Solved

We've been blacklisted--HELP!

Posted on 2006-07-06
4
1,124 Views
Last Modified: 2010-05-18
I am trying to figure out how we got blacklisted by SORBS. I found out our email hosts IP was blacklisted, as well as our own IP from our ISP (two different companies). I am really confused. I called our email hosts and they said they were blacklisted, but it was a mistake and has been rectified. It just seesm weird that we were both blacklisted at the same time. I contacted SORBS and they sent me this response:

*** Collection of IP space considered dynamic
(Dynamic rDNS) 69.x.x.x/x

(rDNS with too short TTL) 69.x.x.x/x

The IP address space identified above is listed in SORBS DUHL list. The IP space _not_ depicted above, is _not_ listed in SORBS DUHL or is eligible for delisting.  More information about this list can be found here (Please read this information thoroughly)

http://www.sorbs.net/faq/dul.shtml

IP Addresses with defined rDNS and a TTL longer than 43200 seconds, have been included because they seem to point to a dynamic IP address. According to our policies, we cannot delist said IP address until actions explained below, are completed in your part.

Names that look generic (ie, include the IP address or a part of it, mention the keywords "pool", "ppp", "customer", etc) are considered by us as an indicator of the IP address being dynamically assigned. You'll find more information regarding this topic at the following RFC draft (single URL, no spaces):

http://www.ietf.org/internet-drafts/draft-msullivan-dnsop-generic-naming-schemes-00.txt

(or use this shorter version instead)

http://tinyurl.com/mo9al

Note that SORBS' tools may cache its results for up to 48 hours. Therefore, if you've recently changed your DNS configuration or intend to do so, please wait before asking us to review your case.

*** IP Space with a TTL too short
69.x.x.x/x

The TTL for the reverse DNS name (rDNS) of the IP address space identified above, is less than the minimum we accept for delisting, 43200 seconds. According to our policies, we cannot delist an address whose rDNS has a TTL lower than this value. Note that we recommend setting the TTL to 86400 seconds at least.

We are setting this ticket to 'Rejected', as an action is required
in your part before we can update our lists regarding the IP address you wrote us about. After one or more of the three options set forth above has been implemented, please reopen this ticket and we will
re-evaluate your case.

If you choose to modify your current DNS configuration, it is very important that you verify the correctness of your changes with a third party before asking us to review your case. This will help us all to help you faster. A reliable third party is the "Reverse DNS Lookup tool" available at http://www.dnsstuff.com/

Also, the tools used by SORBS can cache DNS lookup results for up to 48 hours. Please make sure to wait at least this time before requesting a review of this case or submitting a related one.

Your options at this time, are as follows:

(1) Send your email through your ISP's mail servers, as suggested in various places at our website.

- or -

(2) Have your DNS data modified so that the listed IP address has a clearly non-dynamic rDNS. We suggest that you include the keyword "static" on this name, to avoid future listings. Also, insure that the TTL is set to no less than 43200 seconds (we recommend 86400).

To comply with RFC1912 you must have a matching A record for every PTR record.

- or -

(3) Ask your ISP to get in touch with SORBS with the list of dynamic and static IP allocations within its network, so that our DUHL list can be updated. Note that many large ISPs do this periodically to reduce the inconvenience to its users. In this case, the communication must come from a RIR contact for the affected IP space.

Also note that if you adjust your DNS configuration properly, you may be able to use the automated delisting facility at

https://www.dnsbl.sorbs.net/scgi-bin/dulexclusions

This facility can allow you to quickly delist IP addresses under your control without intervention of SORBS' staff.


Thank you

SORBS Support"

Does anyone have any ideas or suggestions? Our email are bouncing back from some of our major clients!


0
Comment
Question by:kevotron
  • 2
4 Comments
 
LVL 12

Accepted Solution

by:
GinEric earned 500 total points
Comment Utility
Sorbs is unreliable, dnsstuff says they should not be used.  Therefore, you need to send a regular mail letter to the admin of your major client and tell them to remove sorbs as a legitimate source for email spam.

You know, if email fails, there is always the U.S. Mail and other postal outfits.  I would also advise your major client to refrain from using the term "blacklist," since it is offensive to a lot of people around the world.  One spam blocker outfit in California was sued for associating a legitimate site, the holocaust victims site and Sam Weisenthal and the institute, with the word "blacklist."

Most have switched to something more reasonable, blocking or blocklisting.

Sorbs, like others, thinks that you should go through hoops to fix their basic slander.  Blocking a whole /8 prefix block is not a legitimate way to identify spam, plus, it may be libelous.

Sorbs probably won't care until some large outfit says "That's enough from you!"

You can try the delisting, but it only encourages outfits like sorbs to continue in their unthinking approach to fighting spam by accusing the innocent.

Tell your clients not to use sorbs, even if you have to send them a real letter.
0
 
LVL 1

Expert Comment

by:xmaveric
Comment Utility
This is really in your email host's ball court, since they send your mail, they are the ones that need to get de-listed.

You should consider switching to a different host if you are loosing business because of this.
0
 

Author Comment

by:kevotron
Comment Utility
cool thanks for the help, I have heard lots of stuff about SORBS now and it all makes sense. Say, when you say "Blacklist" is offensive to people around the world, is it seen as rascist?
0
 
LVL 12

Expert Comment

by:GinEric
Comment Utility
When you say "blacklist" it is pretty much seen as anti-semitic by at least the Sam Weisenthal Institute.  Sam said their use of the word "blacklist" was defaming to his nazi hunter site, so, yes, I would say that the use of the word "blacklist" is, indeed, racist.  Whether it's a blackball [old London practice designed to weed out unboysclub mariners] or blacklist [a McCarthyism used by the U.S. government, especially the Pentagon after World War Two to put competitors out of business, or just those who disagreed with some pensioners there], it's both offensive and racist.

Both practices, blackballing and blacklisting, are illegal.  Both are un-Constitutional.

A corporation can't be found to be using the terms, so even if they only defend that use by saying they were trying to prevent spam is not going to get them out of hot water and the attention of the Press.  Better off not to use them from the start and to tell the administrator not to use such terms.  It's the bottom line you see, based on the public's perception of their response to legitimate concerns about their participation in society.

No successful CEO would allow the terms.
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now