Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Check your email servers - blackholes.us DNSBL is dead - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Check your email servers - blackholes.us DNSBL is dead

Aaron let us know about a discussion thread on the NANOG mailing list about issues with the blackholes.us DNS block list (DNSBL):

The issue is the maintainer of the blackholes.us DNSBL shut the list down some time back and  the IP address space that the DNS servers for it were on was given back to ARIN.  That address space has since been re-allocated to a new company and they are getting tired of the continual inbound DNS queries to the IP address of the old server.  Apparently they have now stood up a DNS server to answer those queries with a wildcard record that effectively returns "yes, the IP you are inquiring about is a spammer".  As a result, lots of mail relays that are still configured to do lookups against this DNSBL are now being told that everyone on the Internet is a spam source.

According to this post in the news.admin.net-abuse.email Usenet newsgroup, the DNSBL was shutdown 2 years ago.

If you are an email administrator, please check your RBLs to see if you are still submitting queries to blackholes.us and remove it from your configurations if you are.  You should also review any other RBLs you are using to ensure that they are still in operation as well.


 

David

78 Posts
Sure, it calls attention to the issue by having all your outgoing mail marked as spam, but that is just downright evil... and I hope the new owners of that IP space get what's coming to them.
Anonymous
A great resource for dead DNSBL's is www.dnsbl.com, one of Al Iverson's sites. Note that most owners of defunct RBLs seem to eventually get ticked off at the ongoing traffic that they start returning postive responses for all requests, just to get the lazy postmaster's to fix their configs....
Anonymous
While what they did wasn't nice, a statement like "everyone on the Internet is a spam source." is closer to truth than fiction. IIRC, over 90% of email traffic is spam these days..
Eric

43 Posts

Sign Up for Free or Log In to start participating in the conversation!