Hosting client websites DNS - Blacklist

Okay my focus hasn't been on web hosting for a while, so trying to figure out angles/best practice now to address the following.

we're a company with our own exchange server, domain etc...
we set up sites for customers, hosted on external servers, that we our internal DNS servers have the pointer records for. example.
office domain is "ourcompany.com'  webmaster sets up the customers website/store and then request we put in entry in our dns for that subdomain pointing to the hosted company ip  resulting e.g. customer.ourcompany.com and www.customer.ourcompany.com.

Our email domain ourcomapny.com get blacklisted due to this association at times.

Trying to think through alternatives to this setup where our Internal DNS doesn't have to be used and the association to our ourcompany.com can be eliminated or compromised less?

late, so hope explained it enough/right.  Thx
dee30Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Daniel McAllisterPresident, IT4SOHO, LLCCommented:
It is unlikely that your company domain NAME is being blacklisted, rather that the IP address is being blacklisted.

DNS Blacklists are often a swirl of cris-crossing dependencies - that is, you get listed on one and suddenly you're listed on others because you're listed on the one. THAT particular system of SPAM blocking is, in my opinion, breaking down and may become obsolete if the different "vendors" don't get their acts together.

Still, it is important to monitor your IP addresses on those lists, so I recommend the valli.org website. They allow you to search based on names AND IP addresses. As you'll see, there are far fewer that will block based on NAME than on IP address.

If you are concerned about your internal company mail, use a separate IP address for your company mail service vs. the mail services you're offering your clients. Thus, when THEY get blacklisted it won't affect YOUR mail flow.

I hope this helps.

Dan
IT4SOHO

PS: You may also want to look into using a commercial mail filtering service.
0
Davis McCarnOwnerCommented:
http://www.mxtoolbox.com will let you enter the domain name, get its mx record(s), check for blacklisting, and find out why.  The only way I can think of to stop their activity from getting you blacklisted would be to setup a different ip address for your internal email server.
0
Aaron TomoskySD-WAN SimplifiedCommented:
First of all lets separate email and websites. As has been said, your email server public IP address can get into spam lists. To prevent a single spambot in your network from causing this, use a different public ip for your mail server that is not the default for the rest of the company outgoing traffic.

Since you already use domain.com for your ad domain (I recommend using a subdomain like corp.domain.com but that's not fun to change)  the easiest way to move forward is to register a new tld. Something like companyhosting.com or whatever. Leave that DNS nameserver out at godaddy or somewhere, not in your DNS server. What I like to do is add A records for my web servers and then whenever you need to add a client subdominant you login to the web console and add a cname.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

dee30Author Commented:
Quick updates/response.
1. using external email filter company.
2. the hosting company IP address that i am setting up is reported blacklisted, while if i also look up the ourcompany.com primary domain portion of the hostedclient.ourcompany.com domain it is also blacklisted and it says 'because of the hosted company IP".
3. My internal email svr does have it's own public IP. It's not a PAT.

AaronT, I think the new registeration like companyhosting.com like you mentioned may be what we ultimately need to do in that the client sites are clientsite.companyhosting.com and separate it like you said from our internal DNS servers and do all that DNS record main on/at that same external hosting sites offered external DNS servers.  Sound right?
0
Aaron TomoskySD-WAN SimplifiedCommented:
yup. I like godaddy for this as they are cheap and reliable and if you pay a tiny bit for premium dns, you get unlimited records. You can add *.client.companyhosting.com and site1.client.companyhosting.com will take precedence if you add it. Changes happen superfast and you can set ttl as low as 5 min when you are making changes. Even if you don't register your domains there, you can point the nameservers to your account and run dns super easy. I can even manage my dns settings from the iOS app.

Wow, too bad they don't pay me for saying all that! Just sharing my experience.
0
dee30Author Commented:
lol, you sure you don't work for 'oldschool' 'original player' godaddy?  Thank you, I'll work on the transitioning with the webmaster, yippy me, to that structure as the perm fix.  In the interim will work on getting us unlisted, as it seems that hostws address has emails stored in association with some 'vps' account. Again according to the webmaster... I will alot points tomorrow.
0
Aaron TomoskySD-WAN SimplifiedCommented:
for balance, potential negative things about godaddy dns:
1. can't reverse or "." sort records. So there is no way to get a-site1.client.domainhosting.com and f-site1.client.domainhosting.com to line up next to each other. All your staging.*.*.com sites will be next to each other instead of next to their corresponding site.
2. no dns failover. Most people don't care, but dns failover is a stupid-easy-good-enough way to avoid bgp for when you want another ip to take over if the main one goes down.
3. all domains view has no sorting/searching and the "folders" don't make sense. If you put domains in folders, they are still in the no-folder section. As opposed to say an "uncategorized" folder like other places have
4. when you switch to premium dns, it changes your nameservers. So if you don't want to fix that later, get it right off the bat.

Oh, and to me, oldschool is networksolutions :)
Expensive, has much better folder and domain searching, but they are really slow to make changes, editing records is really awful, and their min ttl is 1 hour.  I've added a subdomain, then a few min later added another subdomain, but the first one is still processing or something and even though it shows my second subdomain, it NEVER shows up in nslookup even hours later! So I have to delete subdomain2, wait 15 min or so, then add it again, wait 15 min and then it shows up. Not cool.
0
dee30Author Commented:
Aaron, thank you again and yes nwsolutions def is slow to update. Thank you again for taking the time and providing the explicit info/feedback.
0
dee30Author Commented:
Thank you all for your time/feedback.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.