How to know if I'm blacklisted

Scott Silva ssilva at sgvwater.com
Wed Jan 16 17:35:28 GMT 2008 

on 1/16/2008 7:27 AM Matt Kettler spake the following:
> Juan Pablo Lorier wrote:
>> Hi everybody,
>>
>> I think that maybe our domain is blacklisted as spam because some 
>> people told us we are being filtered as spam. So the question is how 
>> do I find out where I'm listed as spam and how do I change this.
>> Thanks,
> 
> First, try to find out from those "some people" what filter they're 
> using, and if that filter provides any more results than just yes/no. 
> Tools like MailScanner provide a list of reasons why a message was 
> filtered, such as this:
> 
> X-EVI-MailScanner-SpamCheck: spam, SpamAssassin (score=35.787, required 5,
>     autolearn=spam, BAYES_99 3.50, DCC_CHECK 1.50, DIGEST_MULTIPLE 0.77,
>     HELO_DYNAMIC_DHCP 3.07, HELO_DYNAMIC_IPADDR 4.20,
>     INFO_GREYLIST_DELAYED 0.40, NO_REAL_NAME 0.96,
>     RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E8_51_100 1.50,
>     RAZOR2_CHECK 0.50, RCVD_IN_BL_SPAMCOP_NET 1.56, RCVD_IN_PBL 0.00,
>     RCVD_IN_SORBS_DUL 2.05, RCVD_IN_XBL 3.90, SURBL_MULTI1 -0.50,
>     SURBL_MULTI2 -0.20, URIBL_BLACK 1.50, URIBL_BLACK_OVERLAP -1.00,
>     URIBL_JP_SURBL 4.09, URIBL_OB_SURBL 3.01, URIBL_SC_SURBL 4.50)
> 
> 
> 
> If they're no help, then you'll have to start digging on your own.
> 
> Most blacklists don't work on domains, they work on IP addresses. So, 
> punch your mailserver's IP into an RBL checker, like this one:
> http://openrbl.org/client/
> 
> Assuming this message was sent from your normal mailserver, that's 
> 200.40.139.178, which isn't blacklisted anywhere I can tell.
> 
> You can also hit the "host" button at the same RBL lookup site, and 
> enter your mailserver's hostname: 178.139.40.200.static.netgate.com.uy
> 
> All of .uy is blacklisted by rfc-ignorant.org for failing to follow 
> proper whois standards. However, I doubt many sites trust RFCI 
> sufficiently to filter mail on it alone. mis-registered domains are so 
> common you'd end up blocking the world. For example, all of yahoo.com is 
> also listed in RFCI for the same reason.
> 
> It's also listed in APEWS, but APEWS isn't credible as a blacklist. 
> Nobody in their right mind would be using it for mail filtering. As best 
> I can tell over half the IP addresses in use globally are listed in 
> APEWS, and their list management is horrid. Even the quite rabid and 
> false-positive prone uceprotect.net stopped hosting a mirror of it.
> 
> So, neither of those are likely your problem, as both are 
> high-false-positive blacklists of poor reputation that no sane admin 
> uses because they'd cut off most of the world from emailing them.
> 
> Another good shot is to search google groups for your IP, see if there's 
> any abuse reports on NANAE/NANAS
> 
> http://groups.google.com/groups/search?hl=en&q=200.40.139.178&qt_s=Search+Groups 
> 
> 
> nothing there..
> 
>  From there, it's not blacklists, but just looking for malformed garbage:
> 
> Looking at your mail headers, the only things that jump out at me are 
> two bits:
> 
> Received: from mail2.CANAL4 (178.139.40.200.static.netgate.com.uy
>     [200.40.139.178])
> 
> one, your reverse dns: 178.139.40.200.static.netgate.com.uy is fairly 
> generic and IP based.. a lot of sites will filter such mail, assuming 
> that any legitimate mailserver will have its reverse dns set to 
> something like mail.montecarlotv.com.uy. Contact your ISP and ask them 
> to update the PTR records for that IP address.
> 
> The other part is your HELO is mail2.CANAL4. That really should be a 
> valid hostname. It's technically not against the RFC's to spew garbage 
> here, but it does show poor server administration, and some misguided 
> sites seem to think HELO must be a valid hostname and filter such things 
> (the RFC's merely say SHOULD, not MUST). You might want to fix the 
> hostname your mailserver thinks of itself as.
> 
> 
> 
He also hits in uceprotect level 3, but it is his ISP that makes that happen.
Administracion Nacional de Telecomunicaciones is a safe haven to a lot of abusers.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080116/6e1b87c1/signature.bin

More information about the MailScanner mailing list