nanog mailing list archives

Re: Anyone else blacklisted this morning by rbl.iprange.net?

From: Mike Hale <eyeronic.design () gmail com>
Date: Tue, 2 Jan 2018 14:10:30 -0800

But what other people have rightfully pointed out is that his behavior
is stupid and against the RFC that covers DNSBLs.  And it's not simply
MX admins here.  You have firewalls that are also affected.

If you're going to run a DNSBL to advertise your mail software,
perhaps do so in a way that doesn't flip the bird at everyone using
it.

On Tue, Jan 2, 2018 at 2:02 PM, Alexander Maassen <outsider () scarynet org> wrote:

As the message said, they use this to force mx admins to remove their entry to stop hammering. I remember other lists 
did the same. Contact the remote mx admin in order to get this fixed.

Op 2 jan. 2018 om 17:57 heeft Dann Schuler <DannSchuler () hotmail com> het volgende geschreven:

We had a Charter IP address we don’t actually send email from (it is a backup line that would only send mail if our 
primary line was down) Blacklisted by these guys at 10:50am EST on 1/1/18, then removed at 3:34pm EST on 1/1/18.

MXToolBox alerted us to it, I ran a manual check on their portal, which is supposed to be 
http://iprange.net/rbl/lookup/  but redirects to https://realtimeblacklist.com/lookup/ and it came back not listed.  
Since it was a line I knew we were not mailing from anyways I figured I would just deal with it in the morning, but 
it had cleared itself up by then.

First time I had ever even heard of this one.

Good luck!



-----Original Message-----
From: NANOG [mailto:nanog-bounces+dannschuler=hotmail.com () nanog org] On Behalf Of Mel Beckman
Sent: Tuesday, January 2, 2018 11:46 AM
To: nanog () nanog org
Subject: Anyone else blacklisted this morning by rbl.iprange.net?

I woke up this morning to a barrage of complaints from users that our mail servers' outbound emails are bouncing due 
to a blacklisting. Sure enough, 
mxtoolbox.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmxtoolbox.com&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=Bdwc8tlrQa0NnUQfeTlsM%2BNSzL5fqQi8yDUBoP2tSw8%3D&reserved=0>
 reports that 
rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0>
 has blacklisted us for more than a day. However, looking up our address on the 
rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0>
 lookup webpage shows we're NOT listed. But a check of the RBL's DNS shows that we are. Then I found this on the 
rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0>
 owner's website ():

"rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0>
 (is offline since 01-01-2018) please replace it with 
rbl.realtimeblacklist.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.realtimeblacklist.com&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=ClOK3bagRxJ2%2BS%2BJMfr2PuNNdzJcfC6cHDRdrOhqohM%3D&reserved=0>
rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0>
 will mark every ip address as listed to force removal of this server."

What the heck? I've tried contacting 
realtimeblacklisk.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frealtimeblacklisk.com&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=vCuDN2O4BvqZ9CZMiybGz63jRafY9zO%2FR%2F3skxVeKTo%3D&reserved=0>,
 but they're in the Netherlands and apparently fast asleep (in more ways than one, it seems).

-mel beckman




-- 
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

Current thread:

Anyone else blacklisted this morning by rbl.iprange.net? Mel Beckman (Jan 02)
- RE: Anyone else blacklisted this morning by rbl.iprange.net? Dann Schuler (Jan 02)
  - Re: Anyone else blacklisted this morning by rbl.iprange.net? Mel Beckman (Jan 02)
  - Re: Anyone else blacklisted this morning by rbl.iprange.net? Alexander Maassen (Jan 02)
    - Re: Anyone else blacklisted this morning by rbl.iprange.net? Mel Beckman (Jan 02)
    - Re: Anyone else blacklisted this morning by rbl.iprange.net? Mike Hale (Jan 02)
    - Re: Anyone else blacklisted this morning by rbl.iprange.net? John Levine (Jan 04)
    - Re: Anyone else blacklisted this morning by rbl.iprange.net? Mel Beckman (Jan 04)
    - Re: Anyone else blacklisted this morning by rbl.iprange.net? John R. Levine (Jan 04)
- Re: Anyone else blacklisted this morning by rbl.iprange.net? Rich Kulawiec (Jan 02)
  - making the queries go away, was Re: Anyone else blacklisted this morning John Levine (Jan 04)
- Re: Anyone else blacklisted this morning by rbl.iprange.net? Jon Lewis (Jan 02)
  - Re: Anyone else blacklisted this morning by rbl.iprange.net? Mel Beckman (Jan 02)