fbpx

A Tale of Monitoring DNS Blacklists

For George, the clean-up is just beginning. He is not even yet aware that his domain is blacklisted. All he knows is that he can't send out additional emails, the update email on the company party that evening is now a fire-drill, and his boss is giving the system administrator and him the stink eye. The problem of not knowing for hours that your site has appeared on a DNS Blacklist (DNSBL) and that email—and, even worse, potentially website visitors—are being rejected is a problem with both primary impacts and multiple secondary impacts.

Prologue:

DNS Blacklist Jail
Have you been hauled off to DNS Blacklist jail without even knowing it?

It’s a Tuesday afternoon in Seattle and George’s finger hovers over the “Launch” button, his flannel shirt and short beard a  reflection on his desktop screen opened to the application that blasts his company’s email. Mouse…click.

Act I: Bowling Scores and Spam

Within seconds thousands of George’s finely-crafted emails are inviting  prospects to a big “spring fling” sales event for his company’s custom coffee filters. A few recipients of George’s email at a loose-tea company a few blocks away decide to report the ‘invite email” as spam. (Last week George’s bowling team beat their bowling team in a tournament and George scored the winning score, 115, in the final frame.)  Its all in good fun, they even send an email care of “One Strike George” telling George what they’re doing.

Click… the spam report is off to their ISP’s email administrator. Laughs and high fives all around. Their phone rings, its George, “Err, not cool,  wish you didn’t do that…”

Act II: The Long Day at the ISP

Its been a long day and Sandra, the ISPs email administrator, pulls off her black flats wiggles her toes into a pair of two-inch red high heels briefly scans the day’s “spam report” and forwards George’s email server’s IP to one of the domain name service black lists (DNSBL) as the she last thing she does before heading out for an evening of salsa lessons. The list of reported domain names is published almost immediately on the DNSBL’s website. By the time Sandra’s salsa lesson ends in a series of rapid “Copa” moves at 7:30 PM Pacific Time several other DNSBL have also picked up the “spamming” email server IP listing via automated feedback loops and include it, publicly, on their DNS blacklists located in Europe and North America. (Is your IP listed on a DNSBL? Free DNSBL Test.)

Act III: “Umm, is there a problem with email today?”

George sips at his corner coffee shop latte. Its Wednesday morning and he is staring at his email blast admin screen. A smaller email blast about a change in location for that evenings get-together with local current clients,  pre-scheduled for a late Tuesday night send,  returned an extremely high percentage of bounced emails. George sends a quick “We may have an issue” email to the owner of his custom coffee filter company. Then, George sends an IM to his system administrator, “Dude, problem with email server?”

At this point, George only knows he has a problem with his ability to send an email. He knows nothing about a growing number of DNSBLs located worldwide that are listing his IP as a “spammer”. The DNSBLs are often personal projects, volunteer-run operations, or side projects at larger organizations and each operates by its own set of traditions, feedback loop rules, country jurisdictions, personalities, relationships with spam listing software, and varying DNSBL delisting rules (or lack of delisting rules, in effect a lifetime listing), schedules, and required payments or “donations” for DNSBL delisting. What George will find out after he finds out he has a DNSBL problem is it will take days, perhaps weeks, of work to clean up the DNSBL issue.

Epilogue: Not knowing what you don’t know

For George, the clean-up is just beginning. He is not even yet aware that his domain is blacklisted.  All he knows is that he can’t send out additional emails, the update email on the company party that evening is now a fire-drill, and his boss is giving the system administrator and him the stink eye.  The problem of not knowing for hours that your site has appeared on a DNS Blacklist (DNSBL) and that email—and, even worse, potentially website visitors—are being rejected is a problem with both primary impacts and multiple secondary impacts.

Domain Name Server Blacklists ((aka DNS-based Blackhole Lists, DNSBL, DNS Blacklists, Blocklists,  Real-time Blackhole Lists (RBL), Blackhole List, BLs, Blackhole, or zones) are spam-blocking lists that allow a website administrator to block messages from specific systems that have a history of sending spam. Just about any person or organization that runs a mail server may be using a DNSBL. In fact, support for DNSBL processes have become a mandatory feature for many Internet mail server software systems.

There are several reasons an IP address might appear on a DNSBL, even if spam wasn’t involved. Each list has its own criteria, and some are very highly subjective. Reasons might include:

  • The IP address has been a source of spam and seemed at the time to belong to a spammer, open mail relay or open proxy
  • The IP address appeared to the DNSBL maintainer to be in a block of dynamically assigned addresses
  • The IP address is believed by the DNSBL maintainer to be in a block of addresses assigned at some level to a spammer or to an ISP who is not acting to disconnect spammers from their network.

Blacklist Monitoring Has to be Fast to be Effective

Blacklist monitoring of these DNSBL databases would have warned George, within minutes, after his IP was listed on a DNSBL. The blacklist monitoring has to be frequent—for example, every 15 minutes or faster—to be effective, otherwise a listing on one DNSBL can get shared with other DNSBLs.  If the blacklisted host name or IP is shared from one DNSBL with other DNSBL lists via a feedback loop, George’s work to contain the email blacklisting get more difficult. Much more difficult.

Furthermore, advanced alerts allow George to quickly to identify the root cause of the listing on Tuesday afternoon to begin to resolve the blacklist issues by contacting the affected DNSBL, immediately, to request removal. A DNSBL Monitoring solution automatically checks to see if an IP address is blacklisted against an index of major email blacklists, providing reports and immediate alerts if monitoring finds an IP address on any list.

As for George, his morning ritual of a relaxing cup-of-joe as he starts his workday, well, that won’t be happening for a while. He’ll be cleaning up the DNSBL mess and looking for a DNSBL monitoring free trial, so he can avoid this headache in the future.

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on email
Email
Share on print
Print