How to know if I'm blacklisted

Scott Silva ssilva at
Wed Jan 16 17:35:28 GMT 2008

on 1/16/2008 7:27 AM Matt Kettler spake the following:
> Juan Pablo Lorier wrote:
>> Hi everybody,
>> I think that maybe our domain is blacklisted as spam because some 
>> people told us we are being filtered as spam. So the question is how 
>> do I find out where I'm listed as spam and how do I change this.
>> Thanks,
> First, try to find out from those "some people" what filter they're 
> using, and if that filter provides any more results than just yes/no. 
> Tools like MailScanner provide a list of reasons why a message was 
> filtered, such as this:
> X-EVI-MailScanner-SpamCheck: spam, SpamAssassin (score=35.787, required 5,
>     autolearn=spam, BAYES_99 3.50, DCC_CHECK 1.50, DIGEST_MULTIPLE 0.77,
>     RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E8_51_100 1.50,
>     RCVD_IN_SORBS_DUL 2.05, RCVD_IN_XBL 3.90, SURBL_MULTI1 -0.50,
> If they're no help, then you'll have to start digging on your own.
> Most blacklists don't work on domains, they work on IP addresses. So, 
> punch your mailserver's IP into an RBL checker, like this one:
> Assuming this message was sent from your normal mailserver, that's 
>, which isn't blacklisted anywhere I can tell.
> You can also hit the "host" button at the same RBL lookup site, and 
> enter your mailserver's hostname:
> All of .uy is blacklisted by for failing to follow 
> proper whois standards. However, I doubt many sites trust RFCI 
> sufficiently to filter mail on it alone. mis-registered domains are so 
> common you'd end up blocking the world. For example, all of is 
> also listed in RFCI for the same reason.
> It's also listed in APEWS, but APEWS isn't credible as a blacklist. 
> Nobody in their right mind would be using it for mail filtering. As best 
> I can tell over half the IP addresses in use globally are listed in 
> APEWS, and their list management is horrid. Even the quite rabid and 
> false-positive prone stopped hosting a mirror of it.
> So, neither of those are likely your problem, as both are 
> high-false-positive blacklists of poor reputation that no sane admin 
> uses because they'd cut off most of the world from emailing them.
> Another good shot is to search google groups for your IP, see if there's 
> any abuse reports on NANAE/NANAS
> nothing there..
>  From there, it's not blacklists, but just looking for malformed garbage:
> Looking at your mail headers, the only things that jump out at me are 
> two bits:
> Received: from mail2.CANAL4 (
>     [])
> one, your reverse dns: is fairly 
> generic and IP based.. a lot of sites will filter such mail, assuming 
> that any legitimate mailserver will have its reverse dns set to 
> something like Contact your ISP and ask them 
> to update the PTR records for that IP address.
> The other part is your HELO is mail2.CANAL4. That really should be a 
> valid hostname. It's technically not against the RFC's to spew garbage 
> here, but it does show poor server administration, and some misguided 
> sites seem to think HELO must be a valid hostname and filter such things 
> (the RFC's merely say SHOULD, not MUST). You might want to fix the 
> hostname your mailserver thinks of itself as.
He also hits in uceprotect level 3, but it is his ISP that makes that happen.
Administracion Nacional de Telecomunicaciones is a safe haven to a lot of abusers.

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: OpenPGP digital signature
Url :

More information about the MailScanner mailing list