Forum Discussion

tukatshak's avatar
tukatshak
Freshman
7 years ago

SMTP server blacklisted?

As of about 7 p.m. EDT this evening (08/18/18), I am not able to send any emails, as I am getting the message that the HughesNet SMTP server IP address is blacklisted.  Is this one of those things where I have to wait 24 hours?  I know that spam traffic has been terrible of late.

 

Any suggestions?  Thanks!

 

Sukie in the Hudson Valley

  • tukatshak

    Turns out smtp.hughes.net [69.168.97.48] is listed on spam.dnsbl.sorbs.net (as is smtp.lithium.com [208.74.204.5], btw).

     

    Not to be pedantic, but that shouldn't technically prevent you from sending email. Some email servers my reject receiving it, preventing the intended recipient from getting it.

     

    How exactly are you getting notified of this? Bounce email from the receiving server, perhaps?

     

    Edit:
    Liz

    Amanda
    Note to admins. I did notice this in the headers. Probably want to have the tech folks fix the SPF in your DNS entry:

     

          Received-SPF: neutral (smtp01.hughes.cmh.synacor.com: 97.73.80.47 is neither permitted nor denied by domain of hughes.net)


    Setting the SPF helps to validate email from a specific domain and might alleviate getting listed on some blacklists due to forged/stolen senders coming from other email servers.

     

    Edit2:
    To do this, add a TXT record to the DNS entry that says something like:

    v=spf1 a mx ip4:97.73.80.47 -all

    The IP was taken from above, but it might have to be duplicated for the various servers used by Synacor (e.g., if there's a smtp02, smtp03, etc.).

    • MarkJFine's avatar
      MarkJFine
      Professor

      Did manage to check the SPF record using a third party tester that I use for my own domain(s).

       

      Seems the record is there (and includes quite a range of allowable IPs) but is terminated by a '?'. That's what's causing the neutral response. If the '?' is changed to a '-all' it will cause the forged emails to fail.

       

      You can also add a TXT record to implement DMARC reporting of successful/failed emails based on SPF and DKIM (if that's also implemented - doesn't look like it though).

  • Hello tukatshak, apologies on the delayed response. Is this issue still ongoing for anyone?

     

    -Brooke

    • MarkJFine's avatar
      MarkJFine
      Professor

      Brooke wrote:

      Hello tukatshak, apologies on the delayed response. Is this issue still ongoing for anyone?


      smtp01.hughes.cmh.synacor.com is currently listed on:

      cbl.abuseat.org
      pbl.spamhaus.org
      xbl.spamhaus.org
      zen.spamhaus.org
       
      smtp.hughes.net is currently listed on:
      dnsbl-1.uceprotect.net
      spam.dnsbl.sorbs.net
      https://bgp.he.net/ip/69.168.97.48#_rbl
       
      smtp.lithium.com is currently listed on:
      spam.dnsbl.sorbs.net
       
      #ugh
    • tukatshak's avatar
      tukatshak
      Freshman

      Dear Brooke,

       

      Wow.  9 days to get a response?

       

      My issue lasted at least 24 hours.  During this time, both native WebMail, and my popped Outlook account were completely hosed.  Then things righted themselves.  I have no way of knowing what happened in the background.

       

      MarkJFine, bless his heart, has been trying to report all the places where HughesNet is blocked or reported on spam lists.  I hope someone at HughesNet will now look into this. 

       

      Thank you for inquiring.  Now, if HughesNet would just stop all the spammers from using our addresses to produce spam....so we don't get on the bad lists....

       

      • MarkJFine's avatar
        MarkJFine
        Professor

        tukatshak wrote:

        Now, if HughesNet would just stop all the spammers from using our addresses to produce spam....so we don't get on the bad lists....


        Pretty sure changing that softfail '?' to hardfail '-all' in the DNS SPF record might help to do that as long as all three smtp IPs I mentioned as well as 'a' and 'mx' are included.

         

        Might be advantageous to employ DKIM if possible, but that may not be practical.