[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1155
  • Last Modified:

We've been blacklisted--HELP!

I am trying to figure out how we got blacklisted by SORBS. I found out our email hosts IP was blacklisted, as well as our own IP from our ISP (two different companies). I am really confused. I called our email hosts and they said they were blacklisted, but it was a mistake and has been rectified. It just seesm weird that we were both blacklisted at the same time. I contacted SORBS and they sent me this response:

*** Collection of IP space considered dynamic
(Dynamic rDNS) 69.x.x.x/x

(rDNS with too short TTL) 69.x.x.x/x

The IP address space identified above is listed in SORBS DUHL list. The IP space _not_ depicted above, is _not_ listed in SORBS DUHL or is eligible for delisting.  More information about this list can be found here (Please read this information thoroughly)

http://www.sorbs.net/faq/dul.shtml

IP Addresses with defined rDNS and a TTL longer than 43200 seconds, have been included because they seem to point to a dynamic IP address. According to our policies, we cannot delist said IP address until actions explained below, are completed in your part.

Names that look generic (ie, include the IP address or a part of it, mention the keywords "pool", "ppp", "customer", etc) are considered by us as an indicator of the IP address being dynamically assigned. You'll find more information regarding this topic at the following RFC draft (single URL, no spaces):

http://www.ietf.org/internet-drafts/draft-msullivan-dnsop-generic-naming-schemes-00.txt

(or use this shorter version instead)

http://tinyurl.com/mo9al

Note that SORBS' tools may cache its results for up to 48 hours. Therefore, if you've recently changed your DNS configuration or intend to do so, please wait before asking us to review your case.

*** IP Space with a TTL too short
69.x.x.x/x

The TTL for the reverse DNS name (rDNS) of the IP address space identified above, is less than the minimum we accept for delisting, 43200 seconds. According to our policies, we cannot delist an address whose rDNS has a TTL lower than this value. Note that we recommend setting the TTL to 86400 seconds at least.

We are setting this ticket to 'Rejected', as an action is required
in your part before we can update our lists regarding the IP address you wrote us about. After one or more of the three options set forth above has been implemented, please reopen this ticket and we will
re-evaluate your case.

If you choose to modify your current DNS configuration, it is very important that you verify the correctness of your changes with a third party before asking us to review your case. This will help us all to help you faster. A reliable third party is the "Reverse DNS Lookup tool" available at http://www.dnsstuff.com/

Also, the tools used by SORBS can cache DNS lookup results for up to 48 hours. Please make sure to wait at least this time before requesting a review of this case or submitting a related one.

Your options at this time, are as follows:

(1) Send your email through your ISP's mail servers, as suggested in various places at our website.

- or -

(2) Have your DNS data modified so that the listed IP address has a clearly non-dynamic rDNS. We suggest that you include the keyword "static" on this name, to avoid future listings. Also, insure that the TTL is set to no less than 43200 seconds (we recommend 86400).

To comply with RFC1912 you must have a matching A record for every PTR record.

- or -

(3) Ask your ISP to get in touch with SORBS with the list of dynamic and static IP allocations within its network, so that our DUHL list can be updated. Note that many large ISPs do this periodically to reduce the inconvenience to its users. In this case, the communication must come from a RIR contact for the affected IP space.

Also note that if you adjust your DNS configuration properly, you may be able to use the automated delisting facility at

https://www.dnsbl.sorbs.net/scgi-bin/dulexclusions

This facility can allow you to quickly delist IP addresses under your control without intervention of SORBS' staff.


Thank you

SORBS Support"

Does anyone have any ideas or suggestions? Our email are bouncing back from some of our major clients!


0
kevotron
Asked:
kevotron
  • 2
1 Solution
 
GinEricCommented:
Sorbs is unreliable, dnsstuff says they should not be used.  Therefore, you need to send a regular mail letter to the admin of your major client and tell them to remove sorbs as a legitimate source for email spam.

You know, if email fails, there is always the U.S. Mail and other postal outfits.  I would also advise your major client to refrain from using the term "blacklist," since it is offensive to a lot of people around the world.  One spam blocker outfit in California was sued for associating a legitimate site, the holocaust victims site and Sam Weisenthal and the institute, with the word "blacklist."

Most have switched to something more reasonable, blocking or blocklisting.

Sorbs, like others, thinks that you should go through hoops to fix their basic slander.  Blocking a whole /8 prefix block is not a legitimate way to identify spam, plus, it may be libelous.

Sorbs probably won't care until some large outfit says "That's enough from you!"

You can try the delisting, but it only encourages outfits like sorbs to continue in their unthinking approach to fighting spam by accusing the innocent.

Tell your clients not to use sorbs, even if you have to send them a real letter.
0
 
xmavericCommented:
This is really in your email host's ball court, since they send your mail, they are the ones that need to get de-listed.

You should consider switching to a different host if you are loosing business because of this.
0
 
kevotronAuthor Commented:
cool thanks for the help, I have heard lots of stuff about SORBS now and it all makes sense. Say, when you say "Blacklist" is offensive to people around the world, is it seen as rascist?
0
 
GinEricCommented:
When you say "blacklist" it is pretty much seen as anti-semitic by at least the Sam Weisenthal Institute.  Sam said their use of the word "blacklist" was defaming to his nazi hunter site, so, yes, I would say that the use of the word "blacklist" is, indeed, racist.  Whether it's a blackball [old London practice designed to weed out unboysclub mariners] or blacklist [a McCarthyism used by the U.S. government, especially the Pentagon after World War Two to put competitors out of business, or just those who disagreed with some pensioners there], it's both offensive and racist.

Both practices, blackballing and blacklisting, are illegal.  Both are un-Constitutional.

A corporation can't be found to be using the terms, so even if they only defend that use by saying they were trying to prevent spam is not going to get them out of hot water and the attention of the Press.  Better off not to use them from the start and to tell the administrator not to use such terms.  It's the bottom line you see, based on the public's perception of their response to legitimate concerns about their participation in society.

No successful CEO would allow the terms.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now