On Tue, 27 May 2003, Mark Vevers wrote:
Justin,
On Tuesday 27 May 2003 16:51, listuser@numbnuts.net wrote:
I've checked all 3 MXs listed for vevers.net and none of them are listed in any DNSBLs I can see, including dnsrbl.net. I work for an ISP - we have a number of mail exchangers - my domain is not on the affected server .... and the particular server (194.238.48.13) is still listed.
Well, I've done some digging. I don't see any record of spam from that IP but I do see a piece of spam from a machine in that netblock in December. It would be nice if this DNSBL site would tell you why it was listed or at least provide the message(s) that got a given IP listed.
I hate to ask the obvious but did you follow the instructions for removal on this page? http://www.dnsrbl.net/getremoved.html Of course .... twice.
Anyone on the list care to comment on the most effective way to get their mailservers taken off unresponsive RBL's? (other than not let them be on there in the first place). We think we know how this one happened but it would be nice to know so that we can be sure we've plugged the hole -
Typically good DNSBLs are quick to respond as long as the requesters work with them to resolve the issue. It sounds like you have and that dnsrbl.net is just unresponsive. I agree with another poster, ask NANAE for help (news.admin.net-abuse.email). Just remember, we anti-spammers are a sensitive breed but we're more than happy to work with providers as long as they are willing to work with us. Just state the facts and tell them that you can't get a response from dnsrbl.net by following the procedures on their website. That should do it. Oh, and provide the IP in question up front so they can check to see if it has a history. That might speed things along.
we were never even informed that the server and had been listed in the first place - we found out the hard way.
If I was running a DNSBL I wouldn't tell you I listed you either. It's not their job to tell you. They are stating their opinion about an IP. They don't have to tell you when they form or change their opinion about that IP. If you don't want them to state an opinion about your IP, make sure it never does anything that they might wish to state an opinion about.
I do think that RBL's operators ought to at least respond to legitimate attempts to clear up issue.
I agree. They should be responsive. Ideally they'd provide an automated method of removal. That would really only work for misconfigured machines (open relays/proxies/SOCKS boxes, etc..) that can easily be retested to confirm they are fixed. Given how that DNSBL works, I take it that a piece of mail from that MX hit one of their honeypots and caused the listing. Whether that piece of mail was spam, an infected message, or what relies on when the dnsrbl.net start answering their mail. Best of luck Justin