I did finally reach someone at realtimeblacklist.com. They've just today shut down the bogus DNS RBL and said they realize now it was a terrible idea. They read and now understand the RBL RFC and promised not to do it again. I appreciate them taking the time to respond, and hopefully they'll also improve their communication channels (such as putting meaningful contact info in their WhoIs. It's ironic that an anti-spam operator, of all people, would hide this info!) -mel
On Jan 2, 2018, at 2:04 PM, Alexander Maassen <outsider@scarynet.org> wrote:
As the message said, they use this to force mx admins to remove their entry to stop hammering. I remember other lists did the same. Contact the remote mx admin in order to get this fixed.
Op 2 jan. 2018 om 17:57 heeft Dann Schuler <DannSchuler@hotmail.com> het volgende geschreven:
We had a Charter IP address we don’t actually send email from (it is a backup line that would only send mail if our primary line was down) Blacklisted by these guys at 10:50am EST on 1/1/18, then removed at 3:34pm EST on 1/1/18.
MXToolBox alerted us to it, I ran a manual check on their portal, which is supposed to be http://iprange.net/rbl/lookup/ but redirects to https://realtimeblacklist.com/lookup/ and it came back not listed. Since it was a line I knew we were not mailing from anyways I figured I would just deal with it in the morning, but it had cleared itself up by then.
First time I had ever even heard of this one.
Good luck!
-----Original Message----- From: NANOG [mailto:nanog-bounces+dannschuler=hotmail.com@nanog.org] On Behalf Of Mel Beckman Sent: Tuesday, January 2, 2018 11:46 AM To: nanog@nanog.org Subject: Anyone else blacklisted this morning by rbl.iprange.net?
I woke up this morning to a barrage of complaints from users that our mail servers' outbound emails are bouncing due to a blacklisting. Sure enough, mxtoolbox.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmxtoolbox.com&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=Bdwc8tlrQa0NnUQfeTlsM%2BNSzL5fqQi8yDUBoP2tSw8%3D&reserved=0> reports that rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0> has blacklisted us for more than a day. However, looking up our address on the rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0> lookup webpage shows we're NOT listed. But a check of the RBL's DNS shows that we are. Then I found this on the rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0> owner's website ():
"rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0> (is offline since 01-01-2018) please replace it with rbl.realtimeblacklist.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.realtimeblacklist.com&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=ClOK3bagRxJ2%2BS%2BJMfr2PuNNdzJcfC6cHDRdrOhqohM%3D&reserved=0> rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0> will mark every ip address as listed to force removal of this server."
What the heck? I've tried contacting realtimeblacklisk.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frealtimeblacklisk.com&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=vCuDN2O4BvqZ9CZMiybGz63jRafY9zO%2FR%2F3skxVeKTo%3D&reserved=0>, but they're in the Netherlands and apparently fast asleep (in more ways than one, it seems).
-mel beckman