shmeezy
asked on
Is my email domain blacklisted?
How do i find out the ip address of my email domain without contacting my ISP?
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
I'm trying to understand the difference between a DOMAIN NAME being blacklisted VERSUS the IP address that a Domain resides upon being blacklisted....
OR are these things 1 in the same?
Short background:
When i use these online "Black List" checking tools for my domain (vsurv.com) i am told that my ip address (209.85.23.178) IS black listed... This is the IP address of the server upon which VSurv.com is pointed to (ie: The "A Record" for Vsurv.com = @ 209.85.23.178).
BUT! We don't use that IP address (or server) to send emails! it has no SMTP server on it... it IS NOT set to be a MX server... in fact we use GOOGLE as our mail server (via Google Apps). Google is setup in our DNS records as our MX Servers. and our SPF record PASSES with GOOGLE as our email sender....
So i don't understand why VSurv.com is being blacklisted for IP address 209.85.23.178 when we don't send emails from that server!
H E L P !
OR are these things 1 in the same?
Short background:
When i use these online "Black List" checking tools for my domain (vsurv.com) i am told that my ip address (209.85.23.178) IS black listed... This is the IP address of the server upon which VSurv.com is pointed to (ie: The "A Record" for Vsurv.com = @ 209.85.23.178).
BUT! We don't use that IP address (or server) to send emails! it has no SMTP server on it... it IS NOT set to be a MX server... in fact we use GOOGLE as our mail server (via Google Apps). Google is setup in our DNS records as our MX Servers. and our SPF record PASSES with GOOGLE as our email sender....
So i don't understand why VSurv.com is being blacklisted for IP address 209.85.23.178 when we don't send emails from that server!
H E L P !
First, I suggest you open a new question so more experts will be able to see it.
Second, You might want to think seriously before you post your domain and external IP address again. That's always a no no in a public forum, and opens your network up to attacks from hackers. You are basically giving a potential hacker your external IP address, domain name and telling them your current problem. For all you know, I could be a hacker....and now I can target your network. Believe it or not, tech sites like this can be a haven for hackers.
But, I will say that (from my understanding of your setup) that it sounds like you may have a couple of computers on your network with malware infections that could be sending out spam and making it look like it's coming from your A record. That's just a possibility I see. I'd make sure all your computers are free from malware and have their firewalls on. Then, typically, on your corporate firewall you can set it up so it ONLY will send or recieve email from your server. So if ComputerA, ComputerB try sending out spam email, your corporate firewall will block it.
Another possibility is that a large number of emails were spoofed (which they typically are) and your network was the "sender". Send a request for your IP address to be taken off the blacklist. Then just monitor it every few weeks to see if it comes back.
Second, You might want to think seriously before you post your domain and external IP address again. That's always a no no in a public forum, and opens your network up to attacks from hackers. You are basically giving a potential hacker your external IP address, domain name and telling them your current problem. For all you know, I could be a hacker....and now I can target your network. Believe it or not, tech sites like this can be a haven for hackers.
But, I will say that (from my understanding of your setup) that it sounds like you may have a couple of computers on your network with malware infections that could be sending out spam and making it look like it's coming from your A record. That's just a possibility I see. I'd make sure all your computers are free from malware and have their firewalls on. Then, typically, on your corporate firewall you can set it up so it ONLY will send or recieve email from your server. So if ComputerA, ComputerB try sending out spam email, your corporate firewall will block it.
Another possibility is that a large number of emails were spoofed (which they typically are) and your network was the "sender". Send a request for your IP address to be taken off the blacklist. Then just monitor it every few weeks to see if it comes back.
Thanks for the gentle warnings. But other than simply putting my domain name and IP address "on the radar" for hackers that might use this forum... it's really not any information that you couldn't find out VERY easily...
The IP address and domain name i gave are from our public web server hosted in a data center... people find us on google every day... and hackers try to attack us every day :)
This isn't my internal server here at our office...
The IP address and domain name i gave are from our public web server hosted in a data center... people find us on google every day... and hackers try to attack us every day :)
This isn't my internal server here at our office...
It's not just your domain and IP address, it's also the fact that your explaining the problem and your network/email configuration along with it. This is one of the things that's taught/explained in the C|EH exam. Anyways, I'm not trying to preach or argue, do want you want.
Have a great day :)
Have a great day :)
Thanks!
Soooooo.... Any thoughts? Now that u know this isn't an office LAN, and assuming that it IS something I've done (as opposed to something my host did...), what is a likely explanation?
Soooooo.... Any thoughts? Now that u know this isn't an office LAN, and assuming that it IS something I've done (as opposed to something my host did...), what is a likely explanation?
ASKER