How to know if I'm blacklisted
mkettler at evi-inc.com
Wed Jan 16 15:27:59 GMT 2008
Juan Pablo Lorier wrote:
> Hi everybody,
> I think that maybe our domain is blacklisted as spam because some people
> told us we are being filtered as spam. So the question is how do I find
> out where I'm listed as spam and how do I change this.
First, try to find out from those "some people" what filter they're using, and
if that filter provides any more results than just yes/no. Tools like
MailScanner provide a list of reasons why a message was filtered, such as this:
X-EVI-MailScanner-SpamCheck: spam, SpamAssassin (score=35.787, required 5,
autolearn=spam, BAYES_99 3.50, DCC_CHECK 1.50, DIGEST_MULTIPLE 0.77,
HELO_DYNAMIC_DHCP 3.07, HELO_DYNAMIC_IPADDR 4.20,
INFO_GREYLIST_DELAYED 0.40, NO_REAL_NAME 0.96,
RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E8_51_100 1.50,
RAZOR2_CHECK 0.50, RCVD_IN_BL_SPAMCOP_NET 1.56, RCVD_IN_PBL 0.00,
RCVD_IN_SORBS_DUL 2.05, RCVD_IN_XBL 3.90, SURBL_MULTI1 -0.50,
SURBL_MULTI2 -0.20, URIBL_BLACK 1.50, URIBL_BLACK_OVERLAP -1.00,
URIBL_JP_SURBL 4.09, URIBL_OB_SURBL 3.01, URIBL_SC_SURBL 4.50)
If they're no help, then you'll have to start digging on your own.
Most blacklists don't work on domains, they work on IP addresses. So, punch your
mailserver's IP into an RBL checker, like this one:
Assuming this message was sent from your normal mailserver, that's
184.108.40.206, which isn't blacklisted anywhere I can tell.
You can also hit the "host" button at the same RBL lookup site, and enter your
mailserver's hostname: 220.127.116.11.static.netgate.com.uy
All of .uy is blacklisted by rfc-ignorant.org for failing to follow proper whois
standards. However, I doubt many sites trust RFCI sufficiently to filter mail on
it alone. mis-registered domains are so common you'd end up blocking the world.
For example, all of yahoo.com is also listed in RFCI for the same reason.
It's also listed in APEWS, but APEWS isn't credible as a blacklist. Nobody in
their right mind would be using it for mail filtering. As best I can tell over
half the IP addresses in use globally are listed in APEWS, and their list
management is horrid. Even the quite rabid and false-positive prone
uceprotect.net stopped hosting a mirror of it.
So, neither of those are likely your problem, as both are high-false-positive
blacklists of poor reputation that no sane admin uses because they'd cut off
most of the world from emailing them.
Another good shot is to search google groups for your IP, see if there's any
abuse reports on NANAE/NANAS
From there, it's not blacklists, but just looking for malformed garbage:
Looking at your mail headers, the only things that jump out at me are two bits:
Received: from mail2.CANAL4 (18.104.22.168.static.netgate.com.uy
one, your reverse dns: 22.214.171.124.static.netgate.com.uy is fairly generic
and IP based.. a lot of sites will filter such mail, assuming that any
legitimate mailserver will have its reverse dns set to something like
mail.montecarlotv.com.uy. Contact your ISP and ask them to update the PTR
records for that IP address.
The other part is your HELO is mail2.CANAL4. That really should be a valid
hostname. It's technically not against the RFC's to spew garbage here, but it
does show poor server administration, and some misguided sites seem to think
HELO must be a valid hostname and filter such things (the RFC's merely say
SHOULD, not MUST). You might want to fix the hostname your mailserver thinks of
More information about the MailScanner