Guys, I have successfully established a domain mccarthy.network, and set up a box on Digital Ocean, 159.65.177.129 two days ago. Everything worked flawlessly until Spamhaus blocked my IP and domain yesterday.
I have requested they clear them and they refused.
What was their reasoning for denying your delist request?
Email showing indications of unsolicited nature;
Broad-spectrum aggregated views of email deliveries;
Having poor list-hygiene;
Sending out bad email due to a compromise (compromised account, webform or CMS);
Other indicators of low reputation or abuse.
Hi Murgero
Here’s what they wrote:
"We have reviewed the CSS listing for 159.65.177.129 and decided that
we will retain that listing at this time. We do not discuss criteria
for inclusion in CSS, however it includes many factors. Your IP address
matches several of those criteria.
CSS listings expire over time, so if our systems do not see your
IP address for a while it will drop out of CSS zone. Many factors which
affect your IP’s reputation may also change over time, so by
engaging in good reputation practices it will eventually drop out of
CSS."
I have sent about ten messages to myself at most. So it can’t be a behavior issue (I think).
how many users do you have in your server?
Age of the server?
Age of the domain name?
Age of the ip address?
Do you have mobile & pc clients for email?
What PC do you have and what OS?
Mobile client and mobile OS version?
If some of the info requested is too personal feel free to PM me or omit the answer to the question(s).
Thanks Murgero
Nothing personal here. I appreciate your attention.
Age of the server? 3 days
Age of the domain name? 3 days
Age of the ip address? Assigned to me 3 days ago
Do you have mobile & pc clients for email? webmail and iphone
What PC do you have and what OS? Mac 10.13.3
Mobile client and mobile OS version? iOS Mail 11.2.6
Ah it’s possible the previous owner of the IP Address was blacklisted for malicious reasons (hence why spamhaus wont just delist like they normally do)
Getting a new IP will resolve this immediately or you can wait it our a few more weeks for SH CSS to auto-remove your IP.
Their documentation says take a snapshot and rebuild and destroy. I have a ticket open because that doesn’t guarantee a clean IP. Could be the same outcome. Waiting for them for a couple of hours now to respond…
I’m also experiencing the exact same issue with Spamhaus. The server is about 3 days old so I’ll wait it out and see if they automatically remove me from their blocklist.
@brendanmcc did you end up resolving your issue by waiting or obtaining a new IP?
VPS provider is Contabo. The Spamhaus lists are the CSS list (IP) and DBL list (domain). I requested removal as the FAQ said “It allows fast, no-questions-asked removals” but the reply was:
We have reviewed the CSS listing for 62.171.161.217 and are retaining that listing
at this time. We do not discuss criteria for inclusion in the CSS. However,
it includes many factors. This IP address matches several of those criteria.
CSS listings expire over time, so if our systems do not see this behaviour
from this IP address for a while it will drop out of CSS zone. Many factors
which affect this IP’s reputation may also change over time, so by engaging
in good reputation practices it will eventually drop out of CSS.
Can you think of any reason why a fresh MIAB server would be listed on Spamhaus? As far as I know (this is my first MIAB server) the install is standard on Ubuntu 18.04. It is serving email for a different domain which I’ve recently moved away from gmail.
Maybe it is just because it is a new domain? I’ve just read the following:
Domain reputation
Reputations are built over time, and building a good reputation takes longer than building a bad reputation.
Experience has shown that an unknown reputation has a much higher risk of emitting spam than known-good domains, so unknown reputations begin as “poor” by default.
Anonymity does not contribute to a good reputation.
Domain and IP reputations affect each other.
If domains are used in legitimate traffic for enough time to establish a good reputation, DBL will notice that and remove the listing.
DBL will also notice if domains are used for activities that cause poor reputations, such as spam or other “blackhat” pursuits.
I’ve bolded the two parts which if I understand correctly indicate that if I continue to send legitimate email my domain’s reputation should increase (slowly) and once over a threshold will trigger removal from the blacklist.
Just curious – when you requested removal did you specifically state (or even have an option to) that you had just been assigned the IP in question, and had to affiliation with whomever in the past may have used it? Sometimes this help …
That is indeed possible as your further research discovered. Though it may be a ‘new’ domain to you, has the domain been registered before? The previous registrant may have been using the domain for spamming … also which tld is the domain on? Many of the newer less expensive domains are looked at less favorably as spammers flock to them due to the low price … i.e. .monster, .top, .xyz, .info, etc.
Just curious – when you requested removal did you specifically state (or even have an option to) that you had just been assigned the IP in question, and had to affiliation with whomever in the past may have used it?
I don’t think there was an explicit option for that but there was the opportunity to write whatever I wanted in a text box. I remember explaining that it was a new server but I don’t think I explained it was on a ‘re-used’ IP address. It’s entirely possible a human didn’t look at the request.
I checked the blacklists today and everything is now looking good, the domain and IP aren’t on any lists. So it does appear to have been either the re-use of an IP that was previously marked down in the Spamhaus database or simply the ‘freshness’ of the domain on that IP that hadn’t built up any history yet.
