How to know if I'm blacklisted

Matt Kettler mkettler at evi-inc.com
Wed Jan 16 15:27:59 GMT 2008 

Juan Pablo Lorier wrote:
> Hi everybody,
> 
> I think that maybe our domain is blacklisted as spam because some people 
> told us we are being filtered as spam. So the question is how do I find 
> out where I'm listed as spam and how do I change this.
> Thanks,

First, try to find out from those "some people" what filter they're using, and 
if that filter provides any more results than just yes/no. Tools like 
MailScanner provide a list of reasons why a message was filtered, such as this:

X-EVI-MailScanner-SpamCheck: spam, SpamAssassin (score=35.787, required 5,
	autolearn=spam, BAYES_99 3.50, DCC_CHECK 1.50, DIGEST_MULTIPLE 0.77,
	HELO_DYNAMIC_DHCP 3.07, HELO_DYNAMIC_IPADDR 4.20,
	INFO_GREYLIST_DELAYED 0.40, NO_REAL_NAME 0.96,
	RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E8_51_100 1.50,
	RAZOR2_CHECK 0.50, RCVD_IN_BL_SPAMCOP_NET 1.56, RCVD_IN_PBL 0.00,
	RCVD_IN_SORBS_DUL 2.05, RCVD_IN_XBL 3.90, SURBL_MULTI1 -0.50,
	SURBL_MULTI2 -0.20, URIBL_BLACK 1.50, URIBL_BLACK_OVERLAP -1.00,
	URIBL_JP_SURBL 4.09, URIBL_OB_SURBL 3.01, URIBL_SC_SURBL 4.50)



If they're no help, then you'll have to start digging on your own.

Most blacklists don't work on domains, they work on IP addresses. So, punch your 
mailserver's IP into an RBL checker, like this one:
http://openrbl.org/client/

Assuming this message was sent from your normal mailserver, that's 
200.40.139.178, which isn't blacklisted anywhere I can tell.

You can also hit the "host" button at the same RBL lookup site, and enter your 
mailserver's hostname: 178.139.40.200.static.netgate.com.uy

All of .uy is blacklisted by rfc-ignorant.org for failing to follow proper whois 
standards. However, I doubt many sites trust RFCI sufficiently to filter mail on 
it alone. mis-registered domains are so common you'd end up blocking the world. 
For example, all of yahoo.com is also listed in RFCI for the same reason.

It's also listed in APEWS, but APEWS isn't credible as a blacklist. Nobody in 
their right mind would be using it for mail filtering. As best I can tell over 
half the IP addresses in use globally are listed in APEWS, and their list 
management is horrid. Even the quite rabid and false-positive prone 
uceprotect.net stopped hosting a mirror of it.

So, neither of those are likely your problem, as both are high-false-positive 
blacklists of poor reputation that no sane admin uses because they'd cut off 
most of the world from emailing them.

Another good shot is to search google groups for your IP, see if there's any 
abuse reports on NANAE/NANAS

http://groups.google.com/groups/search?hl=en&q=200.40.139.178&qt_s=Search+Groups

nothing there..

 From there, it's not blacklists, but just looking for malformed garbage:

Looking at your mail headers, the only things that jump out at me are two bits:

Received: from mail2.CANAL4 (178.139.40.200.static.netgate.com.uy
	[200.40.139.178])

one, your reverse dns: 178.139.40.200.static.netgate.com.uy is fairly generic 
and IP based.. a lot of sites will filter such mail, assuming that any 
legitimate mailserver will have its reverse dns set to something like 
mail.montecarlotv.com.uy. Contact your ISP and ask them to update the PTR 
records for that IP address.

The other part is your HELO is mail2.CANAL4. That really should be a valid 
hostname. It's technically not against the RFC's to spew garbage here, but it 
does show poor server administration, and some misguided sites seem to think 
HELO must be a valid hostname and filter such things (the RFC's merely say 
SHOULD, not MUST). You might want to fix the hostname your mailserver thinks of 
itself as.

More information about the MailScanner mailing list