Software

General discussion

Locked

Has anyone else been blacklisted?

By jdclyde ·
Been going through heck for over a week now.

It seems our corporate e-mail has made it onto the CBL blacklist. http://cbl.abuseat.org

They state the reasons for blacklisting can be:
Being a Relay
Infected with Netsky, Bagle, MyDoom or others.
Or if using NAT'ed addresses, then another system on the network may be sending out the SPAM.

Have taken the following steps.
Blocked SMTP from all system except the e-mail server witht the firewall.
Double checked if mail server was running as a relay.
Server runs Linux, so the above mentioned viruses do not apply.
Have scanned the network and the server for anything that looks suspicious.

All come up clean.
Request removal from list, get removed and put right back on a day later.
After getting blacklisted 4 times this week, I am starting to get upset.

Has anyone else had this problem?
How did you resolve this issue?

Would this blacklisting be illegal for them interfering with the transmission of legitamate business usage that we have paid for?

How do I stay off that list?
Is there a governing authority that this organization can be reported to?
Is there a legal authority they can be reported to?

Or do I just have to sit here and cry in my oatmeal?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Response from CBL

by RknRlKid In reply to Has anyone else been blac ...

I wrote to CBL, and they sent me the following response to my question about their policy. jdclyde, you were even mentioned in it:

"The CBL examines inbound email for "fingerprints" indicating that the source
IP is compromised: viruses/worms, spam trojans, open proxies and other mass-mailing "infections" of one kind or another. The CBL DOES NOT detect
open mail relays.

Indeed, a traditional open mail relay simply cannot trigger the CBL.

The detection methodology is very "sensitive", but is rarely definitive as to _what_ exactly is sending the email.

Since it's not very diagnostic, and that revealing information about how detection works might allow spamware and virus authors to program around it, we do not give out the precise details of how detection works.

We make up for that by allowing no-questions-asked self-removals up to a point, and prompt assistance with specific suggestions of what to look for or how to prevent recurrances if the listings repeat and the user contacts us.

If someone is having a problem with repeated listings, make sure that they contact us, we will help figure out what's happening. We've recently
made major changes to our online documentation (you see this while you're self-removing an IP) to help end-users make delistings permanent.

It's too bad jdclyde didn't include the IP in that thread, otherwise, we could have given some pointers in this email ;-)

And as a by-the-by, IP addresses _cannot_ be spoofed in TCP/IP connections. In UDP, it's trivially easy to spoof source IPs. But not in the TCP/IP required to actually send an email.

We strive to run the CBL in an ethical, responsible and professional manner that major organizations can use with confidence. And block a lot of spam and viruses at the same time ;-)

Given the large number of major (many enormous) corporations and ISPs that use the CBL, given that the highly respected SpamHaus republishes
our list as the main component of the XBL, and given that most people using the CBL (XBL) find it to be one of the most effective (and least false positive prone) anti-spam technique available, we seem to have succeeded.

[Indeed, the CBL has succeeded _way_ beyond our expectations.]"

email = cbl@cbl.abuseat.org

Collapse -

I have gotten pointers from "ray"

by jdclyde In reply to Response from CBL

I have been in e-mail contact with them, several times over the last week.

Did they get my TR ID from your e-mail or are they watching this post? Interesting.

I have in direct contact with them provided Full name of me and my company along with all IP information. You can understand why I wouldn't post that in a discussion forum. :>

I have now gone a full day without getting re-blacklisted. Waa Hoo! Hope it lasts.

Thanks everyone for your ideas and assistance.

Collapse -

Looks like things have been resolved

by jdclyde In reply to Has anyone else been blac ...

I would like to thank everyone who helped out.

I would REALLY like to thank everyone who was in contact with cbl.abuseat.org questioning them on my (our) behalf.

I am going to say that THIS DISCUSSION resolved my issue because I DIDN'T DO ANYTHING to my servers or network to resolve the issue that started up without me making any changes to my servers or network.

I was in contact and let them know that I had confirmed each point on their list, but didn't CHANGE anything. (accidentlly must have got it right the first time).

I HATE when there isn't a REASON for things to happen.

Collapse -

Don't seek the reason

by Oz_Media In reply to Looks like things have be ...

In many cases there's no point seeking the reason or justification. You are 'paid to ensure things work', when they don't 'you are paid to ensure things work', end of story.

I had a few issues thrown at me over time that after much frustration just all of a sudden worked again.

A quick thank you for your attention ot this matter was sent to me and that's that. Nobody cared how or why it worked, just that it DIDN'T work at one time.

If I was to go and call my ISP's and other vendors to route out the issue, the chances of someone owning up to simply dropping the ball on their end are slim at best, so I may never know that the ISP said yes he had looked at that when he actually hadn't.

Forget it and move on, not worth a headwreacker that's for sure!

P.S. ELated that you got it resolved either way, surely not as elated as you must be though. I know very well how these stupid little things can take up so much headspace.

Collapse -

But it helps to keep from repeating

by jdclyde In reply to Don't seek the reason

The reason I like to know what went wrong and what set it right is it helps you to avoid it from happening again or if it does happen again you know how to resolve the issue.

Believe me, I will not lose any sleep over this. (accept for the nap I could be taking now instead of replying in this discussion)

Collapse -

Well as you have made no changes

by HAL 9000 Moderator In reply to But it helps to keep from ...

Obviously the problem was down the chain and out of your control.

There are sometimes no solutions to problems and even better you are told direct lies to cover another companies mistakes.

Col

Collapse -

I'd like to see you repeat it if you can

by Oz_Media In reply to Well as you have made no ...

I think it was at the other end, not your own. Sounds like the CBL was f***ed, as expected from most of them.

I think the only way you could repeat it is by hiring a crappy RBL blocking team to handle your mail between classes and food fights.
How can you possibly avoid it in the past? You can't, there always some fool who thinks he is stopping spam when he is stopping his own business instead.

Related Discussions

Related Forums