Solved

Resolving Blacklisting Issues

Posted on 2016-09-14
4
23 Views
Last Modified: 2016-10-03
Our company recently encountered a blacklisting of our domain due to a certain computer or computers sending out bad information.  I've since run Malwarebytes on all computers but have no idea which computer would have been the cause of the issue.  My questions are as follows:

1) Is there a utility or method I can use to determine which PC or PCs had caused the blacklisting problem?
2) How do I know if the problem has actually stopped so we can be de-listed for good (in addition to the obvious of informing employees of the normal cautions when on the internet)
3) Will obtaining a premium version of Malwarebytes for all computers stop this from happening again in the future?

Any suggestions?
0
Comment
Question by:rsaba
4 Comments
 
LVL 92

Accepted Solution

by:
John Hurst earned 200 total points (awarded by participants)
ID: 41797938
1. You probably cannot find that.
2. You need to make sure the computers are clean and then check the traffic out of each one. Simple approach: Look at the Windows Network Card status.
3. I use my own AV and then supplement with Malwarebytes as needed. You do not want both running at the same time., so scan with Malwarebytes and then full scans with your own AV.

Then go back your ISP and attempt to get of the Blacklist.
You can also appeal to Spamhaus to help you.
0
 
LVL 16

Assisted Solution

by:Dirk Mare
Dirk Mare earned 175 total points (awarded by participants)
ID: 41798070
Check that your exchange server or email relay is not an open email relay that can be used by anyone on the internet.

I agree with John use a network analyzer between your network equipment and your internet router and monitor activity on port 25
Wireshark is a nice tool or if you have access to your router (depends on the router) you can monitor traffic on your network port and get IP address that sending data to port 25

Use mxtoolbox.com to test health of your exchange server and check for blacklists you can also use trend micro rbl
https://ers.trendmicro.com/reputations

DirkMare
0
 
LVL 7

Assisted Solution

by:harryhelp
harryhelp earned 125 total points (awarded by participants)
ID: 41798143
Have you had Cryptolocker or anything similar recently? I've seen cases in the past where a security firm had identified that a computer behind our IP had Crypto and therefore blacklisted us...
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Email signatures have numerous marketing benefits. Here are 8 top reasons to turn your email signature into a marketing channel.
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
This Micro Tutorial will demonstrate the easy use of Gmail embedding images in your email so the recipient of your email can view them in context.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now