nanog mailing list archives

Re: Anyone else blacklisted this morning by rbl.iprange.net?

From: Mel Beckman <mel () beckman org>
Date: Tue, 2 Jan 2018 17:11:02 +0000

Apparently they're widely used by firewall-based anti spam, as we seem to be getting blocked a lot by Juniper, 
Sonicwall, and Palo Alto firewalls. The outfit is listed in 
https://en.m.wikipedia.org/wiki/Comparison_of_DNS_blacklists, but seem to have very poor communication options (e.g., 
WhoIs is obscured).

Why don't they just quit answering DNS queries at rbl.iprange.net? Sheesh!

 -mel

On Jan 2, 2018, at 8:58 AM, Dann Schuler <DannSchuler () hotmail com> wrote:

We had a Charter IP address we don’t actually send email from (it is a backup line that would only send mail if our 
primary line was down) Blacklisted by these guys at 10:50am EST on 1/1/18, then removed at 3:34pm EST on 1/1/18.

MXToolBox alerted us to it, I ran a manual check on their portal, which is supposed to be 
http://iprange.net/rbl/lookup/  but redirects to https://realtimeblacklist.com/lookup/ and it came back not listed.  
Since it was a line I knew we were not mailing from anyways I figured I would just deal with it in the morning, but 
it had cleared itself up by then.

First time I had ever even heard of this one.

Good luck!



-----Original Message-----
From: NANOG [mailto:nanog-bounces+dannschuler=hotmail.com () nanog org] On Behalf Of Mel Beckman
Sent: Tuesday, January 2, 2018 11:46 AM
To: nanog () nanog org
Subject: Anyone else blacklisted this morning by rbl.iprange.net?

I woke up this morning to a barrage of complaints from users that our mail servers' outbound emails are bouncing due 
to a blacklisting. Sure enough, 
mxtoolbox.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmxtoolbox.com&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=Bdwc8tlrQa0NnUQfeTlsM%2BNSzL5fqQi8yDUBoP2tSw8%3D&reserved=0>
 reports that 
rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0>
 has blacklisted us for more than a day. However, looking up our address on the 
rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0>
 lookup webpage shows we're NOT listed. But a check of the RBL's DNS shows that we are. Then I found this on the 
rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0>
 owner's website ():

"rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0>
 (is offline since 01-01-2018) please replace it with 
rbl.realtimeblacklist.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.realtimeblacklist.com&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=ClOK3bagRxJ2%2BS%2BJMfr2PuNNdzJcfC6cHDRdrOhqohM%3D&reserved=0>
rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0>
 will mark every ip address as listed to force removal of this server."

What the heck? I've tried contacting 
realtimeblacklisk.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frealtimeblacklisk.com&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=vCuDN2O4BvqZ9CZMiybGz63jRafY9zO%2FR%2F3skxVeKTo%3D&reserved=0>,
 but they're in the Netherlands and apparently fast asleep (in more ways than one, it seems).

-mel beckman

Current thread:

Anyone else blacklisted this morning by rbl.iprange.net? Mel Beckman (Jan 02)
- RE: Anyone else blacklisted this morning by rbl.iprange.net? Dann Schuler (Jan 02)
  - Re: Anyone else blacklisted this morning by rbl.iprange.net? Mel Beckman (Jan 02)
  - Re: Anyone else blacklisted this morning by rbl.iprange.net? Alexander Maassen (Jan 02)
    - Re: Anyone else blacklisted this morning by rbl.iprange.net? Mel Beckman (Jan 02)
    - Re: Anyone else blacklisted this morning by rbl.iprange.net? Mike Hale (Jan 02)
    - Re: Anyone else blacklisted this morning by rbl.iprange.net? John Levine (Jan 04)
    - Re: Anyone else blacklisted this morning by rbl.iprange.net? Mel Beckman (Jan 04)
    - Re: Anyone else blacklisted this morning by rbl.iprange.net? John R. Levine (Jan 04)
- Re: Anyone else blacklisted this morning by rbl.iprange.net? Rich Kulawiec (Jan 02)
  - making the queries go away, was Re: Anyone else blacklisted this morning John Levine (Jan 04)
- Re: Anyone else blacklisted this morning by rbl.iprange.net? Jon Lewis (Jan 02)
  - Re: Anyone else blacklisted this morning by rbl.iprange.net? Mel Beckman (Jan 02)