Solved

Resolving Blacklisting Issues

Posted on 2016-09-14
4
30 Views
Last Modified: 2016-10-03
Our company recently encountered a blacklisting of our domain due to a certain computer or computers sending out bad information.  I've since run Malwarebytes on all computers but have no idea which computer would have been the cause of the issue.  My questions are as follows:

1) Is there a utility or method I can use to determine which PC or PCs had caused the blacklisting problem?
2) How do I know if the problem has actually stopped so we can be de-listed for good (in addition to the obvious of informing employees of the normal cautions when on the internet)
3) Will obtaining a premium version of Malwarebytes for all computers stop this from happening again in the future?

Any suggestions?
0
Comment
Question by:rsaba
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 96

Accepted Solution

by:
Experienced Member earned 200 total points (awarded by participants)
ID: 41797938
1. You probably cannot find that.
2. You need to make sure the computers are clean and then check the traffic out of each one. Simple approach: Look at the Windows Network Card status.
3. I use my own AV and then supplement with Malwarebytes as needed. You do not want both running at the same time., so scan with Malwarebytes and then full scans with your own AV.

Then go back your ISP and attempt to get of the Blacklist.
You can also appeal to Spamhaus to help you.
0
 
LVL 16

Assisted Solution

by:Dirk Mare
Dirk Mare earned 175 total points (awarded by participants)
ID: 41798070
Check that your exchange server or email relay is not an open email relay that can be used by anyone on the internet.

I agree with John use a network analyzer between your network equipment and your internet router and monitor activity on port 25
Wireshark is a nice tool or if you have access to your router (depends on the router) you can monitor traffic on your network port and get IP address that sending data to port 25

Use mxtoolbox.com to test health of your exchange server and check for blacklists you can also use trend micro rbl
https://ers.trendmicro.com/reputations

DirkMare
0
 
LVL 7

Assisted Solution

by:harryhelp
harryhelp earned 125 total points (awarded by participants)
ID: 41798143
Have you had Cryptolocker or anything similar recently? I've seen cases in the past where a security firm had identified that a computer behind our IP had Crypto and therefore blacklisted us...
0

Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Monitor input from a computer is usually nothing special.  In this instance it prevented anyone from using the computer.  This was a preconfiguration that didn't work.
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question