Monthly Archives: March 2016

Domain Blacklist vs Domain Health – What’s the difference?

MxToolbox offers two products with Domain in the name and that sometimes causes a bit of confusion with our newer customers.  I’d like to take a few moments and compare and contrast the two products to eliminate confusion and you using the right product.

Domain Blacklists

A Domain Blacklist lookup takes a domain name as the argument and does the following:

  1. Looks up the A record for the domain to get the primary domain IP address
  2. Searches over 100 IP-based blacklists for this IP address and reports the results
  3. Searches a set of domain blacklists for the domain name and reports the results

This search will tell you what blacklists your web server is on and what domain blacklists your domain may have been added to, essentially giving you an idea of your domain’s public reputation.

IP Blacklists vs Domain Blacklist

IP blacklists contain the IP addresses of known spammers, malware infectors, virus and botnet distributors and other bad actors.  When an IP is on a blacklist it is has been caught in some bad act.  Since an IP address identifies a particular server somewhere, you know that the server is performing some bad act.

Domain blacklists contain a list of domain names that have been included in known spam attempts.  This does not mean that the domain is the source of the spam, or that the server is a source of spam.  It only means that the domain name or domain URL was included in spam or malware laden emails.

So, if you are sending email, you want to check the IP address of your mail server.  If you are running a web server, you want to check the IP address of the server.  If you are concerned about your domain’s reputation, you should check your domain against a domain blacklist.

Domain Health Lookup

A Domain Health Lookup takes your domain name and provides you with a battery of tests to judge the health of all aspects of your domain:

  • Blacklist status of Mail Server, Web Server and Domain
  • Status of your Mail Server and compliance with RFCs and best practice configuration (DMARC, DKIM, etc).
  • Status of your Web Server, including HTTPS Secure Certificate and setup compliance with RFCs
  • Status of your DNS and RFC compliance

So, a Domain Health test provides everything that a Domain Blacklist lookup provides plus a comprehensive look at the health of your domain.  

Use Cases

For simply finding your Domain’s online reputation, use a Domain Blacklist lookup.  To get an early warning on changes to your domain’s reputation, use a Domain Blacklist Monitor.  

To get comprehensive information on your domain, use Domain Health.  To get comprehensive monitoring on your entire domain: web, email, dns and reputation, use a Domain Health Monitor.

 

What blacklists do I check and how should I?

Amongst our newer users, we often get some confusion between IP and Domain blacklist lookups and what the results mean. There is a distinct difference in the search and results and different benefits for performing the different lookups.  I’m hoping this will clear it up for many users and enable everyone to understand the unique benefits to each.

IP Blacklist Lookups

When you perform a blacklist lookup on an IP address, our system searches a list of 100 IP-based blacklists for the IP you gave us and returns both positive and negative results.  

An IP may be on this blacklist for any number of malicious activities:

  • Sending spam
  • Malware attacks
  • Operating a tor node
  • Hosting a botnet or virus
  • Many others…

Since an IP address represents a server on the Internet, any IP address could be blacklisted.  While any IP address may be listed, it is typically a webserver or email server that is the primary culprit.  We therefore recommend checking and monitoring the IP addresses of your web and email servers on a regular basis.

Domain Blacklist Lookups

When you perform a Domain blacklist lookup, you input a domain name.  MxToolbox algorithms do a DNS lookup of the Domain to produce the primary DNS record for that domain (an A record search).  We then run the IP address of the A record against all IP blacklists and simultaneously we run the domain name through a second set of domain blacklists.  Both could return results of blacklisting.

IP Blacklists vs Domain Blacklist

IP blacklists contain the IP addresses of known spammers, malware infectors, virus and botnet distributors and other bad actors.  When an IP is on a blacklist it is has been caught in some bad act.  Since an IP address identifies a particular server somewhere, you know that the server is performing some bad act.

Domain blacklists contain a list of domain names that have been included in known spam attempts.  This does not mean that the domain is the source of the spam, or that the server is a source of spam.  It only means that the domain name or domain URL was included in spam or malware laden emails. 

So, if you are sending email, you want to check the IP address of your mail server.  If you are running a web server, you want to check the IP address of the server.  If you are concerned about your domain’s reputation, you should check your domain against a domain blacklist.

Blacklist Monitors

MxToolbox Experts recommend that everyone with their own email servers monitor the IP addresses of those mail servers against IP blacklists.  This will give you warning that someone or something is performing a bad act through your email.  Further, it is highly recommended that you monitor you setup a domain blacklist monitor for your website.  Since domain blacklist monitors use both the IP of the web server and the domain in blacklist searches, you get extra protection of your reputation.  

Free Monitoring

MxToolbox offers one free IP blacklist monitor to our registered users.  This enables you to monitor your email server or webserver for blacklisting in the most common IP blacklists.  Our domain blacklist monitors are more comprehensive for web reputation and are therefore a paid feature.  While most of our customers find a free account sufficient for a small business, some want the additional reputation protection of a domain blacklist monitor or our Domain Health Monitoring.

GoDaddy DNS – Or other slow DNS responders

 

Within the last few weeks, we’ve seen a spike in customers reporting that DNS monitors are “falsely” showing GoDaddy.com hosted DNS as DOWN.  Subsequent discussions with customers and their discussions with GoDaddy.com agents reveal that GoDaddy.com DNS services are technically UP but occassionally resolving in greater than 3 seconds.  This is a problem we find with other DNS providers from time to time, but seems to be a larger issue recently.

Our Philosophy

MxToolbox philosophy is that DNS resolution should be less that 3 seconds at all times.  We think of it this way: If your customers are looking for your site, they shouldn’t be waiting for 3 seconds plus the page load time of your site before they get to see your brand.  Instead, DNS should always resolve fast enough so that your customers find your site quickly.  Would you really want your customers’ first impressions to be that your systems are slow?  Neither would we.

So, what’s the solution?

Our experts have been thinking and discussing the issue and we came up with a couple of options:

  • Keep Monitoring – When your DNS is slower than 3 seconds, we will alert you. You should know that your performance is slow for your customers.  
  • Keep Talking to your DNS hosting provider – When they’re slow, let them know.  Only your provider can improve their performance.
  • Consider other options – If you regularly find your DNS resolving slowly, perhaps it’s time to upgrade to a better DNS hosting solution.
  • Set a filter – MxToolbox monitoring includes customizable filtering options in the Notifications Policy Page.  You could setup a Policy to require two or more warnings in a row before alerting you, to delay the alert or to suppress the alert entirely.

Regardless of the direction you take with your DNS, know that MxToolbox is here to support you with expertise in networking, email, web and everything else you need to keep your business up and running on the internet.

About MxToolbox

MxToolbox.com offers free tools and paid monitoring packages to small, medium and large enterprises worldwide.  Our monitoring packages enable business to know immediately if a common networking, blacklisting or system performance issue occurs.  No other company provides such a comprehensive suite of solutions that can scale from small business to a service provider with hundreds of thousands of IP addresses.