Category Archives: Uncategorized

DMARC Reports – Beta Program

Google & other inbox providers are constantly changing their acceptance policies to give more and more preference to email traffic that utilizes DMARC and DKIM technologies.  This gives them better control when categorizing email, both for advertisement value and for detecting and eliminating spam, viruses, malware and other threats to large scale email hosting.  But, it presents challenges to companies that are sending email to Google customers, both consumers and businesses hosted on Google email servers.

How do you configure SPF, DKIM, and DMARC?

What do I do with DMARC reports when I receive them?  

How can I get good information about my email deliverability?

These are all questions that we commonly get from our customers trying to ensure that their business emails are visible to their customers and prospects.  Since Google is often a first mover in new technologies, you can expect other big email hosts, like Microsoft Outlook.com, to follow their example.  This means SPF,  DKIM, and DMARC are becoming a requirement for doing business.

MxToolbox is here to help you get ahead of that curve!  Last year we introduced both DKIM and DMARC lookups and monitors for our customers.  Now, we’re introducing a beta version of a DMARC Reporting product.

DMR pro.jpeg

MxToolbox DMARC Reports will give you insight into what your customers are saying about the email coming from your servers or email that appears to come from you.  Once configured, our new DMARC Report gives you statistics on:

  • Email volume & compliance by Inbox Provider (Google, Outlook, Yahoo!, etc.)
  • DMARC Compliance Rate & DMARC issues
  • Email volume from each sender or forwarder IP
  • SPF & DKIM Authentication issues
  • And more…

Also, included in the report is the ability to view and export raw data.

Why Should I configure DMARC and what value does this report provide me with?

In addition to getting high value into seeing where your email is being sent from, who is receiving it, and identifying SPF & DKIM issues with your email, DMARC also provides you with the ability to:

  • Prevent Reputation and Blacklisting issues
  • Reduce domain spoofing
  • Improve deliverability rates

A common method spammers use to trick email recipients into opening mail containing harmful malware or phishing links is to forge the “From” address on email messages so that when the recipient sees the message it appears to come from a legitimate person in your domain. As a result mail filters and users will flag the spoofed mails as spam or phishing.  This may cause you email deliverability and reputation issues, as you may find legitimate email being blacklisted by Inbox providers. With DMARC, you can avoid these significant headaches as your DMARC record tells providers like Gmail what they should do with messages that aren’t coming from you.

While we’re in beta, you can setup one domain for free.  Just follow the instructions on the DMARC Report Setup Page.  We will recommend adding a DMARC record to your DNS if you don’t currently have one already or if you do have one, we’ll just recommend a slight change to your DMARC record so we can start building your reports. Then you just wait until email is delivered and DMARC reports begin to be filed and viewable with MxToolbox!

You can even access DMARC Reporting from your DMARC Monitor!

DMR - monitor access.jpeg

Email and DNS Provider Data

Have you ever looked up at the MX records for a company and wondered who their mail hosting provider was?   Maybe you are looking for prospects with a particular hosting service or need to know if that company is using your services or going it on their own?  Are they adequately protected?

Similarly, wouldn’t it be nice to know who the DNS provider is for a company?  This could be useful for prospecting or diagnosing issues.  Why can’t I reach XYZ.com?  Oh, their DNS provider is down…

mail-provider-zoom

Well, now you can get this information from the most trusted provider of tools and monitoring solutions for IT administrators, MxToolbox.  We include Email and DNS provider data on MX, and DNS lookups (specifically mx: and dns: now a record).  More information simplifies your work and makes your daily life easier.

mail-providerdns-provider

Have a list of domains or IP addresses you need information on?  MxToolbox Bulk Lookup is the answer!   The best suite of online tools, MxToolbox Professional, now includes our enhanced Bulk Lookup Tool which provides:

  • IP address
  • Geo Location
  • AS Number
  • AS Name
  • Blacklist status
  • SOA
  • MX Records
  • Name Servers
  • Email Provider
  • DNS Provider

MxWatch monitoring packages include the MxToolbox Professional interface, a number of monitors and the Bulk Lookup Tool.  A Basic Plan comes with 2000 bulk lookups a month, while our Pro Plan includes 20k.  Upgrade today to get started!

 

Related Domain/IP Information

We’re constantly looking for ways to improve our products and tools to make work easier for our customers.  We know you need more information to accomplish your daily tasks, whether you’re trying to setup a server, recover from an outage, or investigate a security threat.  Knowledge is power, right?

Our Investigator Tool now includes information that we feel will be incredibly important to whatever problem you are investigating:  Related Domains and Related IPs.  

Investigator_related_domains.jpg

Now you will know what domains and IPs are related to the domain you are researching.

  • Is the domain hosted on the same IP as a potentially bad actor?
  • Does the site have subdomains or associated domains that might be problematic?
  • Is the domain associated with strange or unsavory types?
  • Is this connected by IP address or Google Adwords ID?

With Related IPs you can quickly see GeoLocation, ASN and CIDR block information for IPs related to the domain you’re searching.

More information to make your research easier and more comprehensive.  Check out the new Investigator today.

Response Transcripts

We recently launched a powerful new feature that gives our paid MxWatch Monitoring customers more information about our tests on their servers and services and why our customers were alerted to a system being out.

Response Transcripts provide the full JSON transcript of the actions and sub-actions run against your server and their values.  From this you can review how your server was tested and what failed so that it is easier for you to determine what steps to take to fix your issues.

To find the Response Transcript:

  • Login to MxToolbox, and click on a monitor
  • On the right hand side, select the History tab

screen-shot-2017-01-13-at-4-51-29-pm

  • You will see a list of Test Results and their Status
  • Click the Details button on the row about which you’d like more information
  • The row will expand to provide you with the complete JSON transcript

screen-shot-2017-01-13-at-4-32-14-pm

We feel the more information you have, the easier it will be for you to diagnose your issues.  With Response Transcripts you get everything we know about the tests we’re making on your systems.

Questions?  Contact our Support Team and we’ll help you out and add it to the blog.

Need monitoring?  Get MxWatch Monitoring, the best comprehensive suite of monitoring tools to ensure the uptime and quality of your services.

EFnetrbl.org Blacklist Alarms

We are currently investigating this event.  It may be a signal that they are shutting down operations. As such, we have stopped monitoring them until we can ascertain their status.
You do not need to worry about any impact on your monitors, as it appears to be either an issue with their systems (did not renew their domain) or they are in the process of shutting down.

MegaRBL.net

We would like to address the false positive issue regarding the French blacklist, megaRBL.net (http://megarbl.net). 

During this past weekend they experienced a DNS issue, that caused a massive amount of IP Addresses to be listed by them.  This is common behavior when a blacklist goes offline.  We joking refer to it as “blacklisting the world”.

We monitored the situation, and decided after a period of time to disable that list from our tool set.  Their website currently shows that they have resolved their issues, and are back online.  With that being said, we have yet to re-enable that list within our system, and are continuing to monitor their functionality and discussing when or if we will re-enable them.

If there are specific RBLs you would like to suppress such as MegaRBL, you could do so through our Paid Monitoring feature “Ignored Problems”. Paid Monitoring customers have the ability to add specific diagnostic checks to their “Ignored Problems” list. This also includes specific blacklists. When a check is added to this list we will no longer send notifications regarding the specific check. The “Ignored Problems” feature is accessible in the “Settings” section of your Monitoring account.  Simply click on the drop-down menu in the upper right-hand corner of the site (next to your user-name). You will see the “Ignored Problems” tab there. For more information on Paid Monitoring options, check out our comparison matrix.

Confirming the “Down”

Sometimes MxToolbox may report your server as “Down” when you can reach it via browser or other connection.  How is this possible?

First, MxToolbox makes at least two attempts to contact your server before listing you as “Down”.  We make an initial contact on a preset periodic basis, governed by the monitor type.  If the connection is successful, your site is listed as “Up”.  If the connection times out, we attempt to make a second connection to verify that you are indeed down.  This second connection attempt is made from a different geographical location. If the second connection times out, then you will be marked “Down” and reported as such using your Notification settings.  We will continue to attempt connections to a “Down” system on the preset interval for up to 30 days, after which the system will be marked as permanently down. In the case that during the second connection attempt we are able to connect to your servers, we will ignore the initial check and report that your server is still in the “Up” state.

You are reported “Down” only when we have verified we cannot connect to you twice.  This is similar to what a customer would experience.

Second, you may have access to your servers because you are on a local network, have cached DNS, or are simply physically closer to your servers than we are.  When our connections time out, it could be due to a number of issues:

  • Network Connection Lag – If the server is slow to respond or the network takes too many hops, our process may time out.
  • DNS Misconfiguration – If we can’t find it, we can’t connect to it.
  • Firewalls – A firewall may block our access to your server but allow you to access, either via VPN or ACL.
  • Server Load – Sometimes your servers may be overloaded, causing low response times and our connections to time out.
  • Wrong Port – Our monitors can be configured to check specific services on specific ports.  Failure to connect might be because you are running a traditional service on a different port from the monitor.  Check monitor settings to verify.

Our transcript results always provide some indication of why the system was reported as “Down” to help you troubleshoot the issue.

Check Now

On every monitor, we have a “Check Now” button that will immediately start to recheck the server.  If you can connect and we report you “Down” then try this.  If it comes back up, it may be due to one of the conditions above having been remedied.  This will also restart services to a monitor that has been down for more than 30 days.

Monitoring Services

For more information on our monitoring services, check out our handy comparison chart here.

Deprecation of SPFBL DNSBL

We’re always happy to investigate new blacklists to see how they work for our customers and how they provide additional information on our customers’ email deliverability.  If anyone ever has a blacklist that they suggest we add, please email us.

Over the last few weeks, we’ve given SPFBL, a Brazilian-based DNS Blacklist, a trial here at MxToolbox.  Like all new Blacklists, our trip included display of results with low severity.  However, during the trial we noted that the majority of customers reporting issues with this blacklist were due to simple, and routine reverse DNS issues.  For example, reverse DNS might point to a 3rd party load balancer application, which in no way should break email delivery.

Since this is the case, we’ve decided to suspend use of SPFBL until utility of the list changes.