Monitor Email Blacklists

[dgpadmin]

I have seen my shared server PLANET on various email blacklists about 6 times in the current year. I personally have started monitoring the most common blacklists myself for this server, but it sure would be nice (and not difficult) for WHB to monitor these lists directly, hopefully hourly.

dgp

[ralth]

I second that. It would be VERY helpful if WHB could catch that and resolve it quickly.

[Matt R.]

We do monitor them, but it's nigh on impossible to monitor all blacklists, all of the time.

We do have feedback looks setup for the most major ones. We deal with 20-30 abuse complaints per day and action this very quickly.... unfortunately the odd spammer does still slip through.

[Thomas T]

We do monitor them, but it's nigh on impossible to monitor all blacklists, all of the time.

It's easy to do with a simple PHP script and a cron job, at least to get the majority of the blacklists.

[aztech]

I use a website call MXtoolbox ( http://www.mxtoolbox.com/ ) for simple monitoring.

It is a mail server monitoring tool which is free if you want to monitor just one host (domain). Part of the monitoring includes monitoring of 115 blacklists. Alerts are sent via email.

And before anyone asks, I have no connection to the website.

Cheers,
Aaron

[Alan B]

We do monitor them, but it's nigh on impossible to monitor all blacklists, all of the time.

dnsstuff.com has a single test that queries dozens of blacklists for the server IP you specify. You could run that daily for each of your servers.

[JasonD]

You might want to force all blacklisted mail to a "Black-Hole" account, that can log the offender. Use a script to do a "Count" of offenders.

Black-lists die fast, (As most offenders, once blacklisted, die-off.)

Doing a count, can help you to keep a short list, to speed-up processing. No sense checking through a list of 100,000 blacklisted senders, when only 10,000 still exist. (The COUNT plus the DATE OF LAST FIND, would tell you which offenders to remove.)

Remember Black-lists are "Entire lists" of present and previous offenders.

Only makes sense to scan for ones that are offending here. (Notice, not all junk-mail comes from an exterior service. If your computer is infected, some of the mail in your box may not even be real mail, and the infected program could be sending e-mail using YOUR account as the delivery to your friends in your mailing list.)

Most spam and junk mail is fake. (That is why they use content scanning now. Because apparently legitimate e-mails, are spam and junk. Not to mention there are injection codes, like my "Double header", that bypass junk filters.)

A double header is an injection of double data.
Real:
SENDER: myname@mysite.com
Double fake:
SENDER: fakename@fakesite.com

Some email programs stop at the first sender read...

Others just replace the FIRST SENDER variable read, with the SECOND SENDER data, overwriting the SENDER variable. (Yahoo does that.)

Hehe, Google though... if it sees two senders, marks it as possible junk, then checks both senders... If one is bad, it trashes it. (But if both are good, it keeps them both. That is why I use it, because both are good. But the first one appears to be from WHB, while mine, is from my site. That is because outgoing mail from our sites, uses WHB's mailer, not our sites mailer, which we does not exist.)

[theplatelady.com]

Hello,

I'm new to this forum but I have been a customer of WHB for about 2 years now. I must say I have been generally satisfied with the service, but also somewhat concerned about server security.

Today I ran a DNS report for my WHB hosted website at http://www.dnsstuff.com and this was one of the results:

"Your domain does not have a SPF record. This means that spammers can easily send out E-mail that looks like it came from your domain, which can make your domain look bad (if the recipient thinks you really sent it), and can cost you money (when people complain to you, rather than the spammer). You may want to add an SPF record ASAP, as 01 Oct 2004 was the target date for domains to have SPF records in place (Hotmail, for example, started checking SPF records on 01 Oct 2004). "


I have found in the past that I got spam addressed to my email address that also looked like it came from my email address.

The only other part of the test my website failed was the Open DNS Server test. This was what the results said:

"ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it for domains it is not authoritative for (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address. Problem record(s) are:

Server 216.139.67.74 reports that it will do recursive lookups. [test] Server 216.139.67.75 reports that it will do recursive lookups. [test] See this page for info on closing open DNS servers."
I have mentioned this problem to tech support for WHB before but never got any satisfactory answers from them about fixing the problem.

My suggestion is that security be increased to fix these problems.

Thank you

[Alan B]

Hey, platelady, we already saw your identical message in another thread. If you have a complaint, fine, but there's no need to spam the forums with it.