How to Remove your IP address from RBL blacklist?
What is RBL?
RBL is the short form for “Realtime Blackhole List”, this is a popular term and another technical term with the same meaning is DNSBL or DNS blacklist.
RBL or DNSBL is a mechanism that publishes IP addresses of spam-sending servers. RBL lists server IP addresses from ISPs (Internet Service Providers) whose customers are responsible for sending spam (knowingly or unknowingly) and from ISPs whose servers are compromised for spam relay.
All about IP Address
Once subscribed to the RBL, ISPs and companies will know from which IP addresses to block traffic. The blocking occurs during the SMTP connection. The recipient will check RBL for connecting IP address. If the IP address matches the one on the RBL blacklist, then the connection gets dropped before accepting any traffic from the spammer. Some ISPs, though, will choose to reject IP packets at their routers. The goal here is to block all IP traffic.
DNSBL Policies
The various DNSBLs have different policies. DNSBL policies differ by the following three major points:
- Goals. What does the DNSBL seek to list? Is it a list of open-relay mail servers or open proxies – or of IP addresses known to send spam – or perhaps of IP addresses belonging to ISPs that harbor spammers?
- Nomination. How does the DNSBL discover addresses to list? Does it use nominations submitted by users? Spam-trap addresses or honeypots?
- Listing lifetime. How long does a listing last? Are they automatically expired, or only removed manually? What can the operator of a listed host do to have it delisted?
If you are the one responsible for email administration, you can set up RBL or DNSBL check on your email server to avoid email, spammers. You can test and use the most appropriate one for your email server. Here is the list of popular RBLs
- zen/xbl/sbl/pbl.spamhaus.org
- bl.spamcop.net
- psbl.surriel.com
- dnsbl.sorbs.net
- b.barracudacentral.org
I have been using Spamhaus RBL for a few years now and have found this list very reliable RBL list for blocking spammers, I would recommend the same. If you have a specific type of requirement you can choose the RBL that suits your needs.
Is your IP address listed on RBL lists?
As an email administrator for your company or your clients, it’s important for you to know if your email server IP is listed on any of the RBL blacklists. If your IP address is listed in an RBL then the chances are that the emails that you send from your server/network to your clients can get blocked even though it may not be spam. Most anti-spam filters query RBLs and if your IP address is listed in one of the RBLs then these filters may not allow your e-mails to go through and block them as spam.
To check if your IP or domain is listed on RBLs, you can do a real-time check at websites like http://mxtoolbox.com/blacklists.aspx (refer below screenshot) or www.anti-abuse.org/multi-rbl-check/. If your IP address is not listed then its fine but if it is listed, then the first thing you want to do is to get your IP address delisted.
To delist your IP address, first check which RBL is listing your IP. Visit the RBL website that has blacklisted your IP/domain and find a link there that would allow you to request removal from the blacklist. RBL generally provides you the time of listing and the reason for listing your IP address, this will be helpful for you to detect what in your email server caused the blacklisting. Once you have requested for delisting of the IP address, it would generally take a few hours for it to get delisted. Note that if again there is another case of spam abuse from your IP address then probably your IP will be again on the RBL.
Hence, the best action you can take is to find the root cause of the listing and remove this cause otherwise your IP address will be listed on one or the other RBL.
There could be many reasons why your IP address got listed on the RBL list. Viruses, spyware, Trojans can also be causing a workstation on your network to send out spam e-mails. If your company or your client’s company sends out bulk emails such as newsletters or mass e-mailings of some sort then chances are one of these e-mails may have been reported to the RBL by someone who thought it was spam. Some of the RBLS services also work with ISPs and setup automatic probes to detect mass mailings and where it is originating from and this can also trigger a red flag that can have your IP blacklisted.
Tips to avoid being listed on RBL
Below is the list of points that could be helpful to avoid your IP address being listed on RBL as a bad sender of email
1. Don’t send SPAM
If you are listed in any of the RBLs it is most likely that there is an issue with your email. So instead of blaming the RBL, it’s best to fix the issue at your end and re-monitor the listing.
You need to check if any sender on your network is sending out spam (knowingly or unknowingly), so you need to thoroughly check the mail logs for this. If it is your company network you can lock down the connection from the suspected spam sender, fix the issue with the laptop or PC, and then allow an email connection to the sender. If you are managing emails for multiple clients you need to have policies in place to block any email sender sending unsolicited email.
Once my email sending IP was continuously getting blacklisted, I checked the email logs and found that mail was being sent out when a particular laptop was connected to the network. I blocked the access to the laptop and checked it, there was no anti-spyware or malware protection installed on the laptop. The user had also unknowingly clicked on a junk mail with a .zip file, this had triggered the spam and spam mail was being sent to all the email ids in the user’s address book. Once the laptop was cleared off the virus and malware the issue was resolved. And then we checked the RBLs and our IP was no longer listed.
Also, your email server should not be an open relay. All emails should be sent out from your email server with proper username and password authentication. The passwords should also be complex consisting of numbers, letters, and special characters.
2. Meet the common practices of mail senders
- DNS pointer record is set.
- Your MX domain name matches the pointer.
- Ensure your MTA (mail transfer agent) uses proper EHLO/HELLO.
- Avoid differences with regards to the mail reply and mail from headers.
- Allow mail attachment size of 50MB maximum.
3. Monitor mail logs and mail queues.
The mail logs and mail queues in your email service provide you with good information about the health of your server. This will give you information about potential problems. Deferred emails, bounces all provide information. Hence view your mail logs daily.
4. Subscribe to RBL monitor
There are many RBL monitoring sites, some are free and some are paid. Subscribe to them and they will alert you every 24-48 hours about your possible listing on any RBL.
5. Respond to any abuse claims.
Keep all your Admin/Technical email contacts up to date, so that you receive any abuse claims or complaints. Your team should regularly monitor the inbox for any claims of abuse or complaints and act professionally and responsibly to any claims of abuse.
6. Setup an SPF record
This is a must-do, this record helps to identify that you are the authentic sender of mail from the particular domain. Email spam and phishing often use forged sender addresses, so publishing and checking SPF records is considered an essential anti-spam technique. Refer to my article at www.link.com to know more about setting SPF records.
7. No open mail relay
Your email server should never be an open relay or allow mail sending to all senders. Refer to the link to know more about open relays https://en.wikipedia.org/wiki/Open_mail_relay
Your email program will have ways to check and correct open relays. Only authenticated users should be able to send emails from your server.
8. Setup rules for your outbound mail sessions.
As per your email sending requirements, set up rules about how many emails can be sent per hour. You can monitor the averages and set up an upper limit.
9. Ensure that your attachments are virus-free
You need to ensure that all the mail coming to your server or mail sent out from your server is free from viruses or malware. To achieve this you need to have a firewall in place as shown in the image below
All the inbound and outbound mail are checked for viruses, malware, or spyware. You can use any
firewall ie Mc Afee, Symantec, Sonicwall, or any other firewall that meets your requirement.
Hope this article has helped you to know about RBLs and how to keep your IP address in the safe listing. Please let me know your experiences about RBLs and any other feedback is also welcome.