North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: [ifl.net #3657] Contact at: DNSRBL / Namesystems

  • From: listuser
  • Date: Tue May 27 12:41:42 2003

On Tue, 27 May 2003, Mark Vevers wrote:

> Justin,
> 
> On Tuesday 27 May 2003 16:51, listuser@numbnuts.net wrote:
> > I've checked all 3 MXs listed for vevers.net and none of them are listed
> > in any DNSBLs I can see, including dnsrbl.net.
> I work for an ISP - we have a number of mail exchangers - my domain is not
> on the affected server .... and the particular server (194.238.48.13) is
> still listed.

Well, I've done some digging.  I don't see any record of spam from that IP 
but I do see a piece of spam from a machine in that netblock in December.  
It would be nice if this DNSBL site would tell you why it was listed or at 
least provide the message(s) that got a given IP listed.

> > I hate to ask the obvious but did you follow the instructions for removal
> > on this page?    http://www.dnsrbl.net/getremoved.html
> Of course  ....  twice.  
> 
> Anyone on the list care to comment on the most effective way to get their
> mailservers taken off unresponsive RBL's? (other than not let them be on there 
> in the first place).  We think we know how this one happened but it would be
> nice to know so that we can be sure we've plugged the hole -

Typically good DNSBLs are quick to respond as long as the requesters work 
with them to resolve the issue.  It sounds like you have and that 
dnsrbl.net is just unresponsive.  I agree with another poster, ask NANAE 
for help (news.admin.net-abuse.email).  Just remember, we anti-spammers 
are a sensitive breed but we're more than happy to work with providers as 
long as they are willing to work with us.  Just state the facts and tell 
them that you can't get a response from dnsrbl.net by following the 
procedures on their website.  That should do it.  Oh, and provide the IP 
in question up front so they can check to see if it has a history.  That 
might speed things along.

> we were never
> even informed that the server and had been listed in the first place - we
> found out the hard way.

If I was running a DNSBL I wouldn't tell you I listed you either.  It's 
not their job to tell you.  They are stating their opinion about an IP.  
They don't have to tell you when they form or change their opinion about 
that IP.  If you don't want them to state an opinion about your IP, make 
sure it never does anything that they might wish to state an opinion 
about.

> I do think that RBL's operators ought to at least
> respond to legitimate attempts to clear up issue.

I agree.  They should be responsive.  Ideally they'd provide an automated 
method of removal.  That would really only work for misconfigured 
machines (open relays/proxies/SOCKS boxes, etc..) that can easily be 
retested to confirm they are fixed.  Given how that DNSBL works, I take it 
that a piece of mail from that MX hit one of their honeypots and caused 
the listing.  Whether that piece of mail was spam, an infected message, or 
what relies on when the dnsrbl.net start answering their mail.

Best of luck
 Justin