Monthly Archives: September 2009

Bounce-back and Non-Delivery Report (NDR) Spam Increases by 2,000 Percent

While we have seen a 150% increase in overall spam there are specific spam tactics that are seeing huge increases as well. The latest trend in spam appears to be email messages that spoof non-delivery reports (NDR), the messages users receive when their email bounces back from a non-existent email address or system failure.

NDR messages are usually legitimate, but this mail server function is being exploited by spammers using the sender’s real name. Spam content is sent as an attachment to the fake NDR.

Since most NDRs are legitimate emails and part of the mail server functionality, many traditional email filtering techniques do not detect or block them, he said.

Spam now makes up close to 90 percent of all global email, representing billions of spam messages each day. Most spam is generated automatically through botnets – networks of PCs that have been taken over by attackers.

New MxToolBox Website Released

Thank you to all that tested out our Beta website in the last few weeks. We have officially released our NEW website with a new layout and even better and bigger tools! We affectionately call our tool the Super Tool as it combines all the tools into one Super Tool.

About the SuperTool!

All of your MX record, DNS, blacklist and SMTP diagnostics in one integrated tool.  Input a domain name orIP Address or Host Name. Links in the results will guide you to otherrelevant tools and information.  And you’ll have a chronological history of your results.

If you already know exactly what you want, you can force a particular test or lookup.  Try some of these examples:

(e.g. “blacklist: 127.0.0.2” will do a blacklist lookup)

command explanation
blacklist: Check IP or host for reputation
smtp: Test mail server SMTP (port 25)
mx: DNS MX records for domain
a: DNS A record IP address for host name
spf: Check SPF records on a domain
txt: Check TXT records on a domain
ptr: DNS PTR record for host name
cname: DNS canonical host name to IP address
scan: Perform a port scan on the host    New!
whois: Get domain registration information    New!
arin: Get IP address block information    New!
Other tools coming soon.
http: Get web page at URL
https: Get web page at URL using SSL encryption
ping: Perform a standard ICMP ping
trace: Perform a standard ICMP trace route

Feedback: If you run into any problems with the site or have an idea that you think would make it better, we would appreciate your feedback. Please leave us a note in our forums.

Warning – Reverse DNS does not match SMTP Banner

What does Warning – Reverse DNS does not match SMTP Banner mean?

The short answer is that the reverse IP address name is not contained in the server HELO or EHLO banner.  In the example below, the string “someotherdomain.com” is not found anywhere in the server banner, which is reporting “example.com“.  This is only a warning, and in some cases you may have no control over this.  However, if you have the ability to make these match, you should.  Some mail servers look for this and use it to mark messages you send as questionable.  Most mail systems will not reject your messages outright, but this may effect your spam score increasing the likelihood your messages will be marked as spam. 

In other words, it is a best-practice you should endeavor to follow.  It doesn’t mean you are a bad person or won’t be able to send email.

220 mx.example.com StrongMail SMTP Service at Wed, 09 Sep 2009 17:00:01 -0700

http://www.mxtoolbox.com/public/images/btn_green.gif Not an open relay.
http://www.mxtoolbox.com/public/images/btn_green.gif 0 seconds – Good on Connection time
http://www.mxtoolbox.com/public/images/btn_green.gif 0.156 seconds – Good on Transaction time
http://www.mxtoolbox.com/public/images/btn_green.gif OK – 1.2.3.4 resolves to mail.someotherdomain.com
http://www.mxtoolbox.com/public/images/btn_yellow.gif Warning – Reverse DNS does not match SMTP Banner