cancel
Showing results for 
Search instead for 
Did you mean: 

Re: Cannot send email - error message: Blacklisted IP address

mushr00m
Tuning in

I've had the exact same problem for the last 6 weeks and it's still not resolved. I was told by the customer service team that my IP would be automatically changed on the 13th August . That deadline has come and gone and still still got the same IP address. I've restarted the wifi box a few ties and it still churns out the same IP. I've been on mx toolbox and it says the same. Blocked by SORBS DUHL and Spamhaus ZEN.  I've run wireshark for days on end with nothing showing in the log for rogue spam being sent from port 110.

What do you have to do to get assigned a new IP address ?

33 REPLIES 33

What about mine @Gareth_L ?

Hello MrStreet

Can you please try sending an email now 

Gareth_L

Hi @Gareth_L,

That is working now. Thanks.

 

For anyone else viewing this thread...

I can see the IP address is still listed in SORBS, so I guess this is something Virgin have done their end to allow my emails through?

 

Regards,

Richard

Fingers crossed then for the rest of us then. Well done on getting yours fixed. 

ravenstar68
Very Insightful Person
Very Insightful Person

Just a heads up:

Being on those particular blacklists SHOULDN'T stop people sending mail via their own email providers server.  In addition users WILL find themselves on certain lists.

SORBS DUHL
SPAMHAUS PBL

SPAMHAUS ZEN is an aggregate zone which includes SPAMHAUS PBL - Policy Block Lists
                                                                                        SPAMHAUS XBL - XPloit black lists
                                                                                        SPAMHAUS SBL - Spammer Block lists

If you are listed in Spamhaus ZEN then it's best to visit their blocklist removal centre here to find out which you are on.

Spamhaus PBL and SORBS DUHL simply list IP addresses that shouldn't be talking to inbound mail servers.  This includes ALL VIRGIN MEDIA residentiial addresses as well at those of ALL OTHER residential IP addresses.  There are a number of similar Blacklists.  BEING ON THESE IS NORMAL.  I cannot stress that enough.

Being on SPamhaus SBL - or more specifically the CSS component has been known to block email sending (although technically it shouldn't)  These lists show IP addresses that have been seen sending spam.  If you are on those llists, it is a good idea to try and identify the device on your network that's responsible.  NOTE this does not have to be a PC - Amazon Firesticks have been used by spammers to send traffic in the past.

UCE Protelct L1 is similar to Spamhaus SBL.  Note that most of these lists do automatically remove IP addresses once no more spam has been seen.  While UCE Protect has been much maligned, it does do so as well although it takes 7 days to do this.

Tim

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks


@ravenstar68 wrote:

Just a heads up:

Being on those particular blacklists SHOULDN'T stop people sending mail via their own email providers server.  In addition users WILL find themselves on certain lists.

SORBS DUHL
SPAMHAUS PBL

SPAMHAUS ZEN is an aggregate zone which includes SPAMHAUS PBL - Policy Block Lists
                                                                                        SPAMHAUS XBL - XPloit black lists
                                                                                        SPAMHAUS SBL - Spammer Block lists

If you are listed in Spamhaus ZEN then it's best to visit their blocklist removal centre here to find out which you are on.

Spamhaus PBL and SORBS DUHL simply list IP addresses that shouldn't be talking to inbound mail servers.  This includes ALL VIRGIN MEDIA residentiial addresses as well at those of ALL OTHER residential IP addresses.  There are a number of similar Blacklists.  BEING ON THESE IS NORMAL.  I cannot stress that enough.

Being on SPamhaus SBL - or more specifically the CSS component has been known to block email sending (although technically it shouldn't)  These lists show IP addresses that have been seen sending spam.  If you are on those llists, it is a good idea to try and identify the device on your network that's responsible.  NOTE this does not have to be a PC - Amazon Firesticks have been used by spammers to send traffic in the past.

UCE Protelct L1 is similar to Spamhaus SBL.  Note that most of these lists do automatically remove IP addresses once no more spam has been seen.  While UCE Protect has been much maligned, it does do so as well although it takes 7 days to do this.

Tim


It's not normal if they flag them though. Doesn't VM control the PTR record that effectively is being sent to an email server? Is it not something to do with reverse DNS lookup if the IP is flagged by one of the lists? I don't know, but I've not introduced any new devices or stuff to my network, so a sudden spambot or malware now operating would just have coincidentally happened at the same time as switching from one ISP to another and created these issues in the last couple of weeks. I feel if it was malware of some description, then it would have flagged my previous IP too which didn't happen. 

ravenstar68
Very Insightful Person
Very Insightful Person

You need to appreciate how blacklists are normally used.

An email chain can be summarised as this

1.  User writes email and clicks send.
2.  Email client submits the mail server to their ESP's (Email Service Provider) outbound SMTP server
3. ESP transmmits mail to receiving ESP's Inbound SMTP server (Called a Mail Exchanger)
4. Recipient picks up mail using their email client from their ESP.

Mail submission SHOULD nowadays be secured using SMTP authentication and usually takes place on Port 465 or 587 with encryption.
Mail delivery to the Mail exchanger however cannot use authentication and always takes place on port 25 (unencrypted although increasingly using encryption as well).  So they use blacklists to protect those servers.

So lets look at the policy blacklists first - how do they work.

Email servers SHOULD NOT be sitting on residential addresses that are allocated via DHCP (this is because these addresses are subject to change without warning (Virgin Media's IP addresses are very sticky but can change say if there's a resegmentation)

Therefore these IP addresses SHOULD NEVER be talking directly to mail exchangers.

So Spamhaus, SORBS and others contain lists of IP addresses that are allocated via DHCP..  Spamhaus also indicated that they would like to list static addresses that don't run mail servers.

Three lists I am aware of are

SORBS DUHL
SPAMHAUS PBL
Spamrats Dyna

THESE DO NOT LIST SPAM SOURCES - You will be on at least one of these lists if you have a Dynamic IP.

Virgin Media do not block mail submission using these lists.  If you are on these lists - this is normal.

What is not normal is being on a list such as UCE Protect Level 1

These list active sources of spam.  They are also what are known as real time blacklists.  If spam is seen (and some lists won't list on first detection in order to rule out false positives) then the IP address is added.  If spam stops, then the IP address is removed

Lists such as Spamhaus' CSS and Spamcop will usually delist an IP when there have been no detections for 24 - 48 hours.  UCE Protect automatically delists an IP address when no spam is seen for 7 days.

That Virgin Media use blacklisting on mail submission is a great source of ire to me BUT I can't deny that it has helped find compromised hosts.

Tim 

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

ravenstar68
Very Insightful Person
Very Insightful Person

@ST_BOLD14 

BTW You're not completely wrong about rDNS - except that groups like SpamRats, use PTR records to determine the likelihood of an IP address being part of a DHCP range or being managed statically.

A mail server announces itself using it's Fully Qualified Domain Name when connecting to a server.  Thr PTR record of a mail server should match it's FQDN

Take a look at mail.ravenstar.68.co.uk for example:

C:\Users\timdu>nslookup mail.ravenstar68.co.uk
Server: 127.0.0.1
Address: 127.0.0.1#53

Non-authoritative answer:
Name: mail.ravenstar68.co.uk
Address: 51.68.196.229
Name: mail.ravenstar68.co.uk
Address: 2001:41d0:801:2000::1739

Now if you do a reverse lookup of either address

C:\Users\timdu>nslookup 2001:41d0:801:2000::1739
9.3.7.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.1.0.8.0.0.d.1.4.1.0.0.2.ip6.arpa name = mail.ravenstar68.co.uk.

Authoritative answers can be found from:


C:\Users\timdu>nslookup 51.68.196.229
229.196.68.51.in-addr.arpa name = mail.ravenstar68.co.uk.

Authoritative answers can be found from:

This is a far cry from the generic PTR records used for residential IP addresses.  But again this is all about protecting mail exchangers.

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

Hi everyone   I'm hoping that someone here can help me out of the problem I'm experiencing. 

I'm a secretary of 2 groups who support charitable works and as such have to send out multiple group emails. Since Friday  29th July my IP address has been blocked for sending mail  quoting "too many bad emails sent"    I can send emails only if I use data only or log onto next doors wifi.   This happens on my desktop PC, phone , tablet , and laptop , so obviously not a problem at my end.  I've been  bounced around for 3 weeks speaking to different operators  still with no success. On fri 5th August I received a phone call on my mobile consisting of 2 rings and shut off, followed by I ring on my house phone which I managed to answer and spoke hello upon which the phone being cut off very quickly.

This situation is having impact on our charitable works. I dont want to change email address as I have group contacts set up.

Adri_G
Forum Team (Retired)
Forum Team (Retired)

Hi pauljohn22, thank you for posting on our help forum with your issue.

We're sorry to hear of the problems you had with your email account not sending emails out recently, also sorry to see this is ongoing.

Could you please tell us if this issue occurred when sending those directly from your MyVM account online or when using a client software like Outlook?
Also, has our team tried to reach you again over the phone since you last posted here?

Let us know and we're happy to help.

Adri
Forum Team

New around here? Check out the do's and don'ts, in our Community FAQs