[ngw] RBLs

Kenneth Etter kle at msktd.com
Thu Feb 13 13:24:10 UTC 2014


Thanks.  I talked with them yesterday.  Turns out they are a small company and don't have their own mail server.  The mail server they use is shared among a number of companies.  And their provider informed them that a couple of the other companies that use that server had some malware issues that resulted in them sending out spam.  So the mail server's IP address gets listed and all the companies using it have problems.  I'm thinking they need GroupWise.
 
Ken


>>> "Jeffrey Sessler" <Jeff at ScrippsCollege.edu> 2/12/2014 4:56 PM >>>
I would go check their reputation on http://www.senderbase.org/
This is Cisco's email/web traffic monitoring network, and is what their IronPort product uses to determine email reputation. It's handy as it will also show you the other RBLs a site/IP may be on, and you can see statistics as to why they are getting blocked e.g. mail volume has increased 10 fold, etc.

We had a company we work with show up with a poor reputation and get placed on one of the two RBLs you mentioned - sure enough, they had an account compromised and it was sending spam out to the world.

Jeff

>>> On Wednesday, February 12, 2014 at 8:42 AM, in message <52FB5E1802000013000F4605 at mail.msktd.com>, "Kenneth Etter" <kle at msktd.com> wrote:

I'm currently using Spamhaus.org and Spamcop.net to check for RBLs.  Lately I have had a couple of companies we work with get blocked because they are getting listed on spamcop.net, but they aren't on spamhaus.  Any comments on the current reliability of either of these?  Trying to decide whether I should put an exception in place for the latest company or make some other change.

Ken


More information about the ngw mailing list