Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Handlers Diary Blog - Check your email servers - blackholes.us DNSBL is dead InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Check your email servers - blackholes.us DNSBL is dead

Published: 2009-10-14
Last Updated: 2009-10-14 18:44:06 UTC
by David Goldsmith (Version: 1)
3 comment(s)

Aaron let us know about a discussion thread on the NANOG mailing list about issues with the blackholes.us DNS block list (DNSBL):

The issue is the maintainer of the blackholes.us DNSBL shut the list down some time back and  the IP address space that the DNS servers for it were on was given back to ARIN.  That address space has since been re-allocated to a new company and they are getting tired of the continual inbound DNS queries to the IP address of the old server.  Apparently they have now stood up a DNS server to answer those queries with a wildcard record that effectively returns "yes, the IP you are inquiring about is a spammer".  As a result, lots of mail relays that are still configured to do lookups against this DNSBL are now being told that everyone on the Internet is a spam source.

According to this post in the news.admin.net-abuse.email Usenet newsgroup, the DNSBL was shutdown 2 years ago.

If you are an email administrator, please check your RBLs to see if you are still submitting queries to blackholes.us and remove it from your configurations if you are.  You should also review any other RBLs you are using to ensure that they are still in operation as well.


 

Keywords:
3 comment(s)
Diary Archives