subject:"Anyone else blacklisted this morning by rbl.iprange.net\?"

Re: Anyone else blacklisted this morning by rbl.iprange.net?

2018-01-04 Thread John R. Levine

Alas, these RBLs are often hard-coded into firewalls. Non-sophisticated 
users just think they have a check box saying "block spam". Fixing those 
IS hard.


I believe there are cases where people have made it hard, but there are 
limits on how much I believe in protecting people from the consequences of 
their ineptness.


Perhaps we should spin up a little DNS cache just for DNSBL queries.

R's,
John


In article  
you write:

If you're going to run a DNSBL to advertise your mail software,
perhaps do so in a way that doesn't flip the bird at everyone using it.


On the other hand if you're going to use DNSBLs, you really should do
the tests in RFC 5782 every once in a while so you stop using BLs that
don't exist any more.  It's not hard.

Re: Anyone else blacklisted this morning by rbl.iprange.net?

2018-01-04 Thread Mel Beckman

Alas, these RBLs are often hard-coded into firewalls. Non-sophisticated users 
just think they have a check box saying "block spam". Fixing those IS hard.

 -mel 

> On Jan 4, 2018, at 4:45 PM, John Levine  wrote:
> 
> In article 
>  you 
> write:
>> If you're going to run a DNSBL to advertise your mail software,
>> perhaps do so in a way that doesn't flip the bird at everyone using it.
> 
> On the other hand if you're going to use DNSBLs, you really should do
> the tests in RFC 5782 every once in a while so you stop using BLs that
> don't exist any more.  It's not hard.
> 
> R's,
> John

Re: Anyone else blacklisted this morning by rbl.iprange.net?

2018-01-04 Thread John Levine

In article  
you write:
>If you're going to run a DNSBL to advertise your mail software,
>perhaps do so in a way that doesn't flip the bird at everyone using it.

On the other hand if you're going to use DNSBLs, you really should do
the tests in RFC 5782 every once in a while so you stop using BLs that
don't exist any more.  It's not hard.

R's,
John

Re: Anyone else blacklisted this morning by rbl.iprange.net?

2018-01-02 Thread Mike Hale

But what other people have rightfully pointed out is that his behavior
is stupid and against the RFC that covers DNSBLs.  And it's not simply
MX admins here.  You have firewalls that are also affected.

If you're going to run a DNSBL to advertise your mail software,
perhaps do so in a way that doesn't flip the bird at everyone using
it.

On Tue, Jan 2, 2018 at 2:02 PM, Alexander Maassen <outsi...@scarynet.org> wrote:
> As the message said, they use this to force mx admins to remove their entry 
> to stop hammering. I remember other lists did the same. Contact the remote mx 
> admin in order to get this fixed.
>
>> Op 2 jan. 2018 om 17:57 heeft Dann Schuler <dannschu...@hotmail.com> het 
>> volgende geschreven:
>>
>> We had a Charter IP address we don’t actually send email from (it is a 
>> backup line that would only send mail if our primary line was down) 
>> Blacklisted by these guys at 10:50am EST on 1/1/18, then removed at 3:34pm 
>> EST on 1/1/18.
>>
>> MXToolBox alerted us to it, I ran a manual check on their portal, which is 
>> supposed to be http://iprange.net/rbl/lookup/  but redirects to 
>> https://realtimeblacklist.com/lookup/ and it came back not listed.  Since it 
>> was a line I knew we were not mailing from anyways I figured I would just 
>> deal with it in the morning, but it had cleared itself up by then.
>>
>> First time I had ever even heard of this one.
>>
>> Good luck!
>>
>>
>>
>> -Original Message-
>> From: NANOG [mailto:nanog-bounces+dannschuler=hotmail....@nanog.org] On 
>> Behalf Of Mel Beckman
>> Sent: Tuesday, January 2, 2018 11:46 AM
>> To: nanog@nanog.org
>> Subject: Anyone else blacklisted this morning by rbl.iprange.net?
>>
>> I woke up this morning to a barrage of complaints from users that our mail 
>> servers' outbound emails are bouncing due to a blacklisting. Sure enough, 
>> mxtoolbox.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmxtoolbox.com=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=Bdwc8tlrQa0NnUQfeTlsM%2BNSzL5fqQi8yDUBoP2tSw8%3D=0>
>>  reports that 
>> rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D=0>
>>  has blacklisted us for more than a day. However, looking up our address on 
>> the 
>> rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D=0>
>>  lookup webpage shows we're NOT listed. But a check of the RBL's DNS shows 
>> that we are. Then I found this on the 
>> rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D=0>
>>  owner's website ():
>>
>> "rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D=0>
>>  (is offline since 01-01-2018) please replace it with 
>> rbl.realtimeblacklist.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.realtimeblacklist.com=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=ClOK3bagRxJ2%2BS%2BJMfr2PuNNdzJcfC6cHDRdrOhqohM%3D=0>
>> rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D=0>
>>  will mark every ip address as listed to force removal of this server."
>>
>> What the heck? I've tried contacting 
>> realtimeblacklisk.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frealtimeblacklisk.com=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=vCuDN2O4BvqZ9CZMiybGz63jRafY9zO%2FR%2F3skxVeKTo%3D=0>,
>>  but they're in the Netherlands and apparently fast asleep (in more ways 
>> than one, it seems).
>>
>> -mel beckman
>



-- 
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

Re: Anyone else blacklisted this morning by rbl.iprange.net?

2018-01-02 Thread Mel Beckman

I did finally reach someone at realtimeblacklist.com. They've just today shut 
down the bogus DNS RBL and said they realize now it was a terrible idea. They 
read and now understand the RBL RFC and promised not to do it again. I 
appreciate them taking the time to respond, and hopefully they'll also improve 
their communication channels (such as putting meaningful contact info in their 
WhoIs. It's ironic that an anti-spam operator, of all people, would hide this 
info!)

 -mel 

> On Jan 2, 2018, at 2:04 PM, Alexander Maassen <outsi...@scarynet.org> wrote:
> 
> As the message said, they use this to force mx admins to remove their entry 
> to stop hammering. I remember other lists did the same. Contact the remote mx 
> admin in order to get this fixed.
> 
>> Op 2 jan. 2018 om 17:57 heeft Dann Schuler <dannschu...@hotmail.com> het 
>> volgende geschreven:
>> 
>> We had a Charter IP address we don’t actually send email from (it is a 
>> backup line that would only send mail if our primary line was down) 
>> Blacklisted by these guys at 10:50am EST on 1/1/18, then removed at 3:34pm 
>> EST on 1/1/18.
>> 
>> MXToolBox alerted us to it, I ran a manual check on their portal, which is 
>> supposed to be http://iprange.net/rbl/lookup/  but redirects to 
>> https://realtimeblacklist.com/lookup/ and it came back not listed.  Since it 
>> was a line I knew we were not mailing from anyways I figured I would just 
>> deal with it in the morning, but it had cleared itself up by then.
>> 
>> First time I had ever even heard of this one.
>> 
>> Good luck!
>> 
>> 
>> 
>> -Original Message-
>> From: NANOG [mailto:nanog-bounces+dannschuler=hotmail....@nanog.org] On 
>> Behalf Of Mel Beckman
>> Sent: Tuesday, January 2, 2018 11:46 AM
>> To: nanog@nanog.org
>> Subject: Anyone else blacklisted this morning by rbl.iprange.net?
>> 
>> I woke up this morning to a barrage of complaints from users that our mail 
>> servers' outbound emails are bouncing due to a blacklisting. Sure enough, 
>> mxtoolbox.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmxtoolbox.com=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=Bdwc8tlrQa0NnUQfeTlsM%2BNSzL5fqQi8yDUBoP2tSw8%3D=0>
>>  reports that 
>> rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D=0>
>>  has blacklisted us for more than a day. However, looking up our address on 
>> the 
>> rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D=0>
>>  lookup webpage shows we're NOT listed. But a check of the RBL's DNS shows 
>> that we are. Then I found this on the 
>> rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D=0>
>>  owner's website ():
>> 
>> "rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D=0>
>>  (is offline since 01-01-2018) please replace it with 
>> rbl.realtimeblacklist.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.realtimeblacklist.com=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=ClOK3bagRxJ2%2BS%2BJMfr2PuNNdzJcfC6cHDRdrOhqohM%3D=0>
>> rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D=0>
>>  will mark every ip address as listed to force removal of this server."
>> 
>> What the heck? I've tried contacting 
>> realtimeblacklisk.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frealtimeblacklisk.com=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=vCuDN2O4BvqZ9CZMiybGz63jRafY9zO%2FR%2F3skxVeKTo%3D=0>,
>>  but they're in the Netherlands and apparently fast asleep (in more ways 
>> than one, it seems).
>> 
>> -mel beckman
>

Re: Anyone else blacklisted this morning by rbl.iprange.net?

2018-01-02 Thread Alexander Maassen

As the message said, they use this to force mx admins to remove their entry to 
stop hammering. I remember other lists did the same. Contact the remote mx 
admin in order to get this fixed.

> Op 2 jan. 2018 om 17:57 heeft Dann Schuler <dannschu...@hotmail.com> het 
> volgende geschreven:
> 
> We had a Charter IP address we don’t actually send email from (it is a backup 
> line that would only send mail if our primary line was down) Blacklisted by 
> these guys at 10:50am EST on 1/1/18, then removed at 3:34pm EST on 1/1/18.
> 
> MXToolBox alerted us to it, I ran a manual check on their portal, which is 
> supposed to be http://iprange.net/rbl/lookup/  but redirects to 
> https://realtimeblacklist.com/lookup/ and it came back not listed.  Since it 
> was a line I knew we were not mailing from anyways I figured I would just 
> deal with it in the morning, but it had cleared itself up by then.
> 
> First time I had ever even heard of this one.
> 
> Good luck!
> 
> 
> 
> -Original Message-
> From: NANOG [mailto:nanog-bounces+dannschuler=hotmail@nanog.org] On 
> Behalf Of Mel Beckman
> Sent: Tuesday, January 2, 2018 11:46 AM
> To: nanog@nanog.org
> Subject: Anyone else blacklisted this morning by rbl.iprange.net?
> 
> I woke up this morning to a barrage of complaints from users that our mail 
> servers' outbound emails are bouncing due to a blacklisting. Sure enough, 
> mxtoolbox.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmxtoolbox.com=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=Bdwc8tlrQa0NnUQfeTlsM%2BNSzL5fqQi8yDUBoP2tSw8%3D=0>
>  reports that 
> rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D=0>
>  has blacklisted us for more than a day. However, looking up our address on 
> the 
> rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D=0>
>  lookup webpage shows we're NOT listed. But a check of the RBL's DNS shows 
> that we are. Then I found this on the 
> rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D=0>
>  owner's website ():
> 
> "rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D=0>
>  (is offline since 01-01-2018) please replace it with 
> rbl.realtimeblacklist.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.realtimeblacklist.com=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=ClOK3bagRxJ2%2BS%2BJMfr2PuNNdzJcfC6cHDRdrOhqohM%3D=0>
> rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D=0>
>  will mark every ip address as listed to force removal of this server."
> 
> What the heck? I've tried contacting 
> realtimeblacklisk.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frealtimeblacklisk.com=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=vCuDN2O4BvqZ9CZMiybGz63jRafY9zO%2FR%2F3skxVeKTo%3D=0>,
>  but they're in the Netherlands and apparently fast asleep (in more ways than 
> one, it seems).
> 
> -mel beckman

Re: Anyone else blacklisted this morning by rbl.iprange.net?

2018-01-02 Thread Mel Beckman

LOL! Apparently Level3 (my upstream) at least has blacklisted their IP, way 
before it gets anywhere near the Netherlands!

traceroute rbl.iprange.net 
traceroute to rbl.iprange.net (80.127.112.180), 64 hops max, 40 byte packets
 1  router1.sb.becknet.com (206.83.0.1)  0.862 ms  0.415 ms  0.365 ms
 2  206-190-77-9.static.twtelecom.net (206.190.77.9)  0.817 ms  1.234 ms  0.734 
ms
 3  ae1-90g.ar7.lax1.gblx.net (67.17.75.18)  2.933 ms  3.023 ms  2.928 ms
 4  ae10.edge1.losangeles9.level3.net (4.68.111.21)  3.040 ms  2.996 ms  3.040 
ms
 5  * * *
 6  * * *
 7  * * *

Thank you Level3! Now if other major backbone providers will do the same, we 
might inoculate the Internet from this ignorant RBL operator quickly. 

 -mel

> On Jan 2, 2018, at 9:10 AM, Jon Lewis  wrote:
> 
>> On Tue, 2 Jan 2018, Mel Beckman wrote:
>> 
>> I woke up this morning to a barrage of complaints from users that our mail 
>> servers' outbound emails are bouncing due to a blacklisting. Sure enough, 
>> mxtoolbox.com reports that 
>> rbl.iprange.net has blacklisted us for more than a 
>> day. However, looking up our address on the 
>> rbl.iprange.net lookup webpage shows we're NOT 
>> listed. But a check of the RBL's DNS shows that we are. Then I found this on 
>> the rbl.iprange.net owner's website ():
>> 
>> "rbl.iprange.net (is offline since 01-01-2018) 
>> please replace it with 
>> rbl.realtimeblacklist.com
>> rbl.iprange.net will mark every ip address as listed 
>> to force removal of this server."
>> 
>> What the heck? I've tried contacting 
>> realtimeblacklisk.com, but they're in the 
>> Netherlands and apparently fast asleep (in more ways than one, it seems).
> 
> If you do manage to get ahold of anyone there, you might suggest they read 
> section 3.4 of
> 
> https://tools.ietf.org/html/draft-irtf-asrg-bcp-blacklists-10
> 
> There's a right way to shut down a DNSBL that's been tested and used by 
> others.  Listing the world is not the right way.
> 
> --
> Jon Lewis, MCP :)   |  I route
> |  therefore you are
> _ http://www.lewis.org/~jlewis/pgp for PGP public key_

Re: Anyone else blacklisted this morning by rbl.iprange.net?

2018-01-02 Thread Mel Beckman

Apparently they're widely used by firewall-based anti spam, as we seem to be 
getting blocked a lot by Juniper, Sonicwall, and Palo Alto firewalls. The 
outfit is listed in 
https://en.m.wikipedia.org/wiki/Comparison_of_DNS_blacklists, but seem to have 
very poor communication options (e.g., WhoIs is obscured).

Why don't they just quit answering DNS queries at rbl.iprange.net? Sheesh!

 -mel 

> On Jan 2, 2018, at 8:58 AM, Dann Schuler <dannschu...@hotmail.com> wrote:
> 
> We had a Charter IP address we don’t actually send email from (it is a backup 
> line that would only send mail if our primary line was down) Blacklisted by 
> these guys at 10:50am EST on 1/1/18, then removed at 3:34pm EST on 1/1/18.
> 
> MXToolBox alerted us to it, I ran a manual check on their portal, which is 
> supposed to be http://iprange.net/rbl/lookup/  but redirects to 
> https://realtimeblacklist.com/lookup/ and it came back not listed.  Since it 
> was a line I knew we were not mailing from anyways I figured I would just 
> deal with it in the morning, but it had cleared itself up by then.
> 
> First time I had ever even heard of this one.
> 
> Good luck!
> 
> 
> 
> -Original Message-
> From: NANOG [mailto:nanog-bounces+dannschuler=hotmail@nanog.org] On 
> Behalf Of Mel Beckman
> Sent: Tuesday, January 2, 2018 11:46 AM
> To: nanog@nanog.org
> Subject: Anyone else blacklisted this morning by rbl.iprange.net?
> 
> I woke up this morning to a barrage of complaints from users that our mail 
> servers' outbound emails are bouncing due to a blacklisting. Sure enough, 
> mxtoolbox.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmxtoolbox.com=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=Bdwc8tlrQa0NnUQfeTlsM%2BNSzL5fqQi8yDUBoP2tSw8%3D=0>
>  reports that 
> rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D=0>
>  has blacklisted us for more than a day. However, looking up our address on 
> the 
> rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D=0>
>  lookup webpage shows we're NOT listed. But a check of the RBL's DNS shows 
> that we are. Then I found this on the 
> rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D=0>
>  owner's website ():
> 
> "rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D=0>
>  (is offline since 01-01-2018) please replace it with 
> rbl.realtimeblacklist.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.realtimeblacklist.com=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=ClOK3bagRxJ2%2BS%2BJMfr2PuNNdzJcfC6cHDRdrOhqohM%3D=0>
> rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D=0>
>  will mark every ip address as listed to force removal of this server."
> 
> What the heck? I've tried contacting 
> realtimeblacklisk.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frealtimeblacklisk.com=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=vCuDN2O4BvqZ9CZMiybGz63jRafY9zO%2FR%2F3skxVeKTo%3D=0>,
>  but they're in the Netherlands and apparently fast asleep (in more ways than 
> one, it seems).
> 
> -mel beckman

Re: Anyone else blacklisted this morning by rbl.iprange.net?

2018-01-02 Thread Jon Lewis


On Tue, 2 Jan 2018, Mel Beckman wrote:


I woke up this morning to a barrage of complaints from users that our mail servers' outbound emails are 
bouncing due to a blacklisting. Sure enough, mxtoolbox.com reports that 
rbl.iprange.net has blacklisted us for more than a day. However, looking 
up our address on the rbl.iprange.net lookup webpage shows we're NOT 
listed. But a check of the RBL's DNS shows that we are. Then I found this on the 
rbl.iprange.net owner's website ():

"rbl.iprange.net (is offline since 01-01-2018) please replace 
it with rbl.realtimeblacklist.com
rbl.iprange.net will mark every ip address as listed to 
force removal of this server."

What the heck? I've tried contacting 
realtimeblacklisk.com, but they're in the 
Netherlands and apparently fast asleep (in more ways than one, it seems).


If you do manage to get ahold of anyone there, you might suggest they read 
section 3.4 of


https://tools.ietf.org/html/draft-irtf-asrg-bcp-blacklists-10

There's a right way to shut down a DNSBL that's been tested and used by 
others.  Listing the world is not the right way.


--
 Jon Lewis, MCP :)   |  I route
 |  therefore you are
_ http://www.lewis.org/~jlewis/pgp for PGP public key_

Re: Anyone else blacklisted this morning by rbl.iprange.net?

2018-01-02 Thread Rich Kulawiec

On Tue, Jan 02, 2018 at 04:46:02PM +, Mel Beckman quoted:
> "rbl.iprange.net will mark every ip address as listed to force removal of 
> this server."

Apparently they didn't read section 3.4 of RFC 6471:

https://tools.ietf.org/html/rfc6471#page-15

Given this behavior on their part, it would seem best to not only
immediately remove their old DNSBL from mail system configurations,
but to never add their new one.

---rsk

RE: Anyone else blacklisted this morning by rbl.iprange.net?

2018-01-02 Thread Dann Schuler

We had a Charter IP address we don’t actually send email from (it is a backup 
line that would only send mail if our primary line was down) Blacklisted by 
these guys at 10:50am EST on 1/1/18, then removed at 3:34pm EST on 1/1/18.

MXToolBox alerted us to it, I ran a manual check on their portal, which is 
supposed to be http://iprange.net/rbl/lookup/  but redirects to 
https://realtimeblacklist.com/lookup/ and it came back not listed.  Since it 
was a line I knew we were not mailing from anyways I figured I would just deal 
with it in the morning, but it had cleared itself up by then.

First time I had ever even heard of this one.

Good luck!



-Original Message-
From: NANOG [mailto:nanog-bounces+dannschuler=hotmail@nanog.org] On Behalf 
Of Mel Beckman
Sent: Tuesday, January 2, 2018 11:46 AM
To: nanog@nanog.org
Subject: Anyone else blacklisted this morning by rbl.iprange.net?

I woke up this morning to a barrage of complaints from users that our mail 
servers' outbound emails are bouncing due to a blacklisting. Sure enough, 
mxtoolbox.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmxtoolbox.com=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=Bdwc8tlrQa0NnUQfeTlsM%2BNSzL5fqQi8yDUBoP2tSw8%3D=0>
 reports that 
rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D=0>
 has blacklisted us for more than a day. However, looking up our address on the 
rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D=0>
 lookup webpage shows we're NOT listed. But a check of the RBL's DNS shows that 
we are. Then I found this on the 
rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D=0>
 owner's website ():

"rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D=0>
 (is offline since 01-01-2018) please replace it with 
rbl.realtimeblacklist.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.realtimeblacklist.com=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=ClOK3bagRxJ2%2BS%2BJMfr2PuNNdzJcfC6cHDRdrOhqohM%3D=0>
rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D=0>
 will mark every ip address as listed to force removal of this server."

What the heck? I've tried contacting 
realtimeblacklisk.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frealtimeblacklisk.com=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435%7C1%7C0%7C636505084442000619=vCuDN2O4BvqZ9CZMiybGz63jRafY9zO%2FR%2F3skxVeKTo%3D=0>,
 but they're in the Netherlands and apparently fast asleep (in more ways than 
one, it seems).

 -mel beckman

Anyone else blacklisted this morning by rbl.iprange.net?

2018-01-02 Thread Mel Beckman

I woke up this morning to a barrage of complaints from users that our mail 
servers' outbound emails are bouncing due to a blacklisting. Sure enough, 
mxtoolbox.com reports that 
rbl.iprange.net has blacklisted us for more than a day. 
However, looking up our address on the rbl.iprange.net 
lookup webpage shows we're NOT listed. But a check of the RBL's DNS shows that 
we are. Then I found this on the rbl.iprange.net 
owner's website ():

"rbl.iprange.net (is offline since 01-01-2018) please 
replace it with rbl.realtimeblacklist.com
rbl.iprange.net will mark every ip address as listed to 
force removal of this server."

What the heck? I've tried contacting 
realtimeblacklisk.com, but they're in the 
Netherlands and apparently fast asleep (in more ways than one, it seems).

 -mel beckman

Re: Anyone else blacklisted this morning by rbl.iprange.net?

Re: Anyone else blacklisted this morning by rbl.iprange.net?

Re: Anyone else blacklisted this morning by rbl.iprange.net?

Re: Anyone else blacklisted this morning by rbl.iprange.net?

Re: Anyone else blacklisted this morning by rbl.iprange.net?

Re: Anyone else blacklisted this morning by rbl.iprange.net?

Re: Anyone else blacklisted this morning by rbl.iprange.net?

Re: Anyone else blacklisted this morning by rbl.iprange.net?

Re: Anyone else blacklisted this morning by rbl.iprange.net?

Re: Anyone else blacklisted this morning by rbl.iprange.net?

RE: Anyone else blacklisted this morning by rbl.iprange.net?

Anyone else blacklisted this morning by rbl.iprange.net?

12 matches

Site Navigation

Mail list logo

Footer information