What blacklist monitors do I need?

Blacklisting can be a pretty complex issue.  There are several different catgories of blacklists and each finds bad actors in it’s own unique way: honeypots, customer reports, protocol scans, etc.  This can leave many users confused.

What blacklists matter?

Which ones should I monitor?

What servers should I monitor?

First, MxToolbox monitors the most comprehensive, best curated list of blacklists.  Our experts understand blacklists and the causes of blacklisting better than anyone out there.  You can trust that our list of 100+ blacklists is the list you need to know about for your online reputation.  In fact, new blacklists are often asking us to add them to our checks!

Second, you need to understand the causes of blacklisting.  Even if you are using a legitimate server on a legitimate IP address, you could legitimately get caught in a blacklist honeypot, attacked by malware, accidentally spam someone and flagged for malicious activity.  Monitoring your servers for blacklisting is like an insurance policy – you need it whether or not you’re planning to have an accident.

Our experts recommend the following monitors to ensure your email delivery and online operations by monitoring your blacklist reputation:

  • IP Blacklist monitor for each mail server IP
    At minimum, you should have an IP monitor for the IP referenced in your MX record
  • IP Blacklist monitor for each web server IP
    At minimum, you should have an IP monitor for the IP referenced by your website’s A record so that traffic is not interrupted to your e-commerce site.
  • Domain Blacklist monitor for your domain
    This is optional, few companies are referenced enough in spam to be blacklisted unless they really are a major source of spam, malware or botnets.

There are other monitors that will help your overall system reputation, stability and reliability:

  • An MX monitor for your mail server in case it should ever be changed or DNS go down
  • An A record monitor for webserver
  • A SMTP monitor for your mail server to ensure uptime and report downtime and issues with availability
  • A Mailflow monitor to check your end-to-end mail system performance

 

DMARC Reports – Beta Program

Google & other inbox providers are constantly changing their acceptance policies to give more and more preference to email traffic that utilizes DMARC and DKIM technologies.  This gives them better control when categorizing email, both for advertisement value and for detecting and eliminating spam, viruses, malware and other threats to large scale email hosting.  But, it presents challenges to companies that are sending email to Google customers, both consumers and businesses hosted on Google email servers.

How do you configure SPF, DKIM, and DMARC?

What do I do with DMARC reports when I receive them?  

How can I get good information about my email deliverability?

These are all questions that we commonly get from our customers trying to ensure that their business emails are visible to their customers and prospects.  Since Google is often a first mover in new technologies, you can expect other big email hosts, like Microsoft Outlook.com, to follow their example.  This means SPF,  DKIM, and DMARC are becoming a requirement for doing business.

MxToolbox is here to help you get ahead of that curve!  Last year we introduced both DKIM and DMARC lookups and monitors for our customers.  Now, we’re introducing a beta version of a DMARC Reporting product.

DMR pro.jpeg

MxToolbox DMARC Reports will give you insight into what your customers are saying about the email coming from your servers or email that appears to come from you.  Once configured, our new DMARC Report gives you statistics on:

  • Email volume & compliance by Inbox Provider (Google, Outlook, Yahoo!, etc.)
  • DMARC Compliance Rate & DMARC issues
  • Email volume from each sender or forwarder IP
  • SPF & DKIM Authentication issues
  • And more…

Also, included in the report is the ability to view and export raw data.

Why Should I configure DMARC and what value does this report provide me with?

In addition to getting high value into seeing where your email is being sent from, who is receiving it, and identifying SPF & DKIM issues with your email, DMARC also provides you with the ability to:

  • Prevent Reputation and Blacklisting issues
  • Reduce domain spoofing
  • Improve deliverability rates

A common method spammers use to trick email recipients into opening mail containing harmful malware or phishing links is to forge the “From” address on email messages so that when the recipient sees the message it appears to come from a legitimate person in your domain. As a result mail filters and users will flag the spoofed mails as spam or phishing.  This may cause you email deliverability and reputation issues, as you may find legitimate email being blacklisted by Inbox providers. With DMARC, you can avoid these significant headaches as your DMARC record tells providers like Gmail what they should do with messages that aren’t coming from you.

While we’re in beta, you can setup one domain for free.  Just follow the instructions on the DMARC Report Setup Page.  We will recommend adding a DMARC record to your DNS if you don’t currently have one already or if you do have one, we’ll just recommend a slight change to your DMARC record so we can start building your reports. Then you just wait until email is delivered and DMARC reports begin to be filed and viewable with MxToolbox!

You can even access DMARC Reporting from your DMARC Monitor!

DMR - monitor access.jpeg

Email and DNS Provider Data

Have you ever looked up at the MX records for a company and wondered who their mail hosting provider was?   Maybe you are looking for prospects with a particular hosting service or need to know if that company is using your services or going it on their own?  Are they adequately protected?

Similarly, wouldn’t it be nice to know who the DNS provider is for a company?  This could be useful for prospecting or diagnosing issues.  Why can’t I reach XYZ.com?  Oh, their DNS provider is down…

mail-provider-zoom

Well, now you can get this information from the most trusted provider of tools and monitoring solutions for IT administrators, MxToolbox.  We include Email and DNS provider data on MX, and DNS lookups (specifically mx: and dns: now a record).  More information simplifies your work and makes your daily life easier.

mail-providerdns-provider

Have a list of domains or IP addresses you need information on?  MxToolbox Bulk Lookup is the answer!   The best suite of online tools, MxToolbox Professional, now includes our enhanced Bulk Lookup Tool which provides:

  • IP address
  • Geo Location
  • AS Number
  • AS Name
  • Blacklist status
  • SOA
  • MX Records
  • Name Servers
  • Email Provider
  • DNS Provider

MxWatch monitoring packages include the MxToolbox Professional interface, a number of monitors and the Bulk Lookup Tool.  A Basic Plan comes with 2000 bulk lookups a month, while our Pro Plan includes 20k.  Upgrade today to get started!

 

Related Domain/IP Information

We’re constantly looking for ways to improve our products and tools to make work easier for our customers.  We know you need more information to accomplish your daily tasks, whether you’re trying to setup a server, recover from an outage, or investigate a security threat.  Knowledge is power, right?

Our Investigator Tool now includes information that we feel will be incredibly important to whatever problem you are investigating:  Related Domains and Related IPs.  

Investigator_related_domains.jpg

Now you will know what domains and IPs are related to the domain you are researching.

  • Is the domain hosted on the same IP as a potentially bad actor?
  • Does the site have subdomains or associated domains that might be problematic?
  • Is the domain associated with strange or unsavory types?
  • Is this connected by IP address or Google Adwords ID?

With Related IPs you can quickly see GeoLocation, ASN and CIDR block information for IPs related to the domain you’re searching.

More information to make your research easier and more comprehensive.  Check out the new Investigator today.

Response Transcripts

We recently launched a powerful new feature that gives our paid MxWatch Monitoring customers more information about our tests on their servers and services and why our customers were alerted to a system being out.

Response Transcripts provide the full JSON transcript of the actions and sub-actions run against your server and their values.  From this you can review how your server was tested and what failed so that it is easier for you to determine what steps to take to fix your issues.

To find the Response Transcript:

  • Login to MxToolbox, and click on a monitor
  • On the right hand side, select the History tab

screen-shot-2017-01-13-at-4-51-29-pm

  • You will see a list of Test Results and their Status
  • Click the Details button on the row about which you’d like more information
  • The row will expand to provide you with the complete JSON transcript

screen-shot-2017-01-13-at-4-32-14-pm

We feel the more information you have, the easier it will be for you to diagnose your issues.  With Response Transcripts you get everything we know about the tests we’re making on your systems.

Questions?  Contact our Support Team and we’ll help you out and add it to the blog.

Need monitoring?  Get MxWatch Monitoring, the best comprehensive suite of monitoring tools to ensure the uptime and quality of your services.

EFnetrbl.org Blacklist Alarms

We are currently investigating this event.  It may be a signal that they are shutting down operations. As such, we have stopped monitoring them until we can ascertain their status.
You do not need to worry about any impact on your monitors, as it appears to be either an issue with their systems (did not renew their domain) or they are in the process of shutting down.

Still listed?

Every so often a customer contacts us because they feel it is taking too long to be de-listed from a blacklist or they were almost immediately re-listed on a blacklist.  We have a few recommendations for you:

First, be patient!  Some blacklists are operated by a small team that must field hundreds or thousands of requests every day.  They need time to get to your issue.  Some blacklists require a minimum delay before they will delist an IP address or domain.  This is for everyone’s protection.  They have no credibility as an anti-spam service if they delist a regular spammer or if they delist someone with a malware infestation before it has been remedied.  Blacklist administrators need time to trust your servers again.  Give them time.  It’s painful for you, but it’s temporary.

Second, research your issue!  You may not think you have an issue, but it is very rare that your email randomly dropped into a honeypot or other spamtrap that blacklist administrators use to create their lists.  You have an issue, somewhere.  It might be a malware infection, it might be an accidental   inclusion in an email campaign, it could be an internal user sending malicious email by accident.  Regardless, you need to do some research into your systems to make sure it doesn’t happen again!  And, you may need to look into your internal email controls and policies.  You should be doing this anyway, but now is the time to make a special effort!

Finally, fix your issue!  Put new policies in place.  Invest in new email controls.  Talk with Marketing about how they do campaigns.  Setup user controls.  Sweep your systems for malware.  Clean your house.  This will save you time and money down the road.  And, you can mention all this in your next request to delist.  The blacklist provider will appreciate the work.

Why do all this work if it was an accident?  How do you know it was really an accident you were listed?  You don’t unless you look into it and there’s tremendous risk in assuming that you’re “okay”.  The downside of being listed a second or third time is severe:  you will be listed for a much longer time and it will be much more difficult to be delisted.  In fact, most blacklist administrators have a three-strikes policy.  A third listing and you’ll likely be blacklisted for the better part of a year.  Continued listing could get you on their permanent blacklist.

Yes, I am trying to scare you.  Yes, this is serious.  Yes, this requires you to work to fix the issue.  Get started!  The downside is much more severe than the minor inconvenience you are experiencing with your first blacklisting or even with your delisting request being delayed.  And, remember, paid MxToolbox users don’t have to go it alone: we provide delisting support services to help you get off these lists.  But, we can’t magically delist you:  you still have to do the work.