Solved

Getting blocked by Unknown RBL (realtime spam black/block list) - 88.blacklist.zap

Posted on 2006-10-20
16
27,984 Views
Last Modified: 2011-08-18
Some users of our Exchange server have been unable to send to a few different domains this week. They received the following message:

   user@domain.com on 10/20/2006 9:36 AM
            There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.
            <mail.ourdomain.com #5.5.0 smtp;550 Service unavailable; Client host [208.178.XXX.117] blocked using 88.blacklist.zap; Mail From IP Banned>

(I have changed the email addresses and IP addresses in the message above except for 88.blacklist.zap)

I am familiar with RBLs and have run our mail server's IP through several multi-rbl lists checkers such as http://www.robtex.com/rbls.html and http://shopping.declude.com/Articles.asp?ID=97. We're only listed in BLARSBL (http://www.blars.org/errors/block.html) which appears to be a list that nobody actually uses.

I've googled for 88.blacklist.zap and found NOTHING. I've also searched for blacklist.zap and found other people reporting bounced emails similar to mine, but resulting from a list called ip.blacklist.zap. Thus far I haven't found any information about any real rbl named 88.blacklist.zap or ip.blacklist.zap.

The server also passed the open relay test at http://email-test.com/cgi-bin/webtestmail?cmd=show_openrelay.

So my question is, what is actually causing these emails to be returned with this particular message? Can anyone identify this blacklist.zap and help me take actions to stop emails from bouncing back?

Thanks in advance!
0
Comment
Question by:bizcrown101
  • 4
  • 3
  • 3
  • +4
16 Comments
 
LVL 4

Expert Comment

by:ari24
ID: 17774699
blacklist.zap is a name sometimes used for an internal blacklist
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17775125
Google blacklist.zap and you get many more results.
That IP address range belongs to Global Crossing, so there is a good chance you have got caught in someone's subnet blacklist.
You need to speak to the recipient to find out why you are listed.

Simon.
0
 

Author Comment

by:bizcrown101
ID: 17788283
Could there possibly be a private blacklist sitting somewhere between our mail server and several different mail recipient mail servers? I find it quite peculiar that two completely different mail servers would blacklist our IP and give us the exact same 88.blacklist.zap blacklist response.

Also, what is the significance of the IP address belonging to Global Crossing? Are they well known for letting spam originate from their IP range?
0
 
LVL 104

Accepted Solution

by:
Sembee earned 351 total points
ID: 17788333
There are certain spam blacklists that will block an entire subnet. They will even attempt to blacklist an entire ISP. The logic behind that is to catch as many innocent people as possible, so that the innocents complain to the ISP and the ISP kicks the spammer off their network.

As the IP address is assigned to a major ISP in their static range, you aren't being caught in the dynamic address list information. As you hexed out the rest of the IP address it is impossible to see if you were listed in any other blacklists - so it could be the subnet block.

You may well be caught by the same blacklist being used by multiple recipients. It is almost certainly a private blacklist, so you have no other option but to contact the recipient and ask why the messages are being blocked.

Simon.
0
 

Expert Comment

by:cambria_is
ID: 17792142
My company is going through this right now.  I did a little investigation worked and found out that my client uses Frontbridge (hosted Exchange Service).  I called Frontbridge and they confirmed the error with "88.blacklist.zap."  They also explained that they have implemented a new SPAM filter.  You should give them a call.  Your recipient may not know that they use Frontbridge because their service is resold by ATT, Sprint, etc.  You can get their support number from www.frontbridge.com.

-Michael
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17792149
Frontbridge is a Microsoft service.

Simon.
0
 

Expert Comment

by:AndrewDuey
ID: 17793469
I was gettin the same error "88.blacklist.zap" to discover that the client is using ATT (and presumably frontbridge).  I found a e-mail address of false_positive@frontbridge.com to report false_positives's and we'll see how it goes.

Thanks for the tips above, it's helped me narrow down where the problem is much quicker.
0
 

Expert Comment

by:cambria_is
ID: 17795103
I tried the email last Friday and I have not heard back yet.  So I called yesterday and was on hold for 20 minutes.  The tech support rep. said they are open 24/7 so you can call any time.
0
Do email signature updates give you a headache?

Do you feel like all of your time is spent managing email signatures? Too busy to visit every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 

Expert Comment

by:AndrewDuey
ID: 17795168
So did you get the issue resolved for your network?  Did they say what the 88.blacklist.zap was? Whether it was an internal only list or based off some obsure RBL?  

What was the final result after 20 minutes?
0
 

Expert Comment

by:cambria_is
ID: 17795197
They gave me a ticket number and said it would be fixed within 24 hours.  I am going to call them today to make sure that the process of removing my server from their block is moving.

-m
0
 

Author Comment

by:bizcrown101
ID: 17795697
AndrewDuey & cambria_is:

Thank you MUCH for the responses! I ended up calling the Exchange Hosted Service Support line at (866) 291-7726. After about 15 minutes on hold, and some funky french "please hold" messages, I was able to request my IP removed from the frontbridge blacklists. I recieved no ticket number or anything, so I'll just have to periodically send some test emails to the problem recipients in order to find out if we're still on the blacklist.

I would give the two of you points if I hadn't already accepted an answer.

Thanks again!
0
 

Expert Comment

by:cambria_is
ID: 17807636
As of noon (PST) yesterday, I was off the list.  Yeah their hold music is funny.
0
 

Author Comment

by:bizcrown101
ID: 17812896
Update: I was contacted by the bridgehead support team and notified that our exchange server's IP address is now on their safelist.

Hello,

I appreciate your patience. We have Safelisted IP 208.178.XXX.117 and the change will be in production within the hour.

I believe this issue is now resolved and I will now be closing this case.  If you would like this case reopened please reply to this email for further troubleshooting and the case will reopen automatically.

Please let us know if you have any further questions.

Regards,

Jason
Technical Support
0
 

Expert Comment

by:AndrewDuey
ID: 17847643
I got the same response from bridgehead support.  They  declined to remove our entire IP subnet but did add our exchange server to their while list which was what we really needed.  


cambria_is:  Thanks for the tips, they really helped us out.

--Andrew
0
 

Expert Comment

by:Gunny07
ID: 20676704
Frontbridge spam support/delisting email if anyone needs it is:  delist@frontbridge.com
0
 

Expert Comment

by:Sampat1983
ID: 34533713
Hello Sampath Namberi,

This IP [195.229.241.56] has been reviewed and was removed from the block list.  Note that there is a small period of 1-2 hours after delisting is granted until all of our servers propagate with the new change.

As long as the majority of traffic from this IP to our customers is not filtered as spam, messages will be allowed to flow uninterrupted through our network.  If it is discovered to be spamming again in the future, relisting is likely to occur, and the IP will be more difficult to have removed from the list.

We will now be closing this case.  If you have any further concerns, please let us know.

Regards,

Elizabeth Coleman
Tier 1 Technical Support
(Hours: Sat-Weds 15:00-23:30)
Forefront Online Protection for Exchange (FOPE)  |  Exchange Hosted Archive (EHA) Ticket Assistance: 1146581446
24x7 Phone support: 1-866-291-7726




Still the Email is failing and same NDR is created.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now