Mail Server IP -- Blacklisted (I think) Help!

[Deejay Dan]

Here is the deal, I run a VPS for one of my forums, I use mail washer on my computer and every time I receive an email from my site (vBulletin Notices) Mailwasher marks it as origin blacklisted. Now it's not on my personal black list. I know mailwasher checks the sending IP against a couple of spam services (Spam cop, etc)

My problem is I don't know how I got blacklisted the only things that send email from that server are two vBulletin boards and everything is opt in.

How do I got about finding out what service marked my IP as a spam haven? Plus, how would I got about fixing it?

Thanks,
Dan

[photocrats.com]

Serious problem. If you have doubt about ip blacklisted, I suggest to move to a new server.

[Richie_Ni]

Try this:http://www.mxtoolbox.com/blacklists.aspx

[charlesgan]

Quote:

Originally Posted by Deejay Dan

Here is the deal, I run a VPS for one of my forums, I use mail washer on my computer and every time I receive an email from my site (vBulletin Notices) Mailwasher marks it as origin blacklisted. Now it's not on my personal black list. I know mailwasher checks the sending IP against a couple of spam services (Spam cop, etc)

My problem is I don't know how I got blacklisted the only things that send email from that server are two vBulletin boards and everything is opt in.

How do I got about finding out what service marked my IP as a spam haven? Plus, how would I got about fixing it?

Thanks,
Dan

any shared IP hosting is exposed to this problem. the way to escape from this is to get a dedicated IP address for your website.

[damien_ls]

Quote:

Originally Posted by charlesgan

any shared IP hosting is exposed to this problem. the way to escape from this is to get a dedicated IP address for your website.

Clearly he already has a dedicated IP address since he stated that he's using a VPS...

Assuming that you're using commercial / mature forum software I doubt that they contain insecure email scripts etc.

Richie_Ni's link should help identify which blacklists have you listed. Some of those blacklist providers will give you access to sample emails (or headers) so that you can figure out where the email originated from (i.e. which script etc.).

Obviously make sure that your mail server isn't running as an open relay, and beyond that your hosting provider should be able to help you identify the source of spam by reviewing logs etc.

[damien_ls]

Quote:

Originally Posted by photocrats.com

Serious problem. If you have doubt about ip blacklisted, I suggest to move to a new server.

Also this isn't the solution - moving server due to a blacklisted IP (particularly when you're the only user of that IP) won't solve anything - you'll just move to another IP which will get blacklisted because you're hosting the same insecure script on it (for example).

In order to prevent re-blacklisting in future you need to locate the cause and stop the spam.

[hadrick]

Look here:
http://www.spamcop.com

If your ip is listed there then you are blacklist. It is really better to change the IP if it gets blacklisted. Cause it will give more pain if you fail to resolve it and your service is interelated with it like hosting or email service.

Regards

[damien_ls]

Quote:

Originally Posted by hadrick

Look here:
http://www.spamcop.com

If your ip is listed there then you are blacklist.

Yep - if you're listed there then you're on spamcop's blacklist - but there are many more too... if you're not blacklisted there then it doesn't mean that you're fine. You should check as many "popular" blacklists as possible, because if you're on any then it's a potential sign of a problem, which is why the link given above (by Richie_Ni) is so useful.

Quote:

Originally Posted by hadrick

It is really better to change the IP if it gets blacklisted. Cause it will give more pain if you fail to resolve it and your service is interelated with it like hosting or email service.

Pretty much the only thing affected by blacklisted IPs is "email service" - what else are you thinking of which is "interelated" with it?

As I said above - if you change IP without sorting the problem out then you will find that the problem follows you anyway, so absolutely nothing gained (also worth mentioning that other things such as hostname, domain name etc. may become blacklisted instead/as well, so changing IP may not achieve anything at all).

If you solve the problem, and don't change IP, most blacklists will remove you after a period of inactivity (i.e. after spam reports stop) and/or upon request. Therefore you can be de-blacklisted quite quickly, and changing IP shouldn't be necessary.

In this case, because the IP you're using could only have become blacklisted through your own activities (e.g. an insecure script or mail relay on your VPS etc.) then it is most likely that all of the above applies.

If it were a shared hosting scenario, where the actions (or lack) of other users may have caused the IP that you use to become blacklisted then you may have more reason to move IP / host etc. However, even in this situation providing that the hosting provider deals with the issue promptly then the impact to your service should be minimal.

[Deejay Dan]

Thank you everyone. I ran my IP through the MXtoolbox site. Everything came back as okay (green) except for a few that timed out, which isn't my problem.

As I said before, I'm on my own VPS with 4 dedicated IPs. The only thing that's sending mail off my server is two vBulletin boards. Neither I nor anyone who has accounts on my server are using it's STMP.

My main concern is email notices getting lost. I realize the black list has nothing to do with the internet but I don't spam, I cannot understand how I would get on a black list.

I should note, AOL black listed me for a brief period, I hymn and hawed with them and got unblacklisted.

I guess my main problem is I just don't get it, the only thing sending mail is vBulletin everything is opt in and email notice control is in the users hands.

[damien_ls]

Just because an email is opt-in doesn't mean that users don't / won't click 'report spam' in their email/webmail client etc. without realizing the impact this has.

Sometimes there isn't much that you can do about being blacklisted through mis-understanding of end users. All I can suggest is that you make it easier / clearer for them to stop the emails, and perhaps put some notice in them explaining how they can do it etc.

What made you think that your IPs were blacklisted in the first place? AOL are quite picky and may not accept emails for many reasons (spam is just one), and if you're clean on the other blacklists then...?

Also, with regards to AOL you may want to setup a feedback loop with them if not already done.

[fishfreek]

Some filtering systems have been looking at reverse DNS also on the IP of the sending server. If there is no reverse dns lookup entry then it gets a negitive score that could put it into the spam flag.

Have you looked at the headers of the message after its been processed if thats even possible as Im not fimular with the software you mentioned. If you can see the full headers of a processed message you might get an indication as to why it got blacklisted or blocked as spam.

[Dongle]

Hi all, first of all forgive my ignorance as I'm not a web developer or techie.

I've just noticed that my site, which is hosted on a shared server, but with it's own dedicated IP and SSL, is showing as blacklisted (using the link above) on a number of the SORBS prefixed blacklists.

How does this blacklisting affect my site? Is it only blacklisting from emails (presumably that use the "SORBS" blacklist as a filter?? Or does it go further than that and cause a problem with search engine placement?

Richard (Dongle)

[HV | Tracy]

I know this is kind of an old post, but fishfreek is correct. Make sure proper reverse dns is setup.

Also, if you forward your mail to some of the big providers, and they see spam, they think the forwarding server is sending spam.

Also take some time to sit and look at your mail logs... I know, not very exciting stuff but you can learn a lot about what is going on.

Last week, I had 5 domains registered at directNIC and using directNIC's dns servers. The domains IP's were pointed to my servers, thus looking like they were hosted by me... never were. I alerted directNIC and within a week of no response from the spammers, directnic suspended the domains (they had another term for it... I forgot what it was though).

Problem solved.

Why emails get tagged as spam now days can be a mystery sometimes. Watching mail logs can give you a peek into what is going on.

Dongle, I don't think you have anything to worry about regarding search placement.

[damien_ls]

Quote:

Originally Posted by HV | Tracy

Last week, I had 5 domains registered at directNIC and using directNIC's dns servers. The domains IP's were pointed to my servers, thus looking like they were hosted by me... never were. I alerted directNIC and within a week of no response from the spammers, directnic suspended the domains (they had another term for it... I forgot what it was though).

Interesting... How did you find out about the 5 domains pointed to your servers? Blacklist "evidence" or something like that?

Quote:

Originally Posted by Dongle

I've just noticed that my site, which is hosted on a shared server, but with it's own dedicated IP and SSL, is showing as blacklisted (using the link above) on a number of the SORBS prefixed blacklists.

Is your dedicated IP blacklisted, or the mail server IP? These shouldn't be the same IP...

These blacklists are typically only used as part of a spam filtering solution, and therefore you're likely to experience problems getting emails from your mail server to a lot of people (which may be a big problem if you're running an ecommerce site on there).

I'm not aware of these blacklists being used for any other purposes such as impacting SEO or network filtering (e.g. blocking your website). I think search engines do drop sites based on certain IPs from their listings, but that's based on other information/activity and won't be based on a publically available blacklist like this.

[HV | Tracy]

Quote:

Originally Posted by damien_ls

Interesting... How did you find out about the 5 domains pointed to your servers? Blacklist "evidence" or something like that?

I saw an email that came through but was bounced and it had a weird log entry like "lowest mx points to something (I forgot what).

So I figured out that that domain was not hosted by me. I did some dig'ing around and figured out what was going on.

Then I did tail -f /var/log/exim_mainlog | grep lowest and found the others. I would just leave a terminal open and let it run for a few hours.

[Dongle]

Aahh right, so it should only affect outbound email then.

The site is very much in it's infancy, but it's full ecommerce, secure server, merchant facilities etc.

So what's the best way to ensure that legitimate registered customers get the email they've requested (be it monthy newsletter or order confirmations)?

[HV | Tracy]

Move hosts

If they are constantly in RBL's. You need to change hosts.

[Dongle]

Since I inititially responded to this message on 13/06/07, I have actually moved hosts. It was convenient, as I spotted another problem, in that Google wasn't recognising my site as a UK site - so I moved to UK servers!!

I'm not planning on doing anything naughty, but what would it take for a clean server to be blacklisted? I'm hoping to send out a monthly promotional email to subscribed customers. There aren't any tricks involved, no buying of lists, no pre-ticked newsletter options - just a big banner saying "Click here to received our monthly special offer email" - so people have to physically click on something of their own accord and enter their email address to subscrube themselves.

Do people have to manually go and report spam to these spamcop type websites for a server to be blacklisted? So by keeping strictly to people who have registered their interest, everything should be hunky dory?

What if one person decides they don't want to receive a promotional email anymore and decides to report an email as spam instead of just unsubscribing (unlikely - but possible)? Is one report all it takes, or do you need to be reported by 2-3 different people for it to cause a problem.

I'd like to make sure I'm 100% clued up on all of this!!

[Dongle]

Quote:

Originally Posted by HV | Tracy

Move hosts

If they are constantly in RBL's. You need to change hosts.

Got me thinking - as you say "constantly", does this mean that servers are blacklisted for a period of time, and not forever.

[HV | Tracy]

Lets put it this way. If they get their IP's blacklisted enough to where I could not conduct normal day to day operations. I would move.

As cheap as hosting is and as easy as it is to move, I would not sit around long enough to loose business by have my legitimate emails band.