 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Forum / Security / Internet Explorer Security / September 2008Spam Blacklist
Can someone tell the reasons why your IP gets on the RBL Blacklist?... mine is in the Suspicious (1) category with threat level 4, it says "last malicious activity 64 days ago"... Is there a website where I can look up what my suposed "malicious activity" was about?.... Can a spyware or trojan cause this?, or considering I have a cable intrnet provider and my IP changes from day to day, so if the IP number assigned to me today was used by someone else 64 days ago be an explanation?.. does that make sense? Thanks in advance. The site that maintains the DNSBL usually has a means of seeing the report against an IP that it has in its list. You didn't mention WHOSE blacklist had your IP address listed. > Can someone tell the reasons why your IP gets on the RBL Blacklist?... > mine [quoted text clipped - 10 lines] > does > that make sense? Thanks for responding... my ip is blacklisted by the following: http://whatismyipaddress.com/staticpages/index.php/is-my-ip-address-blacklisted Is my IP address blacklisted? sorbs.dnsbl.net.au dnsbl.sorbs.net dul.dnsbl.sorbs.net no-more-funn.moensted.dk zen.spamhaus.org I read your response and checked again by http://www.who.is/whois-148/ip-address/000.000.000.000 and it says I'm located at Montevideo Uruguay!!.. not so, I am in México. This is what I got from an IP traceback. Registry Whois OrgName: Latin American and Caribbean IP address Regional Registry OrgID: LACNIC Address: Rambla Republica de Mexico 6125 City: Montevideo StateProv: PostalCode: 12340 Country: UY (Uruguay) Later did a more complete check into the problem and found this explanation from one DNSBL Quote: THE PBL IS NOT A BLACKLIST. You are not blacklisted for spamming or for anything you have done. The PBL is simply a list of ALL of the world's end-user broadband IP space, i.e: IP space normally assigned to broadband/ADSL customers. It is perfectly normal for dynamic IP addresses (DSL, DHCP, cable, dialup) to be listed on the PBL. In fact all IP addresses in the world which are not designated mail server machines *should be* on the PBL. The PBL does not prevent you sending email unless your email program is not authenticating properly when it connects to your ISP or company's mail server. This can happen if you have forgotten to turn on 'Authentication' in your 'outgoing mail' account settings, or if the username/password your email program is giving to your outgoing mail server is wrong. If you are using a normal email program, such as Outlook, Entourage, Thunderbird, Apple Mail, and you are being blocked by a Spamhaus PBL listing when you try to send email, the reason is simply that YOU NEED TO TURN ON 'SMTP AUTHENTICATION' in your email program's account settings. See: How do I turn on SMTP Authentication? Unquote http://www.spamhaus.org/faq/answers.lasso?section=Generic%20Questions#197 So I guess that explains it. Thanks for your help & interest. ---------------------------- > The site that maintains the DNSBL usually has a means of seeing the report > against an IP that it has in its list. You didn't mention WHOSE blacklist [quoted text clipped - 12 lines] >> me today was used by someone else 64 days ago be an explanation?.. does >> that make sense? > Thanks for responding... my ip is blacklisted by the following: > http://whatismyipaddress.com/staticpages/index.php/is-my-ip-address-blacklisted > > Is my IP address blacklisted? > sorbs.dnsbl.net.au Probably the same blacklists as the SORBS list below but a mirror. Don't see why that site tries to double up on a hit list by including a blacklist more than once. > dnsbl.sorbs.net SORBS is a very slow list to update their records. When my IP address expired and got changed (because it is dynamic), I got stuck with a new IP address that had previously been identified by SORBS. They responded in 1 day and after 3 days total they had deleted that record. But that record was over 3 months old! When I asked them, they said that they sometimes have to manually run a purge on old records and they do that every 3 months (they were a little late this time). Obviously any record about a spam source that is 3 months old is worthless. The spammer isn't there anymore. SpamHaus and SpamCop delete their records in 1 to 3 days unless it gets tickled again by more spam whereupon the expiration gets longer. > dul.dnsbl.sorbs.net Almost every user will be in that list. DUL = Dynamic User List. This is a list of IP addresses that are dynamically assigned. The vast majority of users get dynamically assigned IP addresses. It should not be used against the source IP of e-mail. It should be used against the sending mail host. Infected hosts running mailer trojans will have dynamic IP addresses, so checking if the sending mail host has a dynamic IP address is one way of detecting spam. But, again, it shouldn't test against the sender's own IP address since almost all will match in this DUL list. > no-more-funn.moensted.dk This is some person's private blacklist or maybe one that some one company compiles for their own use. They often allow public access to these blacklists because their ego condemns them into thinking that if all their effort helped to eliminate spam for them then it will help others. These private lists made public are nowhere near the same level of professionalism and authority as are, for example, SpamHaus and SpamCop. There are a lot of these private but publicly accessible blacklists which are of really no value other than to the person or company that compiled that list. That web site has some info about the various blacklists they show on their web page. If you read that information by clicking on the link: http://whatismyipaddress.com/staticpages/index.php/dnsbl-details?dnsbl=no-more-f unn.moensted.dk you'll see that, yep, it's just another joker who thinks his blacklist is so important that he feels compelled to make it public. SpamHaus and SpamCop are like professional cabinetry makers. This no-more-fun blacklist is like your kid coming home from shop class with his birdhouse project. The no-more-fun blacklist gets its IP address for news.admin.net-abuse.email. If you ever visited the NANAE newsgroups, I'm not sure that you would agree that is the best place from which to compile a blacklist. From the description of this blacklist at http://www.moensted.dk/spam/no-more-funn/, it appears it yet another one that rolls in a DUL blacklist. > zen.spamhaus.org Again, this is a DUL list. The zen blacklist is a composite of SpamHaus' SBL, XBL, and PBL blacklists. Their PBL blacklist is a list of dynamic IP addresses. So almost every user will match against this list because almost every user gets assigned a dynamic IP address. If these DULs (SORBS or SpamHaus) are used, they must NOT be used against the sender's IP address, only against the sending mail host's IP address. Getting an e-mail from a *mail server* that is using a dynamic IP address is a red flag that it is probably spam. Legitimate (non-spam) e-mails originate from mail hosts with static IP addresses. Some users like to run their own mail server but often that violates the TOS for their ISP and it gets their e-mails red-flagged. If they want to run their own mail server, they should pay the extra cost of getting a static IP address. > I read your response and checked again by > http://www.who.is/whois-148/ip-address/000.000.000.000 and it says I'm > located at Montevideo Uruguay!!.. not so, I am in México. I had to assume your IP address for your posts here (201.160.220.148) is the same one from which you send e-mail. I used http://www.liveipmap.com. It says your ISP (not you specifically) is in Tijuana, MX. When I used the www.who.is site (never used them before), what it reports when I enter your IP address is the regional ICANN authority for that global region. They decide who can be local registrars within that region. They are not you. They are not your ISP. Google on ICANN if you want to find out who they are. They are at the top of the chain for IP allocation. You are at the bottom of the chain with your ISP one step above. Using other IP lookup services and using the only IP address that I know for you from your posts: owner: CABLEMAS TELECOMUNICACIONES (TIJUANA) ownerid: MX-CTTI-LACNIC responsible: Cablemas Telecomunicaciones (Tijuana) address: BLVD CUAUHTEMOC SUR PONIENTE COL. DAVILA, 2717, address: 22400 - TIJUANA - BC country: MX phone: +52 664 2901180 [] |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.