Help! My IP address keeps getting blocked by SPAM blocking lists!!!

Discussion in 'Networking & Security' started by jyi786, Jan 3, 2008.

  1. jyi786

    jyi786 [H]ardness Supreme

    Messages:
    5,461
    Joined:
    Jun 13, 2002
    For no reason, out of the blue, my company IP address has started to get blocked by SPAM blocking lists, most importantly, the CBL. We don't do anything like spamming at all; we don't even have the internet capacity to do that (768/128 turtle DSL). I keep delisting our IP address, but it keeps getting relisted after a few hours.

    I checked our network for viruses, but there are none. We don't run an open proxy; never have. I also checked our SMTP config; only recently was a new access rule added to the ISA firewall policy, but I don't think it has anything to do with this scenario; at any rate, I disabled that policy temporarily until I can figure this one out.

    What can I do to stop my IP from getting relisted at the SPAM blocking lists?

    Thanks for your help guys.
     
  2. Orinthical

    Orinthical [H]ard|Gawd

    Messages:
    1,635
    Joined:
    Jun 7, 2004
    Your IP address may be being blocked because of a reverse lookup failure. Check your DNS entries and configuration to ensure they are correct, then check with your ISP to ensure there is a PTR record for your email server.
     
  3. jyi786

    jyi786 [H]ardness Supreme

    Messages:
    5,461
    Joined:
    Jun 13, 2002
    I will check this with the ISP. However, I should note, that nothing ever changed in terms of configuration with the ISP, either on our server or on their end; it's been the same for about 3 years. Has it ever happened where the ISP would inadvertently break DNS entries and cause reverse lookup failure?
     
  4. Orinthical

    Orinthical [H]ard|Gawd

    Messages:
    1,635
    Joined:
    Jun 7, 2004
    Yes. It's also likely that you have one for your principle domain name but your mail server (MX) itself does not have a reverse lookup record.
     
  5. jyi786

    jyi786 [H]ardness Supreme

    Messages:
    5,461
    Joined:
    Jun 13, 2002
    I am checking the DNS zones on the server, and I see a whole bunch of records in the reverse lookup zones.

    Again, I should reiterate that I didn't do anything to these settings, and they've been working fine until now. I guess I should then point the finger at the ISP, correct?
     
  6. MrGuvernment

    MrGuvernment [H]ard as it Gets

    Messages:
    19,159
    Joined:
    Aug 3, 2004
    They may have just switched over to checking reverse DNS

    you dont need a fat pipe to spam, sending emails from an IP with no reverseDNS record will get you on spam lists.

    Domains like Hotmail / Yahoo and AOL all do reverse DNS look-ups and wont accept emails from domains with out it

    also Hotmail has a max %10 failure rate also, more then %10 hard bounces and they block you.
     
  7. jyi786

    jyi786 [H]ardness Supreme

    Messages:
    5,461
    Joined:
    Jun 13, 2002
    Ok, I verified with the ISP that they didn't have a PTR record, so they need to get one on there.

    They were asking me what address do I want the PTR record to point back to. What address should I give them? Should I give them the domain address for my mail controller (server)?
     
  8. Orinthical

    Orinthical [H]ard|Gawd

    Messages:
    1,635
    Joined:
    Jun 7, 2004
    Glad it looks to be something relatively simple then. Don't be surprised if you're still being automatically added to block lists for 3-5 days, it takes time for the records to replicate around the globe.

    Source: http://support.microsoft.com/kb/300171
     
  9. YeOldeStonecat

    YeOldeStonecat [H]ardForum Junkie

    Messages:
    11,330
    Joined:
    Jul 19, 2004
    Yup.....more and more it's used by bigger mail hosts...so those people with mail servers that never setup a RevDNS (PTR)....just because your mail worked fine over the past couple of years..doesn't mean it will continue to work fine.
     
  10. jyi786

    jyi786 [H]ardness Supreme

    Messages:
    5,461
    Joined:
    Jun 13, 2002
    Thanks for the advice. I am definitely aware of the time that it may require for propagation.

    It's a bit confusing though. I checked the MX record, and it points to my IP address properly, but also points to my domain controller, which is, for example, xxx.domain.com. When I talked to the rep at Verizon, he said that I should give him the xxx.domain.com instead of the actual IP address for the PTR record, which I did.

    Should I have simply given him my external IP address for the PTR record, which is the very same static IP address that we are using for the server in the first place?
     
  11. scoob8000

    scoob8000 2[H]4U

    Messages:
    2,829
    Joined:
    May 4, 2002
    Something I've had a few complaints about in the past is customers finding they are blocked because their IP is allocated as being dynamic.

    Just something else to keep in mind.
     
  12. MrGuvernment

    MrGuvernment [H]ard as it Gets

    Messages:
    19,159
    Joined:
    Aug 3, 2004
    Yes, dynamic IP's are also denied i beleive by AOl and hotmail.

    microsoft has a few ideas to implement email checking which arent industry standard but MS standard


    the verizon person prob said domain incase you get some new IP, your domain would be switched so it will "should" always point to the proper IP.

    if you have a static IP, it doesnt really matter, but if you do have a dymanic IP, domain is best as long your domain always has point to your mail server sending the emails.


    i had to do endless research on this when our opt-in lists were just not showing up in hotmail with no return error or bad delivery reports coming back, AOL and Yahoo are nice enough to tell you you are blocked and what to do.