Black Listed DOMAIN SERVER... NOT MX Server

My Domain is being email black listed by:
NOMOREFUNN
SPAMCANNIBAL
and Tiopan

In particular I mean my DOMAIN server has be blacklisted and NOT the third party email provider that i use to send emails (Smart Host). The Smart Host is my mail server (My MX records point to the Smart Host only)...

HERE's why i'm confused...

DOMAIN SERVER = IP Address 123.xxx.xxx.111
MX SERVER = IP Address 321.xxx.xxx.222

Address 123.xxx.xxx.111 is BLACKLISTED...
Address 321.xxx.xxx.222 is NOT BLACKLISTED...

this makes NO sense to me.

1 more important factor:
- We have a mail CLIENT that runs on our Domain Server (IP 123.xxx.xxx.111) that SENDS EMAILS TO the SMTP server of our Smart Host (IP Address 321.xxx.xxx.222) just like you would configure Outlook to send emails through smtp.gmail.com or something on your desktop computer.

- I do know that when you view the header information of emails that the original computer's IP address shows up ALONG with the Smart Host's IP address... it's usually further down the list of "Received From" in the header...

- SO, another question would be, does that count? Do recipient email servers COUNT this email as coming from BOTH my Smart Host AND my Domain Host IP address?

See the attached file for an example of such a case. It's a mocked up email header of what this would look like if you sent an email this way to a ---@gmail.com address.
Email-Header.pdf
jono55Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris DentPowerShell DeveloperCommented:

> The Smart Host is my mail server (My MX records point to the Smart Host only)...

Used for outbound mail as well?

> DOMAIN SERVER = IP Address 123.xxx.xxx.111

What do you mean by Domain server? The IP you get when you lookup "yourdomain.com"?

> SO, another question would be, does that count?

It shouldn't. SMTP systems (and anti-spam filters) are only supposed to consider the reputation and settings of the server that last handled the mail. i.e. the Smart Host.

There's no point in checking further back in the chain, in many cases that'll be internal mail systems which are neither accessible or valid in the public domain.

> Address 123.xxx.xxx.111 is BLACKLISTED...

Are you actually suffering because of this?

And is this also the global outbound NAT address for your network? That is, might there be anything else on that IP? It is possible that something else on your network is attempting to send mail.

Chris
0
jono55Author Commented:
Hi Chris, i'm so glad i ran into you here... you really seem to know what you're talking about!

>Used for outbound mail as well?

Yes. I use a email list server host as my smtp server... NOT my Dedicated Server upon which my website resides (and @ A Record is pointed to).


>What do you mean by Domain server? The IP you get when you lookup "yourdomain.com"?

I mean the server to which my @ A Record is pointed to... and Yes, the IP i get when i lookup "mydomain.com" (and subsequently the IP address that get's "checked" when i enter in my domain name into one of these DNSBL checkers...)


>It shouldn't. SMTP systems (and anti-spam filters) are only supposed to consider the reputation and settings of the server that last handled the mail. i.e. the Smart Host.

So, when you use a word like "shouldn't" instead of doesn't... does that mean it MAY?


>There's no point in checking further back in the chain, in many cases that'll be internal mail systems which are neither accessible or valid in the public domain.

Great point. Makes me think you're probably right in your "shouldn't" statement above. I totally understand and agree with your logic here... hadn't thought of it.


>Are you actually suffering because of this?

Well... i mean... is there really a GOOD way to know this? Sending emails is part of my business... more than just 1 to 1 emails... we're a Email Survey company :) SOOOOOO, unless you have a way that i can check to see if we're really suffering... i guess just being on a blacklist and assuming that i am getting blocked because of it (though obviously not by all or even most email providers) is enough to make me uneasy.


>And is this also the global outbound NAT address for your network? That is, might there be anything else on that IP? It is possible that something else on your network is attempting to send mail.

Absolutely NOTHING else on that specific IP address. It's on my dedicated server that ONLY uses that particular IP address for IIS and even more, ONLY for that 1 website... i would know if something else was using it.
0
Encrypted1024Commented:
Just to further along on what has basically been said. If your SMTP smart host isn't being blacklisted then who cares? You can send and receive mail right? The thing to ask is why would your Domain get blacklisted and how would you even check? Most blacklist checks I have seen query your mx record IP address even if you put in your domain name to test.

If for some reason you are on a blacklist then it is very likely that a PC or Server at your IP has some sort of virus that is sending out unsolicited SMTP traffic.
0
Webinar: Miercom Evaluates Wi-Fi Security

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom how WatchGuard's Wi-Fi security stacks up against the competition in our upcoming webinar!

Chris DentPowerShell DeveloperCommented:

> So, when you use a word like "shouldn't" instead of doesn't...
> does that mean it MAY?

I'm always reluctant to say "must not", or "will not" there because you can never account entirely for poor decisions made by some anti-spam engine developers / administrators. There are hundreds, or thousands of bits of anti-spam software after all.

We can be sure that none of the larger anti-spam systems will condemn you for the servers handling the mail prior to the final smart-host / relay.

So, should not, and if they do it's their problem rather than yours. I realise that's not too helpful considering your business, but there's only so much you can do.

> Well... i mean... is there really a GOOD way to know this?

Unfortunately not. But since you're not using the IP address to send mail then you should (sorry, back in that territory again) not suffer.

> i guess just being on a blacklist and assuming that i am getting blocked
> because of it (though obviously not by all or even most email providers)
> is enough to make me uneasy.

I'm curious, if you request removal, do you find the address is re-added?

I honestly cannot see many, or any, of these applying to anything but your Relay (Smart Host). Still, lookup both your domain IP and your relay IP on each of these?

NOMOREFUNN: http://www.moensted.dk/spam/no-more-funn/
SPAMCANNIBAL: http://www.spamcannibal.org/cannibal.cgi
Tiopan: http://www.tiopan.com/blacklist.php

No lookup tool for the last unfortunately.

Some of the notes in there do raise another question. How long have you had the IP address we're discussing? Has it been yours for a very long time?

Chris
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Alan HardistyCo-OwnerCommented:
If your IP is blacklisted, there is usually a very good reason, such as you have a virus that is spewing out spam or you are an open / authenticated relay.

If you have not already, visit www.mxtoolbox.com/blacklists.aspx, put in your Internet facing IP address and then follow the links to the blacklisting sites to understand why you are blacklisted (which Chris is advising above).

Once you know why you are listed, you can take action accordingly.  Without knowing, it is just like a blind man looking for a black cat in a dark room that isn't there!!!
0
jono55Author Commented:
Chris-

I have only had the IP for about 1 year...
But, this isn't the first time i've checked for DNSBL on it... however it's the first time that the results have come back that we ARE blacklisted...

I should have checked WHY we were being blacklisted earlier... now it's too late because they've already removed us from the list on SpamCannibal...

No-more-funn however hasn't taken us off YET... and their reason is a bit more reassuring:

"This ip is as a part of a listed netblock. This do NOT indicate that we think YOU are a spammer.This indicate that we in general don't trust your ISP/Contry/Connection type. However if you click "Whitelist/Exclude IP" your host will be automaticaly removed."


SOOOOOO, maybe i'm just being overly cautious.

You're information was FANTASTIC, thanks for answering so many questions... definitely valuable to me going forward.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Protocols

From novice to tech pro — start learning today.