Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Getting spamfiltered? SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Getting spamfiltered?
Every now and then, collective spam filtering efforts tend to go a bit overboard. We keep hearing of cases where static and properly assigned IP ranges of legitimate businesses erroneously got added to one of the DNSbl based public filter lists under the heading of "dynamic address".  Should this ever happen to you, chances are you won't be able to use your company email to complain about the mistake - since your email is coming from a "dynamic address" (or so the many mailgateways using the DNSbl think), it will be cheerfully ignored and discarded. Recovery from such a problem can be agonizingly slow and leave your company stranded high and dry with very limited ability to send email.  If you got a couple of spare cycles today, it might be worthwhile to go through the motions of how you would a) detect that your IP range is on some DNSbl and b) go about getting it unlisted again. A good toolkit that I like to check multiple DNSbls are the various query options available through http://openrbl.org . Another good one, suggested by ISC reader Peter Bance, is http://www.dnsstuff.com . ISC reader Bas Janssen suggests the blq Perl scripts on http://freshmeat.net/projects/blq/ for automatic monitoring of several blacklists via cron job.
Daniel

367 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!