Blacklist Patrol

Did you just get blacklisted?

Get notified so you can take action.

Blacklist Patrol

Blacklist Patrol proactively monitors major anti-spam blacklists to see if your email server has been listed on any of them.

You're notified daily by email of any blacklists your server is found on.

• Free 30-day trial

• Sign up now - just $9.95 per month
• Sample Blacklist Patrol Report
• Currently Monitored Blacklists
• Frequently Asked Questions
• Terms and Conditions

Tiscali Blacklisted after Email Servers Hijacked by Spammers

Click Here to Sign up for Free Blacklist Monitoring Trial

June 2, 2007

Earlier this week, Major European internet provider, Tiscali had its email servers listed on many major blacklists after they were used to send copious quantities of spam.

For a period, a large percentage of all Tiscali's email was being rejected and bounced back to the sender.

Tiscali now says they have addressed the problem by deploying both new spam protection software on its servers and additional hardware. There are now only a few service providers continuing to block messages from their servers.

Blacklists are DNS databases that track the IP addresses of known or suspected spammers. Most email servers, and nearly all major internet providers utilize one or more such lists to help cope with the massive volumes of trash email that arrives daily.

One of the most popular blacklists, the CBL, is almost entirely automated. The CBL uses "spamtraps" - email addresses published online strictly for the purpose of tricking spammers into sending messages to them. When a message is sent to a spamtrap - the sending IP address may be automatically blacklisted. Servers using that blacklist may reject any subsequent messages sent from that IP.

This creates a strong motivation for administrators to keep spammers off their servers. In the past, it was common for any given email server to send (or "relay") email from anyone, to anyone without needing authentication. Blacklists have helped to change this.

Tiscali's servers apparently employed some level of anti-relaying protection, but spammers found a way around it. From my own experience, this explanation does sound plausible. Often server configurations are complex, and sometimes contain security problems that are difficult to diagnose.

Server operators can employ numerous techniques to help prevent their outgoing SMTP servers from being abused in this fashion:

Requiring users to authenticate using a user name and password.

Rejecting email with content that spam filter programs flag as questionable.

Only accepting email sent from certain email domains.

Only accepting messages sent from networks located within the ISP.

Limiting the total number of emails a given user can send in a period of time.

Individuals responsible for email servers should check their servers for possible relay vulnerabilities after any significant configuration change. Failure to do so could result in having your email bounced.

Mail Spam Blocker | Sophos Article on Zombies