use our outbound mail filtering service? The consequences could have been devastating. Not only would they have inadvertently contributed to the global spam scourge, they would have suffered extreme email failure due to large scale listings on blacklists.

How to Protect Yourself

There are several lessons you should take from this study:

1) Spammers can use any part of your network that is connected to the internet to send spam, whether it is part of your email system or not.

2) Even well defended networks can fall victim, which is why you have to move from a well-defended network to an extraordinarily well-defended network. Block threats from all potential entry points, instead            of the most common entry points.

3) Constantly monitor your network for intrusions and infections

This case certainly does not resemble every bot infection, but is a real-world illustration of how an infection can occur.

eTools Group, Inc. Changes Name to MxToolBox, Inc.

AUSTIN – April 23, 2006 – eTools Group, Inc announced today that it will immediately begin operating under the name MxToolBox, Inc. MxToolBox will continue to serve the small and medium business customers and IT Consultants that currently subscribe to the company’s spam and virus filtering and email hosting services.

“We are re-branding because the IT community that uses our tools and services knows us as MxToolBox. We are changing our name to make it easier for people to do business with us and to eliminate any confusion that comes from operating under two names,” says CEO Eric Rachal. “For some customers, our name has changed, but our intense customer service ethic and our unwavering commitment to providing value absolutely has not.”

Company officials were careful to emphasize that eTools Group, Inc. was not bought by another company and is run by the same people and the same technology that its customers have come to know and rely on.  The company will be calling customers and sending letters with invoices to make sure customers understand the change. “The only discernable change that our eTools Group customers will see,” said Rachal, ” is the logo on their invoices will change from the eTools logo to the MxToolBox logo.” is a popular website among IT professionals across the globe. The website has free tools that help users uncover, diagnose and fix messaging related problems. In an era when more and more companies are trying to charge users for access to content and tools, MxToolBox, Inc. is adamant about keeping its free tools separate from its paid services.

The company offers a suite of tools that allow users to test the health of their email systems and to diagnose email related problems. The tools include MX Records Lookup, Server Diagnostics, Blacklist Lookup, SPF Records Lookup, and Free Mail Server Monitoring.   

“We believe in providing value to the IT and business communities, whether to a client or someone at-large,” says Joel Harvey, Director of Marketing. “The free tools, or MX Widgets, are our way of doing that. Yes, we have paid services that thousands of IT professionals use to solve problems and keep them from reoccurring. Yes, we could charge for our widgets as well. But, in the end that would dilute the value that we provide, which is the last thing we want to do.”

eTools Group, Inc Announces Name Change to MxToolBox, Inc.