Solved

Getting blocked by Unknown RBL (realtime spam black/block list) - 88.blacklist.zap

Posted on 2006-10-20
16
28,031 Views
Last Modified: 2011-08-18
Some users of our Exchange server have been unable to send to a few different domains this week. They received the following message:

   user@domain.com on 10/20/2006 9:36 AM
            There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.
            <mail.ourdomain.com #5.5.0 smtp;550 Service unavailable; Client host [208.178.XXX.117] blocked using 88.blacklist.zap; Mail From IP Banned>

(I have changed the email addresses and IP addresses in the message above except for 88.blacklist.zap)

I am familiar with RBLs and have run our mail server's IP through several multi-rbl lists checkers such as http://www.robtex.com/rbls.html and http://shopping.declude.com/Articles.asp?ID=97. We're only listed in BLARSBL (http://www.blars.org/errors/block.html) which appears to be a list that nobody actually uses.

I've googled for 88.blacklist.zap and found NOTHING. I've also searched for blacklist.zap and found other people reporting bounced emails similar to mine, but resulting from a list called ip.blacklist.zap. Thus far I haven't found any information about any real rbl named 88.blacklist.zap or ip.blacklist.zap.

The server also passed the open relay test at http://email-test.com/cgi-bin/webtestmail?cmd=show_openrelay.

So my question is, what is actually causing these emails to be returned with this particular message? Can anyone identify this blacklist.zap and help me take actions to stop emails from bouncing back?

Thanks in advance!
0
Comment
Question by:bizcrown101
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
  • +4
16 Comments
 
LVL 4

Expert Comment

by:ari24
ID: 17774699
blacklist.zap is a name sometimes used for an internal blacklist
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17775125
Google blacklist.zap and you get many more results.
That IP address range belongs to Global Crossing, so there is a good chance you have got caught in someone's subnet blacklist.
You need to speak to the recipient to find out why you are listed.

Simon.
0
 

Author Comment

by:bizcrown101
ID: 17788283
Could there possibly be a private blacklist sitting somewhere between our mail server and several different mail recipient mail servers? I find it quite peculiar that two completely different mail servers would blacklist our IP and give us the exact same 88.blacklist.zap blacklist response.

Also, what is the significance of the IP address belonging to Global Crossing? Are they well known for letting spam originate from their IP range?
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 104

Accepted Solution

by:
Sembee earned 351 total points
ID: 17788333
There are certain spam blacklists that will block an entire subnet. They will even attempt to blacklist an entire ISP. The logic behind that is to catch as many innocent people as possible, so that the innocents complain to the ISP and the ISP kicks the spammer off their network.

As the IP address is assigned to a major ISP in their static range, you aren't being caught in the dynamic address list information. As you hexed out the rest of the IP address it is impossible to see if you were listed in any other blacklists - so it could be the subnet block.

You may well be caught by the same blacklist being used by multiple recipients. It is almost certainly a private blacklist, so you have no other option but to contact the recipient and ask why the messages are being blocked.

Simon.
0
 

Expert Comment

by:cambria_is
ID: 17792142
My company is going through this right now.  I did a little investigation worked and found out that my client uses Frontbridge (hosted Exchange Service).  I called Frontbridge and they confirmed the error with "88.blacklist.zap."  They also explained that they have implemented a new SPAM filter.  You should give them a call.  Your recipient may not know that they use Frontbridge because their service is resold by ATT, Sprint, etc.  You can get their support number from www.frontbridge.com.

-Michael
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17792149
Frontbridge is a Microsoft service.

Simon.
0
 

Expert Comment

by:AndrewDuey
ID: 17793469
I was gettin the same error "88.blacklist.zap" to discover that the client is using ATT (and presumably frontbridge).  I found a e-mail address of false_positive@frontbridge.com to report false_positives's and we'll see how it goes.

Thanks for the tips above, it's helped me narrow down where the problem is much quicker.
0
 

Expert Comment

by:cambria_is
ID: 17795103
I tried the email last Friday and I have not heard back yet.  So I called yesterday and was on hold for 20 minutes.  The tech support rep. said they are open 24/7 so you can call any time.
0
 

Expert Comment

by:AndrewDuey
ID: 17795168
So did you get the issue resolved for your network?  Did they say what the 88.blacklist.zap was? Whether it was an internal only list or based off some obsure RBL?  

What was the final result after 20 minutes?
0
 

Expert Comment

by:cambria_is
ID: 17795197
They gave me a ticket number and said it would be fixed within 24 hours.  I am going to call them today to make sure that the process of removing my server from their block is moving.

-m
0
 

Author Comment

by:bizcrown101
ID: 17795697
AndrewDuey & cambria_is:

Thank you MUCH for the responses! I ended up calling the Exchange Hosted Service Support line at (866) 291-7726. After about 15 minutes on hold, and some funky french "please hold" messages, I was able to request my IP removed from the frontbridge blacklists. I recieved no ticket number or anything, so I'll just have to periodically send some test emails to the problem recipients in order to find out if we're still on the blacklist.

I would give the two of you points if I hadn't already accepted an answer.

Thanks again!
0
 

Expert Comment

by:cambria_is
ID: 17807636
As of noon (PST) yesterday, I was off the list.  Yeah their hold music is funny.
0
 

Author Comment

by:bizcrown101
ID: 17812896
Update: I was contacted by the bridgehead support team and notified that our exchange server's IP address is now on their safelist.

Hello,

I appreciate your patience. We have Safelisted IP 208.178.XXX.117 and the change will be in production within the hour.

I believe this issue is now resolved and I will now be closing this case.  If you would like this case reopened please reply to this email for further troubleshooting and the case will reopen automatically.

Please let us know if you have any further questions.

Regards,

Jason
Technical Support
0
 

Expert Comment

by:AndrewDuey
ID: 17847643
I got the same response from bridgehead support.  They  declined to remove our entire IP subnet but did add our exchange server to their while list which was what we really needed.  


cambria_is:  Thanks for the tips, they really helped us out.

--Andrew
0
 

Expert Comment

by:Gunny07
ID: 20676704
Frontbridge spam support/delisting email if anyone needs it is:  delist@frontbridge.com
0
 

Expert Comment

by:Sampat1983
ID: 34533713
Hello Sampath Namberi,

This IP [195.229.241.56] has been reviewed and was removed from the block list.  Note that there is a small period of 1-2 hours after delisting is granted until all of our servers propagate with the new change.

As long as the majority of traffic from this IP to our customers is not filtered as spam, messages will be allowed to flow uninterrupted through our network.  If it is discovered to be spamming again in the future, relisting is likely to occur, and the IP will be more difficult to have removed from the list.

We will now be closing this case.  If you have any further concerns, please let us know.

Regards,

Elizabeth Coleman
Tier 1 Technical Support
(Hours: Sat-Weds 15:00-23:30)
Forefront Online Protection for Exchange (FOPE)  |  Exchange Hosted Archive (EHA) Ticket Assistance: 1146581446
24x7 Phone support: 1-866-291-7726




Still the Email is failing and same NDR is created.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
Read this checklist to learn more about the 15 things you should never include in an email signature.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question