Resolving Blacklisting Issues

Our company recently encountered a blacklisting of our domain due to a certain computer or computers sending out bad information.  I've since run Malwarebytes on all computers but have no idea which computer would have been the cause of the issue.  My questions are as follows:

1) Is there a utility or method I can use to determine which PC or PCs had caused the blacklisting problem?
2) How do I know if the problem has actually stopped so we can be de-listed for good (in addition to the obvious of informing employees of the normal cautions when on the internet)
3) Will obtaining a premium version of Malwarebytes for all computers stop this from happening again in the future?

Any suggestions?
rsabaAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
JohnConnect With a Mentor Business Consultant (Owner)Commented:
1. You probably cannot find that.
2. You need to make sure the computers are clean and then check the traffic out of each one. Simple approach: Look at the Windows Network Card status.
3. I use my own AV and then supplement with Malwarebytes as needed. You do not want both running at the same time., so scan with Malwarebytes and then full scans with your own AV.

Then go back your ISP and attempt to get of the Blacklist.
You can also appeal to Spamhaus to help you.
0
 
Dirk MareConnect With a Mentor Systems Engineer (Acting IT Manager)Commented:
Check that your exchange server or email relay is not an open email relay that can be used by anyone on the internet.

I agree with John use a network analyzer between your network equipment and your internet router and monitor activity on port 25
Wireshark is a nice tool or if you have access to your router (depends on the router) you can monitor traffic on your network port and get IP address that sending data to port 25

Use mxtoolbox.com to test health of your exchange server and check for blacklists you can also use trend micro rbl
https://ers.trendmicro.com/reputations

DirkMare
0
 
harryhelpConnect With a Mentor Commented:
Have you had Cryptolocker or anything similar recently? I've seen cases in the past where a security firm had identified that a computer behind our IP had Crypto and therefore blacklisted us...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.