Tag Archives: how to

How do I get delisted?

Each blacklist has it’s own method for delisting.  Sometimes it’s a webform, sometimes it is an email.  Almost always, you need to include the steps you took to fix whatever problem put you on a blacklist.  Many blacklist operators see themselves as righteous crusaders fighting against spam, malware, viruses, bad email configurations and poor email operations, so remember when dealing with a blacklist operator, you are the bad actor seeking forgiveness.

Tips for delisting:

    • Read the description of the blacklist – Descriptions on MxToolbox Blacklist Info Pages give you everything you need to know about the blacklist and your reasons for being listed.  
    • Ask yourself “Do I need to be delisted?” and “Is this affecting my business?” – If you do not do business in Spanish, chance are you don’t need to be removed from the NoSolicitado blacklist that only serves Spanish language emails.  If you aren’t seeing any emails bouncing back, then this isn’t a huge issue, yet.  Don’t waste time or get frustrated over listings that have no effect on business.  
      MxToolbox provides filters that allow you to ignore alerts on irrelevant blacklists.  We also provide an MxReputation report that tells you what your global reputation is.  If it’s still high, you might be fine ignoring this blacklist.
    • Take care of the problem that caused the blacklisting – Once you know why you were listed, fix those issues.  Patch servers, run anti-malware/anti-virus software, fire the guy in marketing that was CCing all your customers or whatever you need to do. A blacklist will not delist you if you have changed nothing.
    • Have a detailed list of remediation steps you have taken –
      What did you do to clean viruses or malware?
      What did you do to close hacked accounts and prevent future attacks?
      Have you changed outbound email policies to prevent spam?
      Have you patched servers or firewalls?
    • Visit their site and fill out the required forms carefully and completely – MxToolbox has links to all the blacklist websites, including delisting forms.  Their forms are for their protection.  Their users will question a delisting if it results in further spam, so filling them out completely will aid your case.
    • Be polite – Most blacklists have evidence that your servers have acted badly.  Treat this as a respectful request that your servers be delisted because you are technically the bad actor here.
    • Explain the business impact – Let them know that you have a business that is impacted by being listed.
    • Be patient, wait a few days for a response – This is not an instantaneous delisting process.  Some of these blacklists are small shops with a handful of employees.  They also need time to validate that you are no longer spamming, sending malware or other issues.  They will wait to see that your emails are no longer hitting their spam traps or being reported by any new customers.  Be patient.
    • Don’t make multiple requests – It’s okay to make a second request if you have heard nothing in a few days, but refrain from making multiple requests in the first few days of an inquiry.  Blacklists get hundreds or thousands of requests daily and often duplicates drop to the bottom.
    • Don’t pay to delist – All the blacklists checked by MxToolbox provide free delisting services.  A few offer paid expedited delisting services.  MxToolbox does not recommend paying to delist and we do not condone services that require payment.  

After you’ve gone through these steps, you should consider setting up monitoring on your important IP addresses, especially Email and Web servers.  Monitors can alert you to blacklist events as they emerge, rather than waiting for serious business impacts.  MxToolbox offers a wide range of monitoring solutions from Free, single IP solutions, to real-time large network blacklist monitoring.

How are blacklists used?

Organizations use blacklists to limit security threats like spam, malware and viruses. The IP address of a server sending email is pulled from the email’s header and compared to the blacklist.  Anything that originates from an IP address on the blacklist is refused, quarantined or dumped to a spam folder.  Similarly, content of an email is scanned against the domain blacklist.  Any emails from or containing a domain on a blacklist will be dealt with.

Some companies also utilize blacklists to scan inbound or outbound web traffic or to create web or email filtering appliances.  Many companies purchase or utilize multiple blacklists along with their own blacklist information to minimize the potential for spam, malware or viruses passing through their servers.

MxToolbox provides insight into the blacklist reputation of your IPs and Domains.

 

What is a Blacklist?

A blacklist is simply a list of IP addresses or domain names that an organization has decided to block for one reason or another.  Blacklists started as a means to combat email spam.    Early on, it was just a list of IP addresses or domain names that were sending junk email.  These lists were manually managed with IPs added and removed based upon human interactions between a few systems administrators.  As the Internet evolved these individual lists became larger, more centralized and list curators developed unique tools, spam traps and service models to make the lists more widely available, and more accurate.

There are a few different types of Blacklists that you need to be aware of to fully understand the market.

Public/Private

Public Blacklists are shared publicly via the web or, more traditionally, via DNS.  A public blacklist can be referenced by anyone online to check individual IP addresses.  Checking more than one list or more than one IP requires development of tools, like MxToolbox that can programmatically check these lists.  Often a subscription to the full list can be purchased for use internally, or commercially in appliances or software. Examples of public blacklist are SORBS and Spamhaus Zen.

Private Blacklists have been setup by a company for their own security usage and are not made available externally.  Often, these are considered proprietary or trade secrets because proprietary methods of data collection are used in the curation of the list.  Examples of these include your ISP’s blacklist, Microsoft’s blacklist and those used by security companies.

IP/Domain

IP Blacklists contain a list of IP addresses that are suspect.  Typically, each IP blacklist has a different method of generating suspect email or web traffic and therefore different reason for listing the IP address.  Typical reasons for listing are:

  • Spam has been received from this IP in a honey trap, directly by the organization or has been reported by subscribers to the list.
  • Malware or viruses were sent from this IP address.
  • Open relays or other configuration issues allow for bad actors to exploit the server at this IP address for spam or malware distribution.
  • This IP address has been marked as dynamic (DHCP) by the owner and leased out to their customers.  Since it is dynamic, no servers should be on these IPs and you cannot trust the ones that are.

Note: If you are on a dynamic IP address, you will automatically be blacklisted by most blacklists.  This is normal.  If you’re not sure if you are on a static IP, then you’re probably not on a static IP.

Domain Blacklists simply list domains that have been found in spam email or are known to be sources of malware infections.  There are only a handful of domain blacklists or blacklists that list domains alongside IP addresses.  While a Domain Blacklist is a useful tool to alert you to reputation issues, they do not contain comprehensive domain reputation information.  In general, checking your website’s IP address against an IP blacklist is also necessary to protect the reputation of your website and checking the IP addresses of your email servers is necessary for protecting your email reputation.

You can find the full list of blacklists checked by MxToolbox here.

How do I test my DNS resolution?

DNS setup and resolution is important for your on-going business.  Without properly configured DNS, your customers cannot find you online.  It’s a pretty common story: You setup a new server and configure the DNS and you can see it on your network, but can anyone else get to your server?   Everything isn’t setup and running until you check DNS resolution with an external 3rd party.

Free Tools

Fortunately, MxToolbox provides free tools that allow you to check your DNS resolution externally, so you can verify what your customers see.

Our DNS Lookup tool will return all the authoritative A records for a domain.  This is useful to ensure basic DNS configuration.

Our SuperTool contains a number of useful DNS lookups.  Most often our users check on DNS records for mail like MX, SPF, DMARC, and DKIM.  However, we support the most common DNS lookups, including A, AAAA (for IPv6), PTR, SOA, TXT, LOC and others.supertool

SuperTool also includes a lookup (DNS:) for all the name servers authoritative to your domain so you can see them all at-a-glance.  This lookup includes an analysis of the name server configuration compared to relevant RFCs.dnslookup

MxToolbox Premium Services

A la carte, DNS monitoring with MxWatch Monitoring packages.

Starting at $20/month, you can setup custom DNS monitors for your systems and domains.  These monitors alert you immediately if a record changes or servers fail to respond.  Learn More.

Turn-key DNS monitoring with Domain Health Monitoring.

Domain Health analyzes your domain’s configuration and automatically creates the appropriate DNS, SMTP, and HTTP monitors for your domain.  You get one free Domain Health Monitor with an MxWatch Monitoring package.  Learn More

Comprehensive DNS Change Management and Security Monitoring with DNS Zone Protect.

Our latest product constantly scans  the entire DNS setup for your domain and alerts you when any change is made.  Unlike traditional DNS monitors, DNS Zone Protect can detect the addition of new subdomains that could be the start of a Domain Shadow attack.  Learn More.