Subscribe
man holding his face

How Not To Run A Network

So, today I’m going through the motions of work. A lot of what I do, of course, is quite mindless. There’s some evaluation and some discretion involved, but really, it all starts to look the same after a while.

Then, I come across something new. It’s something that seems to say that we’ve been listed by Spamhaus! Seriously! Horrors! There will rioting in the streets. Dogs and cats will be sleeping together. That kind of thing. Only, not so much. Turns out that what I’ve found is a stupid recipient administrator.

Here’s the error message:

(Host blacklisted – Found on Realtime Black List server blocklist.address.is.wrong.spamhaus.org )

So, a quick search confirms my suspicion. This is a mail administrator who should have his or her license revoked.

Spamhaus used to get a ton of bad queries to things like ‘rbl.’, ‘bl.’, ‘spl.’, so this is what they do:

;; QUESTION SECTION:
;1.2.3.4.rbl.spamhaus.org. IN A

;; ANSWER SECTION:
1.2.3.4.rbl.spamhaus.org. 172786 IN CNAME blocklist.address.is.wrong.spamhaus.org.
blocklist.address.is.wrong.spamhaus.org. 160960 IN A 127.0.0.2

;; QUESTION SECTION:
;1.2.3.4.rbl.spamhaus.org. IN TXT

;; ANSWER SECTION:
1.2.3.4.rbl.spamhaus.org. 172800 IN CNAME blocklist.address.is.wrong.spamhaus.org.
blocklist.address.is.wrong.spamhaus.org. 172800 IN TXT “SPAMHAUS BLOCKLIST ADDRESS IS WRONG MUST FIX”

Now, of course, this admin didn’t care to return the TXT record — they just wanted us to see that we were listed.

Ladies and gentlemen, this is NOT how you run a network. It only takes about a minute to discover zen.spamhaus.org. That’s a properly working zone that returns actual, good data.

And, while we’re on the subject, here’s another sign that you shouldn’t be running a network:

5.2.1 Mail from 10.0.0.3 refused: spam site

Since we’re not routing mail from reserved networks directly out to the Internet, you won’t see that IP address coming from our mail. That means that you are most likely blocking all mail coming from some server (probably your spam filter server) on your own network.

Dude, don’t block that. Fix it.

 

language

Picture of Mickey

Mickey

A recognized leader in the fight against online abuse, specializing in email anti-abuse, compliance, deliverability, privacy, and data protection. With over 20 years of experience tackling messaging abuse, I help organizations clean up their networks and maintain a safe, secure environment.