Blacklist Patrol
Did you just get blacklisted?
Get notified so you can take action.
Blacklist Patrol
Blacklist Patrol proactively monitors major anti-spam blacklists to see if your email server has been listed on any of them.
You're notified daily by email of any blacklists your server is found on.
NAT + Zombie Computer = Blacklisted Mail Server!
Network Address Translation (or NAT) is a technology that lets private networks interact with the internet via one or more public IP addresses.
A small company might have its workstations and servers located on a private network using the IP addresses 192.168.1.1 through 192.168.1.255. When requests from any of those systems are made out to the internet, the router makes them appear as if they originated from a public IP.
This technology allows incoming requests on certain ports to be forwarded to specific internal systems. Small organizations using NAT can host their own web and email servers while not exposing the rest of their computers to internet traffic.
So let's say a small company - "Blingosoft" has been given the IP address 61.62.190.26 for use by their ISP. Using NAT, the system administrator provides network access to all workstations, a web server and an email server using just that single IP address.
A few weeks later, a visiting client plugs a laptop into their network which turns out to be a "zombie." A zombie is a system which has been taken over remotely for the purpose of sending spam or other questionable activities.
The client of course wasn't aware of the problem, and didn't mean any harm. Still, their laptop sent 20,000 unwanted email messages during the 2 hours it was attached to BlingoSoft's network.
Some of these messages happened to land in a "spamtrap" - an email account setup to track which systems are sending spam. Spamtraps are usually used in conjunction with DNS blacklists to eliminate junk mail. The fact that 61.62.190.26 sent spam to the trap was then relayed to a major DNS blacklist - which promptly listed them as a known spam source.
That's right, as far as the blacklist is concerned - an email server located at 61.62.190.26 sent them a bunch of spam. It has no way of telling the difference between BlingoSoft's outgoing email server, and the client's laptop that was only plugged into the network for about 2 hours.
Now, when the good people of BlingoSoft send email, it gets rejected from the receiving server about 35% of the time. Any email server that has its mail filters setup to use the blacklist in question will bounce messages from BlingoSoft.
The only good news is that most blacklists that are quick to list new offending IP addresses are also quick to remove them. They can likely either request removal, or it will happen by itself in the course of about a week.
What's the lesson? System administrators need to pay close attention to the possible ramifications of "cramming" all their network services onto a single IP address.