I did finally reach someone at realtimeblacklist.com. They've just today shut down the bogus DNS RBL and said they realize now it was a terrible idea. They read and now understand the RBL RFC and promised not to do it again. I appreciate them taking the time to respond, and hopefully they'll also improve their communication channels (such as putting meaningful contact info in their WhoIs. It's ironic that an anti-spam operator, of all people, would hide this info!)
-mel > On Jan 2, 2018, at 2:04 PM, Alexander Maassen <outsi...@scarynet.org> wrote: > > As the message said, they use this to force mx admins to remove their entry > to stop hammering. I remember other lists did the same. Contact the remote mx > admin in order to get this fixed. > >> Op 2 jan. 2018 om 17:57 heeft Dann Schuler <dannschu...@hotmail.com> het >> volgende geschreven: >> >> We had a Charter IP address we don’t actually send email from (it is a >> backup line that would only send mail if our primary line was down) >> Blacklisted by these guys at 10:50am EST on 1/1/18, then removed at 3:34pm >> EST on 1/1/18. >> >> MXToolBox alerted us to it, I ran a manual check on their portal, which is >> supposed to be http://iprange.net/rbl/lookup/ but redirects to >> https://realtimeblacklist.com/lookup/ and it came back not listed. Since it >> was a line I knew we were not mailing from anyways I figured I would just >> deal with it in the morning, but it had cleared itself up by then. >> >> First time I had ever even heard of this one. >> >> Good luck! >> >> >> >> -----Original Message----- >> From: NANOG [mailto:nanog-bounces+dannschuler=hotmail....@nanog.org] On >> Behalf Of Mel Beckman >> Sent: Tuesday, January 2, 2018 11:46 AM >> To: nanog@nanog.org >> Subject: Anyone else blacklisted this morning by rbl.iprange.net? >> >> I woke up this morning to a barrage of complaints from users that our mail >> servers' outbound emails are bouncing due to a blacklisting. Sure enough, >> mxtoolbox.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmxtoolbox.com&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=Bdwc8tlrQa0NnUQfeTlsM%2BNSzL5fqQi8yDUBoP2tSw8%3D&reserved=0> >> reports that >> rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0> >> has blacklisted us for more than a day. However, looking up our address on >> the >> rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0> >> lookup webpage shows we're NOT listed. But a check of the RBL's DNS shows >> that we are. Then I found this on the >> rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0> >> owner's website (): >> >> "rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0> >> (is offline since 01-01-2018) please replace it with >> rbl.realtimeblacklist.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.realtimeblacklist.com&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=ClOK3bagRxJ2%2BS%2BJMfr2PuNNdzJcfC6cHDRdrOhqohM%3D&reserved=0> >> rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0> >> will mark every ip address as listed to force removal of this server." >> >> What the heck? I've tried contacting >> realtimeblacklisk.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frealtimeblacklisk.com&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=vCuDN2O4BvqZ9CZMiybGz63jRafY9zO%2FR%2F3skxVeKTo%3D&reserved=0>, >> but they're in the Netherlands and apparently fast asleep (in more ways >> than one, it seems). >> >> -mel beckman >