[ifl.net #3657] Contact at: DNSRBL / Namesystems
listuser at numbnuts.net
listuser at numbnuts.net
Tue May 27 16:35:35 UTC 2003
On Tue, 27 May 2003, Mark Vevers wrote:
> Justin,
>
> On Tuesday 27 May 2003 16:51, listuser at numbnuts.net wrote:
> > I've checked all 3 MXs listed for vevers.net and none of them are listed
> > in any DNSBLs I can see, including dnsrbl.net.
> I work for an ISP - we have a number of mail exchangers - my domain is not
> on the affected server .... and the particular server (194.238.48.13) is
> still listed.
Well, I've done some digging. I don't see any record of spam from that IP
but I do see a piece of spam from a machine in that netblock in December.
It would be nice if this DNSBL site would tell you why it was listed or at
least provide the message(s) that got a given IP listed.
> > I hate to ask the obvious but did you follow the instructions for removal
> > on this page? http://www.dnsrbl.net/getremoved.html
> Of course .... twice.
>
> Anyone on the list care to comment on the most effective way to get their
> mailservers taken off unresponsive RBL's? (other than not let them be on there
> in the first place). We think we know how this one happened but it would be
> nice to know so that we can be sure we've plugged the hole -
Typically good DNSBLs are quick to respond as long as the requesters work
with them to resolve the issue. It sounds like you have and that
dnsrbl.net is just unresponsive. I agree with another poster, ask NANAE
for help (news.admin.net-abuse.email). Just remember, we anti-spammers
are a sensitive breed but we're more than happy to work with providers as
long as they are willing to work with us. Just state the facts and tell
them that you can't get a response from dnsrbl.net by following the
procedures on their website. That should do it. Oh, and provide the IP
in question up front so they can check to see if it has a history. That
might speed things along.
> we were never
> even informed that the server and had been listed in the first place - we
> found out the hard way.
If I was running a DNSBL I wouldn't tell you I listed you either. It's
not their job to tell you. They are stating their opinion about an IP.
They don't have to tell you when they form or change their opinion about
that IP. If you don't want them to state an opinion about your IP, make
sure it never does anything that they might wish to state an opinion
about.
> I do think that RBL's operators ought to at least
> respond to legitimate attempts to clear up issue.
I agree. They should be responsive. Ideally they'd provide an automated
method of removal. That would really only work for misconfigured
machines (open relays/proxies/SOCKS boxes, etc..) that can easily be
retested to confirm they are fixed. Given how that DNSBL works, I take it
that a piece of mail from that MX hit one of their honeypots and caused
the listing. Whether that piece of mail was spam, an infected message, or
what relies on when the dnsrbl.net start answering their mail.
Best of luck
Justin
More information about the NANOG
mailing list