Monthly Archives: January 2015

How do I get off the Blacklist?

This is the final article in a multi-part introductory series on blacklists and blacklist activity.

Most of our customers come to us when their business has already been adversely affected by blacklisting.  Email is crippled by low deliverability rates.  The first question our experts are asked is always “How do I get off this $%&! blacklist?”  The process is really simple, but it often takes time.

First, you need to stop spamming, or sending viruses and malware.  The infected systems need to be shutdown or quarantined.  This could mean taking down email servers or infected workstations across the company.

Second, you need to put in place tools that prevent future exploitation of your systems.  MxToolbox, as an expert in email and blacklists, recommends cloud-based email security software and monitoring of your blacklist status.  You can contact our experts to learn about our Monitoring packages.

Third, you must contact the blacklisting agency or agencies to get delisted.  If you are on multiple blacklists, you must contact each one separately as each has their own preferred delisting process.  One thing is universal: before removing you from their list, blacklist operators will require you to explain the steps you took to prevent further spam, malware or botnet attacks from your servers.

MxToolbox email experts can help you with everything you need around blacklists, including:

  • Lookup tools for identifying the blacklists you are on
  • Monitoring tools to constantly watch your domains and IP addresses for inclusion on a blacklist (and our paid monitoring solutions come with our top-notch support)
  • Information on blacklist and links to the blacklist, including delisting resources.

Contact us to learn more.

My small business is on a Blacklist. What did I do wrong?

If you have been referred to us by your Internet Service Provider (ISP) because of a blacklist, then this article will most likely help you with your problem.

If you are running a small business, it is unfortunately a fairly common occurrence that your mail could be blocked by a blacklist even if you do not send bulk email, spam, malware or run your own email servers.  The problem is one that can be easily corrected.

But, this may seem complicated…

When you send email, the computer you send the email from is listed as the point of origin and the IP address is recorded in the email header, which is routing instructions and history passed around with your content.  Many people still use Outlook or another email client local to their computer.  When you use a local email client, your computer’s IP address and the IP address of your router are recorded in these email headers (to learn more about email headers check out our Analyze Headers tool).  These are the IP addresses of the email’s origin.

Unless you pay extra for a dedicated IP address, the IP address of your router is dynamically assigned to you from a pool of IP addresses owned by your ISP.   Typically, these dynamically assigned IP addresses (also known as DHCP IPs) are automatically blacklisted because they can be assigned to anyone at anytime for anything.  To summarize, you have been assigned a dynamic IP address which is likely blacklisted.  This is point of origin of all your email making your email likely to be refused by servers using blacklists to filter email.

What’s the solution?

There are several solutions to this problem each with different trade-offs or costs.

Use your ISP’s webmail – Most Internet Service Providers have a webmail client you can use as part of your subscription.  These webmail clients send the email from the IP address of the ISP’s mail servers, not your IP.  Sending from their servers gives you their blacklist reputation so you should not be blocked by blacklists.  Many of these will work with your existing domain, if you have your own domain name.   However, usability and functionality may not meet your needs.  It is a good idea to look into this option as it’s free and part of your internet access.

Acquire a static IP address from your ISP – This is a good option for small businesses that want to host their own servers for websites, email or other tasks.  A static IP address is from a different pool than dynamic IPs so it is less likely to be on a blacklist.  This option will allow you to continue to use your local email client (Outlook or another), but adds the monthly expense of the static IP.

Use 3rd party webmail – There are many 3rd party web-based email tools you can use, most with a small monthly cost.  Microsoft Office 365 and Google Apps offer complete collaboration suites, with email, spreadsheets, word processing and presentation applications.  Most of these will allow you to use your local email clients and all of them should allow you to use your domain name for correspondence.  The larger app providers have their own email security options that protect your reputation.  The only downside is cost.

At MxToolbox, we understand the causes of blacklisting and can help you by:

  • Alerting you when your IP or domain is on a blacklist
  • Protecting your email from the common causes of blacklisting
  • Protecting you from malicious websites and botnet attacks
  • Providing collaboration services like Google Apps services to businesses like yours

Contact us to learn more.

How can I prevent getting on a Blacklist?

This is the third article in a multi-part introductory series on blacklists and blacklist activity.

The simple answer is don’t spam, or send malware or viruses and you won’t get on a blacklist!  Unfortunately, this is not as simple as it sounds.   As applications and operating systems get more powerful and complex, they open more possibilities for exploitation.  Spammers and hackers are finding new ways everyday to exploit these systems.  Your system administrators keep up with patches, but, often what fails isn’t the configuration, patch or security, it’s human nature.  All it takes is an errant click on the wrong link or downloading something from the wrong site and your systems can be infected with malware.

The best way to prevent blacklisting is to limit the risk of a malware infection through comprehensive email filtering and monitoring.  Now that botnets are also problematic, we also recommend security software that filters website URLs and DNS to offer additional protection.

Regardless of the software you choose, implementing a comprehensive email security solution is necessary to prevent blacklisting and ensure email deliverability.  Contact us for more information.

In the next installment of our series on Blacklists, I will discuss the steps you need to take to get off of blacklists.

How did I get on a Blacklist?

This is the second article in a multi-part introductory series on blacklists and blacklist activity.

At MxToolbox, our experts see the same story play out time and again:

For a few weeks or days, a small number of seemingly random emails bounce back or delivery fails.  At first, this is no real problem; email is never 100%, right?  Then, an important email to a big client goes missing and your users get nervous.  Administrators at your client’s organization says you’ve been blacklisted so they can’t accept email from you.  By then, you realize a large portion of your email isn’t getting through to anyone.  Your business is at risk and it’s all because you are on a blacklist!

Blacklist operators use a number of ways to catch and track undesirable activity but sometimes they capture legitimate businesses, like yours.  Typically, legitimate businesses get placed on a blacklist for one of the following reasons:

  • Relaying spam through in-house email servers
  • Sending malware, viruses or spam from individual accounts
  • Denial of Service (DoS) or other type attacks from malware infected servers or networks
  • Unknowingly Sending phishing emails or unsubscribe attacks
  • Operating a mail server with no reverse DNS, such as from an IP address in your Internet Service Provider’s (ISP’s) dynamic IP address pool (DHCP)
  • Failing to honor unsubscribes when mailing

So, you can see there are a number of reasons that you can end up on a blacklist without actually intending to do something undesirable.  Most often, our experts find that a blacklist issue was caused by your servers passing on spam, viruses or malware.  This condition is highly preventable!

At MxToolbox, our experts understand the common causes of blacklisting.  We can help you take immediate steps to get removed from blacklists and provide thoughtful solutions to keep you off blacklists in the future.  Contact us for more information.

In the next installment of our series on Blacklists, I will discuss some methods for preventing blacklists.

What’s going on with Barracuda blacklist results?

You may be seeing something odd with listings on Barracuda right now.  MxToolbox is reporting your IP address as listed on Barracuda’s Blacklist but when you go to Barracuda’s website, you’re not listed.  You’re probably thinking “These guys at MxToolbox have lost it”, but that’s not quite the case.  

MxToolbox subscribes in various ways to the DNSRBLs at different providers like Barracuda.  Barracuda being a large organization with a large subscriber base has multiple DNS servers providing blacklist information.  One of these servers seems to be out of sync with the others and the website database.  The questionable IP addresses appear to be coming from this one server.

Why does MxToolbox report it as blacklisted?

The MxToolbox philosophy on blacklisting is to provide blacklist results that most closely resemble real-world blacklist usage.  To do that, MxToolbox caches positive blacklist results until the TTL (time-to-live) of the record expires.  When we get a positive response, we list it regardless of how many of the DNS servers list it at the blacklisting organization, because this is how spam filters work. A spam filter will get a positive result and lock out any email from that IP address.

Am I really blacklisted even if I’m not on Barracuda’s website?

If you are listed on the out-of-sync DNS server, you are technically blacklisted.  Spam filters that subscribe to Barracuda may connect to this DNS server,  receive your IP address on the blacklist and then begin to refuse your email.

What can I do?

To get off the blacklist, you must contact Barracuda and let them know that you are listed on one of their servers.  When we investigated, we found the results were coming from a server in their geons01.barracudacentral.org DNS server pool (see the image below).  We have opened our own case with Barracuda.

Three direct lookups of a particular IP address on Barracuda's DNS servers.  Note that the same server pool provides different results.

Three direct lookups of a particular IP address on Barracuda’s DNS servers. Note that the same server pool, geons01, provides different results. 

 

What is a Blacklist?

This is the first article in a multi-part introductory series on blacklists and blacklist activity.

A Realtime Blacklist, or RBL, is a list of IP addresses and domain names that an organization has decided to block, typically for spam.  There are many Blacklists, and each focuses on different types of undesirable behavior.  For example:

  • CBL or Composite Blocking List is a DNS-based blackhole list of suspected e-mail services sending SPAM email resulting from virus or malware infections.
  • Listing on Backscatterer blacklist indicates that your server is issuing “backscatter” in the form of Non-Delivery Reports (bounces) to external users, or misdirected autoresponders and sender callouts.
  • Inclusion in either of the MAILSPIKE Blacklists (BL or Z) means that your IP Address has most likely been identified as being part of a real-time spam outbreak.

Blacklists are typically used to block undesirable internet traffic.  For example:

  • Blocking access to websites on domains known for malware
  • Blocking incoming email from IPs or domains known to be spammers
  • Blocking access to IP addresses based in risky countries

MxToolbox does not own or operate any of these blacklists.  Instead, our email experts curate a list of over 100 blacklists and aggregate blacklist information into a single, central lookup tool.  Our tools enable you to check your mail server IPs and domain names against all these blacklists in a single consolidated interface.  Our monitoring packages enable you to monitor your domains and IP addresses for blacklist activity and get instant notification when placed on a blacklist.  We built our lookup and monitoring tools to help you navigate the complicated world of blacklists.

Your email deliverability depends on staying off of blacklists.  Get protected today.

In our next installment of our series on Blacklists, I will discuss how legitimate businesses sometimes end up on blacklists.