Help! My IP address keeps getting blocked by SPAM blocking lists!!!

J

jyi786

Supreme [H]ardness
Joined
Jun 13, 2002
Messages
5,758
For no reason, out of the blue, my company IP address has started to get blocked by SPAM blocking lists, most importantly, the CBL. We don't do anything like spamming at all; we don't even have the internet capacity to do that (768/128 turtle DSL). I keep delisting our IP address, but it keeps getting relisted after a few hours.

I checked our network for viruses, but there are none. We don't run an open proxy; never have. I also checked our SMTP config; only recently was a new access rule added to the ISA firewall policy, but I don't think it has anything to do with this scenario; at any rate, I disabled that policy temporarily until I can figure this one out.

What can I do to stop my IP from getting relisted at the SPAM blocking lists?

Thanks for your help guys.
 
Your IP address may be being blocked because of a reverse lookup failure. Check your DNS entries and configuration to ensure they are correct, then check with your ISP to ensure there is a PTR record for your email server.
 
Orinthical said:
Your IP address may be being blocked because of a reverse lookup failure. Check your DNS entries and configuration to ensure they are correct, then check with your ISP to ensure there is a PTR record for your email server.
Click to expand...

I will check this with the ISP. However, I should note, that nothing ever changed in terms of configuration with the ISP, either on our server or on their end; it's been the same for about 3 years. Has it ever happened where the ISP would inadvertently break DNS entries and cause reverse lookup failure?
 
ajm786 said:
Has it ever happened where the ISP would inadvertently break DNS entries and cause reverse lookup failure?
Click to expand...
Yes. It's also likely that you have one for your principle domain name but your mail server (MX) itself does not have a reverse lookup record.
 
Orinthical said:
Yes. It's also likely that you have one for your principle domain name but your mail server (MX) itself does not have a reverse lookup record.
Click to expand...

I am checking the DNS zones on the server, and I see a whole bunch of records in the reverse lookup zones.

Again, I should reiterate that I didn't do anything to these settings, and they've been working fine until now. I guess I should then point the finger at the ISP, correct?
 
They may have just switched over to checking reverse DNS

you dont need a fat pipe to spam, sending emails from an IP with no reverseDNS record will get you on spam lists.

Domains like Hotmail / Yahoo and AOL all do reverse DNS look-ups and wont accept emails from domains with out it

also Hotmail has a max %10 failure rate also, more then %10 hard bounces and they block you.
 
Ok, I verified with the ISP that they didn't have a PTR record, so they need to get one on there.

They were asking me what address do I want the PTR record to point back to. What address should I give them? Should I give them the domain address for my mail controller (server)?
 
ajm786 said:
Ok, I verified with the ISP that they didn't have a PTR record, so they need to get one on there.

They were asking me what address do I want the PTR record to point back to. What address should I give them? Should I give them the domain address for my mail controller (server)?
Click to expand...
Glad it looks to be something relatively simple then. Don't be surprised if you're still being automatically added to block lists for 3-5 days, it takes time for the records to replicate around the globe.

To resolve this problem, follow these steps:
1. Make sure that your public DNS records that are hosted on your DNS server are correct. On your DNS server, examine the following:
• You must have an MX record for your domain that points to a valid Host (A) record. For example, the MX record for source.com points to mail.source.com. mail.source.com is a valid e-mail server.
• Make sure that the Host (A) record points to a valid IP Address. For example, make sure that mail.source.com points to 209.54.61.76. This is the correct public IP Address for your e-mail server.
2. For every SMTP server or Exchange Server computer that sends outgoing Internet e-mail, make sure that there is a valid PTR record for the Public IP address of that sending SMTP server or Exchange Server computer. This may be a firewall, a router, or another device that used to publish your domain information to an IP address that is visible by Internet hosts.

For example, your Exchange Server computer is behind a firewall with an internal IP of 10.10.10.1, and the firewall has an external IP of 4.3.2.1.

When the Exchange Server computer sends e-mail to source.comdomain through the firewall, the receiving mail server sees that the 4.3.2.1 IP address is connecting for SMTP Communication. The receiving e-mail server performs a reverse DNS lookup against this IP address, not necessarily the MX record. The e-mail server must find a PTR for 4.3.2.1 pointing to a valid host record in the source.com domain.
Click to expand...
Source: http://support.microsoft.com/kb/300171
 
MrGuvernment said:
They may have just switched over to checking reverse DNS

you dont need a fat pipe to spam, sending emails from an IP with no reverseDNS record will get you on spam lists..
Click to expand...

Yup.....more and more it's used by bigger mail hosts...so those people with mail servers that never setup a RevDNS (PTR)....just because your mail worked fine over the past couple of years..doesn't mean it will continue to work fine.
 
Orinthical said:
Glad it looks to be something relatively simple then. Don't be surprised if you're still being automatically added to block lists for 3-5 days, it takes time for the records to replicate around the globe.


Source: http://support.microsoft.com/kb/300171
Click to expand...

Thanks for the advice. I am definitely aware of the time that it may require for propagation.

It's a bit confusing though. I checked the MX record, and it points to my IP address properly, but also points to my domain controller, which is, for example, xxx.domain.com. When I talked to the rep at Verizon, he said that I should give him the xxx.domain.com instead of the actual IP address for the PTR record, which I did.

Should I have simply given him my external IP address for the PTR record, which is the very same static IP address that we are using for the server in the first place?
 
Something I've had a few complaints about in the past is customers finding they are blocked because their IP is allocated as being dynamic.

Just something else to keep in mind.
 
Yes, dynamic IP's are also denied i beleive by AOl and hotmail.

microsoft has a few ideas to implement email checking which arent industry standard but MS standard


the verizon person prob said domain incase you get some new IP, your domain would be switched so it will "should" always point to the proper IP.

if you have a static IP, it doesnt really matter, but if you do have a dymanic IP, domain is best as long your domain always has point to your mail server sending the emails.


i had to do endless research on this when our opt-in lists were just not showing up in hotmail with no return error or bad delivery reports coming back, AOL and Yahoo are nice enough to tell you you are blocked and what to do.
 
You must log in or register to reply here.
Back
Top