Проверить ip адрес на черный список

Companies

The Spamhaus Project consists of a number of independent companies which focus on different aspects of Spamhaus anti-spam technology or provide services based around it. At the core is The Spamhaus Project Ltd., which tracks spam sources and publishes free DNSBLs. Further companies include Spamhaus Logistics Corp., which owns the large server infrastructure used by Spamhaus and employs engineering staff to maintain it. Spamhaus Technology Ltd., a data delivery company which «manages data distribution and synchronization services». Spamhaus Research Corp., a company which «develops anti-spam technologies». The Spamhaus Whitelist Co. Ltd., which manages the Spamhaus Whitelist. Also there are several references on the Spamhaus website to The Spamhaus Foundation, whose charter is «to assure the long-term security of The Spamhaus Project and its work».

Wayne Parslow

EVP International

Wayne Parslow serves as Executive Vice President of Validity for International and is building a world-class sales and go-to-market team to maximize Validity’s opportunities across the UK & Ireland, EMEA, LATAM and APAC. In addition to general management, he is responsible for the development and execution of business plans, go-to-market programs, sales management, strategic partnerships, and public representation for the International markets, and to develop the business at least in line with the aspirations of the US domestic market.

For over 25 years, Wayne has been successfully building, scaling and restructuring international companies in various industries, including document and workflow management, integration and interoperability, web application development, security, access management, eCommerce, business process management and the application of open source and open standards.

Prior to Validity, he served as head of European, Middle Eastern and African markets for global digital identity company, ThreatMetrix.

Wayne received his Bachelor of Science in Applied Science from Kingston University.

How it works

This template utilizes External Checks. The script “check_dnsbl.sh” is run with parameters for the hostname of the server you wish to check and which DNSBL you wish to check against. It simply returns “0” if the server is not listed and “1” if it is.

The template has 5 pre-made items and corresponding triggers. The items should be pretty self-explanatory. Example: check_dnsbl.sh

You can change the existing DNSBL servers in the template or add your own, although the ones already added should cover most users quite well.

“{HOST.DNS}” is a macro that uses the DNS name you have specified for your hosts on their interfaces. The script requires the use of DNS names for it to function, however the script and template can be modified to use IP addresses instead. I wouldn’t recommended this though, since not using hostnames is bad practice anyway.

The default DNSBL’s used are:

• b.barracudacentral.org – A free DNSBL of IP addresses known to send spam
• bl.spamcop.net – The SCBL is a fast and automatic list of sites sending reported mail, fueled by a number of sources, including automated reports and SpamCop user submissions.
• cbl.abuseat.org – The CBL only lists IPs exhibiting characteristics which are specific to open proxies of various sorts (HTTP, socks, AnalogX, wingate, Bagle call-back proxies etc) and dedicated Spam BOTs (such as Cutwail, Rustock, Lethic, Kelihos etc) which have been abused to send spam, worms/viruses that do their own direct mail transmission, or some types of trojan-horse or “stealth” spamware, dictionary mail harvesters etc.
• dnsbl.sorbs.net – The SORBS (Spam and Open Relay Blocking System) provides free access to its DNS-based Block List (DNSBL) to effectively block email from more than 12 million host servers known to disseminate spam, phishing attacks and other forms of malicious email.
• zen.spamhaus.org – ZEN is the combination of all Spamhaus IP-based DNSBL’s into one single powerful and comprehensive blocklist to make querying faster and simpler. It contains the SBL, SBLCSS, XBL and PBL blocklists.

You can find additional ones at: www.dnsbl.info

DNSBL queries

As an example, when a mail server receives a connection from a client, and wishes to check that client against a DNSBL (let’s say, dnsbl.example.net), it does more or less the following:

1. Take the client’s IP address—say, 192.168.42.23—and reverse the order of octets, yielding 23.42.168.192.
2. Append the DNSBL’s domain name: 23.42.168.192.dnsbl.example.net.
3. Look up this name in the DNS as a domain name (“A” record). This will return either an address, indicating that the client is listed; or an “NXDOMAIN” (“No such domain”) code, indicating that the client is not.
4. Optionally, if the client is listed, look up the name as a text record (“TXT” record). Most DNSBL’s publish information about why a client is listed as TXT records.

Looking up an address in a DNSBL is similar to looking it up in reverse-DNS. The differences are that a DNSBL lookup uses the “A” rather than “PTR” record type, and uses a forward domain (such as dnsbl.example.net above) rather than the special reverse domain in-addr.arpa.

How could my servers end up in the database of a DNSBL?

You can end up becoming blacklisted in any number of ways. Spam being sent from an improperly secured SMTP server. Misconfigured proxy services that are open to relaying. Compromised systems that are used in botnet networks. Hostile users on your company network. Unfortunately, the list goes on and on.

Chris Bryan

VP Sales – EMEA

Chris Bryan serves as Vice President of Sales for the UK & Ireland at Validity International managing Validity’s go to market efforts in the region.

Chris brings 27 year’s experience working for technology companies predominantly SaaS based Software Companies. Chris is passionate about enabling everyone to make better fact based, data driven decisions coming from the Business Intelligence and Visual Analytics space (Qlik, Business Objects (SAP), Crystal Decisions) building and developing highly successful Sales & Business Development teams.

Chris is passionate about Sales Best Practice to deliver positive outcomes with excellent service for our customers and supporting his teams personal and professional growth.

Gary Hall

Chief Financial Officer

Gary Hall serves as the Chief Financial Officer for Validity. Gary has over 20 years of experience leading finance and operational teams at high-growth, technology companies and helping these companies generate significant shareholder value through public and private offerings and successful exits.

Prior to joining Validity, Gary was the Chief Financial Officer of Casa Systems, Inc., a provider of ultra-broadband solutions for mobile, cable, fixed and converged service providers, and helped lead the company through significant growth, culminating in an Initial Public Offering in 2017. Prior to Casa System, Gary was the Chief Financial Officer of eCopy, a provider of document management solutions, which was sold to Nuance Communications in 2009. Gary was also the Controller and then Chief Financial Officer of MatrixOne, a product life-cycle management software company, and he helped lead the company’s Initial Public Offering in 2000 and the sale of the Company to Dassault Systems in 2006. Gary is a Certified Public Accountant and worked at Deloitte, a multinational professional services firm.

Gary holds a M.S. degree in Finance from Bentley University and a B.S. degree in Accounting from Southern New Hampshire University.

Last listed entries found

Lily Cua Willess

VP – Strategy & Corporate Development

As Vice President of Strategy & Corporate Development, Lily is responsible for developing and executing cross-organizational strategies that drive scale and growth for Validity.

Lily started her career as a consultant at PwC, and has since moved into high-growth technology startups where she has held various leadership positions at industry-leading SaaS companies. Prior to Validity, Lily ran Strategic Partnerships for Optoro – a VC-backed reverse logistics company – where she was responsible for the company’s channel revenue and network of distribution partners. Before that, she was the Co-Founder and COO of Aspire – a tech-enabled employee engagement company – where she managed all business strategy and operations. Aspire was acquired by Raffa, P.C., now a part of Marcum LLP.

Lily graduated Summa Cum Laude from Georgetown University with a BSBA in Finance and Chinese. Hoya Saxa!

Derek Swaim

EVP Corporate Development

Derek Swaim serves as Executive Vice President of Corporate Development for Validity and is responsible for all aspects of corporate development strategy and execution.

Derek brings more than 20 years of corporate transaction experience to Validity. He has advised leading private equity and founder-owned technology companies on domestic and cross-border strategic M&A, leveraged buyouts, and growth equity recapitalizations. Prior to Validity, Derek was a Managing Director at Aeris Partners, a provider of M&A advisory services to software, digital media, and business information companies. Derek also held investment banking positions at Harris Williams, Broadview International, and Goldman Sachs.

Derek has an AB in Economics from Harvard University and an MBA from Dartmouth’s Tuck School of Business.

Brian Winters

VP – Global Strategic Partnerships

Brian Winters brings nearly 20 years’ experience in the marketing technologies field to Validity and has worked for many marketing technology software companies including ExactTarget, Salesforce, and Movable Ink.

He has held positions in Sales, Sales Leadership, Operations, Strategy, and Partnerships. He has provided tactical execution strategies or program deployment guidance for organizations such as Intel Corporation, Motorola, and 3M amongst many others. He is truly passionate about the positive impact that a well-designed, deployed, and executed partner program can bring to an organization and is considered to be a thought leader in the development of indirect sales channels within the SaaS industry.

At Validity, he leads our efforts to develop programs that empower partners to best leverage Validity technology and solutions for our customers.

Критерии доставки писем адресату

Итак, когда мы начинаем рассылку информации, мы используем IP своего интернет-провайдера. Если мы делаем рассылку с помощью специального сервиса – используется их протокол. И именно ай пи может пустить под откос даже самую крутую рекламную компанию, на разработку которой ушли месяцы работы. Давайте разберемся почему.

После отправления, письмо проходит через спам-фильтры, которые решают, дойдет ли письмо адресату. При этом спам-фильтры ориентируются на рейтинг отправителя и содержание сообщения. Именно поэтому, запомните, чем чище ай пи, тем выше рейтинг и тем больше вероятность что отправленное письмо попадет во входящие сообщения, а не блеклисты. Если рейтинг высокий, спам-фильтр вообще не заморачивается и не «вычитывает» письма, а просто дает добро на отправку.

Tunc Bolluk

Vice President APAC

Tunc Bolluk is Vice President, APAC for Validity. He is responsible for leading sales and for overseeing general management of the region for the company. Tunc brings his extensive regional experience in the digital sector to support Validity’s clients across their marketing, sales, data & CRM business units.

For over 20 years, Tunc has worked in general management roles in sales, channel/alliance management, and client services. He has extensive experience leading and mentoring sales teams and executing strategic business plans within the Cloud/SaaS, digital, big data and the ad-tech space.

Tunc holds a Bachelor of Computer Science from Macquarie University.

Helen Parslow

VP Marketing, International

Helen Parslow serves as Vice President of Validity for International managing a world class go-to-market team to maximize Validity’s opportunities across the UK & Ireland, EMEA, LATAM and APAC.

Helen is a seasoned marketing leader who is passionate about building brands and is experienced in developing and executing insights-driven marketing plans and World class event presence that span both our global and international marketing initiatives.

Prior to Validity, she served as Head of Marketing and Business Development at Medeanalytics, EMEA. Marketing data solutions for healthcare unlocking the value of data for better patient outcomes.

Helen received her BA (Honours) Business studies degree from Nottingham Trent University.

What is the CBL?

The CBL only lists IPs exhibiting characteristics which
are specific to open proxies of various sorts (HTTP, socks, AnalogX,
wingate, Bagle call-back proxies etc) and dedicated Spam BOTs
(such as Cutwail, Rustock, Lethic, Kelihos, Necurs etc) which
have been abused to send spam, worms/viruses that do their own direct
mail transmission, or some types of trojan-horse or «stealth»
spamware, dictionary mail harvesters etc.

The CBL also lists certain portions of botnet infrastructure, such
as Spam BOT/virus infector download web sites, botnet infected machines,
machines participating in DDOS, and other web sites or name servers
primarily dedicated to the use of botnets.
Considerable care is taken to avoid listing IP addresses that are shared
or are likely to be shared with legitimate use, except in the
case of infector download websites, phish emission or DDOS.

The CBL does NO probes. In other words, the CBL
NEVER makes connections to other machines to «test» anything.

The CBL does NOT test for nor list open SMTP relays.

The CBL only lists individual IPs, it NEVER lists ranges.

The CBL does NOT care whether an IP is dynamic (NAT, PAT,
TOR, VPN etc) or not,
if connections the IP makes indicate that it’s infected, it is
listed regardless.
Further details:

• NAT Listing Policy
• TOR/VPN/proxy Listing/delisting Policy.

The CBL does NOT attempt to associate IP addresses to
persons or organizations, and furthermore, a CBL listing
should NOT be construed as accusing anyone of spamming —
virtually all listees are the victims of a virus or other compromise, not
deliberately spamming.

The CBL does NOT accept external submissions for listing.
Hence it is not possible for the CBL to be used as an instrument of
revenge (eg: «disgruntled ex-employee» or «competitor»).

It does not attempt to list every possible spam source.

This list is based on information believed to be reliable. No
warranty is made that it is accurate or complete…. Use entirely at
your own risk.

There is no supporting data or «evidence» file available for any given
listing, and no mechanism to ask why any given listing took place. To
counteract this, there is an automated no-questions-asked removals
procedure allowing any affected party to delist a specific IP address
rapidly. However, delisted IPs are relisted if new evidence of spam
activity is subsequently detected.

Entries automatically expire after a period of time. The approximate
detection time of a specific entry can be obtained from the web
interface.

Elaine Ginsberg

VP – Sales Operations

Elaine Ginsberg serves as Vice President Sales Operations. Elaine brings over 25 years of operations, sales and product experience to Validity. She has a solid track record building organization infrastructure and executing programs utilizing process, technology and employee engagement to drive rapid growth.

Prior to Validity, Elaine served as SVP Customer Operations & Success for ABILITY Network, a leading healthcare technology company, recently acquired by Inovalon; and held leadership roles with Vitera Healthcare Solutions, Sage Healthcare and Emdeon.

Karen Friedrich

VP – Enterprise & Channel Sales, Americas

Karen Friedrich serves as Vice President of Enterprise and Channel Sales for North America. With over 15 years’ experience in enterprise software sales and strategy, Karen has a track record of success in both the private and public sector markets including sales management, product strategy, marketing, channel management, and solution deployment. Karen brings an entrepreneurial drive, strong relationship development skills, and credibility gained through sales and operational experience.

Prior to joining Validity in 2018, Karen served as VP of Channel Sales at MedeAnalytics, Inc. a leading analytics company for providers and payers, and held sales leadership roles at Harris Corporation, Carefx Corporation, and WebMD.

Instructions – Are your servers Blacklisted?

1. First, head over to Zabbix Share to fetch the template and script.
2. Copy “check_dnsbl.sh” to your Zabbix Servers and Proxies and place it in “/usr/local/share/zabbix/externalscripts” *
   1. * Check your server and proxy configuration file for the correct folder, look for the tag “ExternalScripts”
3. Make the script executable: chmod +x /usr/local/share/zabbix/externalscripts/check_dnsbl.sh
4. Create the following value map (Administration -> General -> Value mapping: Create value map)
   1. Name: IP Blacklist
      0 -> Not listed
      1 -> Listed
5. Import the template and assign it to your host(s).

If you run into trouble executing the script, here’s an excerpt from the Zabbix Wiki:

Script: check_dnsbl.sh

#!/bin/bash

if ]; then
    echo "Usage: ./${0##*/} <hostname> <blacklist service>"
    exit 1
fi

# Retrieves A record for hostname ($1)
HOSTLOOKUP=`host -t a $1`

# IP address validity check
if ]} =~ ^{1,3}\.{1,3}\.{1,3}\.{1,3}$ ]]; then
    echo "Could not resolve a valid IP for $1"
    exit 1
fi

# Converts resolved IP into reverse IP
REVIP=`sed -r 's/(+)\.(+)\.(+)\.(+)/\4.\3.\2.\1/' <<< ${HOSTLOOKUP##*]}`

# Performs the actual lookup against blacklists
if host -W 2 -t a $REVIP.$2 >/dev/null 2>&1; then
    ((listed++))
    echo $listed
else
    echo "0"
fi

exit 0

CBL listing diagnosis

Knowledge base on how to investigate persistent
listings:

1. First, use the lookup page to look up your
   IP address.
   In a number of cases, you will get specific information related to your
   listing, and you should follow those instructions first.
   The following is more general instructions.

2. We’ll say that again: ALWAYS use our
   lookup page before doing anything else.

3. If this IP address is that of a Network Address Translation (NAT),
   or Port Address Translation (PAT) firewall, router or gateway,
   click here, and carefully follow
   the instructions.
   Insecure NATs are probably the leading cause of ALL CBL listings.

4. If this IP address is your personal computer, you must carefully check your machine
   for viruses, spyware, adware, open proxies and trojans and remove them.
   More information on scanning

5. If this IP is dynamically allocated, click here

6. If you have a wireless network/hub, see the same
   link as above.

7. If this IP address is really that of your mail server,
   click here

Don Williams

EVP – Sales, Americas

Don Williams serves as Executive Vice President of Sales for Validity. With over 25 years in the healthcare technology industry, Don has a track record of creating, restructuring, and motivating organizations to consistently exceed sales, financial and operational goals.

Don is focused on client services for the firm, as well as creating a positive culture of accountability, developing and executing growth strategies, and monitoring business operations with attention to cost efficiency.

Prior to Validity, Don served as the SVP of Operations for MedeAnalytics Inc., a leading healthcare analytics company for providers and payers.

Don received his Bachelor of Science in Business Administration from the University of Alabama in Huntsville. He also received his Six Sigma Green Belt Certificate from Villanova University.

Mark Briggs

Chairman & CEO

Mark Briggs serves as Chairman and CEO of Validity. He has over 20 years of experience building and leading high-growth technology companies with a strong track record of generating exceptional shareholder value. Most recently, he served as
CEO of ABILITY Network, a company he grew from <$10m to over $120m in revenue in four years. ABILITY was recently acquired by Inovalon (NASDAQ:INOV) for $1.2 Billion.

Prior to ABILITY, Mark held executive leadership positions at Carefx Corporation, at NaviNet, was the President of MPI Solutions at QuadraMed Corporation, and served as the Chairman and CEO of LinkSoft Technologies, a company that he
founded.

Mark holds a Master’s in theoretical physics and a Bachelor’s degree in physics, both from Dartmouth College.

Что влияет на репутацию IP

Итак, основными причинами попадание IP в блеклисты являются:

1. — Количество рассылок с одного сервера,
2. — Много жалоб и банов на рассылки отправителя,
3. — Целенаправленная рассылка спама,
4. — Нарушение негласных правил поведения в сети интернет,
5. — Если в письме присутствуют ссылки на те домены, которые уже занесены в черные списки,
6. — Неправильно оформленный текст с точки зрения спам-фильтра.

Бывает так, что вы чисты и придраться не к чему, а ваши письма все равно оказываются в спам-базе. В этом случае есть вероятность, что вам достался «плохой» IP или сервер получил IP из черного списка. Часто такое бывает, если вы пользуетесь виртуальными сервисами рассылок, а не профессиональными, где используется выделенный ай пи.  Советуем использовать только профессиональные рассыльщики.

Charlie Ungashick

Chief Marketing Officer

As Chief Marketing Officer, Charlie brings to Validity extensive marketing and sales expertise and a successful track record driving technology companies to growth. Previously, he served as CMO at Applause, PTC (NASDAQ: PTC), and Globoforce, as well as earlier roles in sales, marketing, and product management. Charlie’s deep experience in tech spans both established enterprise software and emerging SaaS-based companies, including participation in two successful IPOs.

Charlie earned a Bachelor of Arts in Political Science and French from Fordham University and a diploma with honors from the Université Paris-Sorbonne.

Anti-spam lists

The Spamhaus Block List (SBL) targets «verified spam sources (including spammers, spam gangs and spam support services).» Its goal is to list IP addresses belonging to known spammers, spam operations, and spam-support services. The SBL’s listings are partially based on the index of known spammers.

The Exploits Block List (XBL) targets «illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, virus-infected PCs & servers and other types of trojan-horse exploits.» That is to say it is a list of known open proxies and exploited computers being used to send spam and viruses. The XBL includes information gathered by Spamhaus as well as by other contributing DNSBL operations such as the Composite Blocking List (CBL).

The Botnet Controller List (BCL) was released in June 2012 and is a list of IP addresses. It lists IP addresses of which Spamhaus believes to be operated by cybercriminals for the exclusive purpose of hosting botnet Command&Control infrastructure. Such infrastructure is commonly used by cybercriminals to control malware infected computers.

The Domain White List (DWL) was released in October 2010 and is a whitelist of domain names. The DWL enables automatic certification of domains with DKIM signatures. Only verified legitimate senders with clean reputations are approved for whitelisting and there are strict terms to keeping a whitelist account.

Spamhaus also provides two combined lists. One is the SBL+XBL and the second is called ZEN, which combines all the Spamhaus IP address-based lists.

Register of Known Spam Operations

The Spamhaus Register of Known Spam Operations (ROKSO) is a database of spammers and spam operations who have been terminated from three or more ISPs due to spamming. It contains publicly sourced information about these persons, their domains, addresses and aliases.

The ROKSO database allows ISPs to screen new customers, ensuring that ROKSO-listed spammers find it difficult to get hosting. A listing on ROKSO also means that all IP addresses associated with the spammer (his other domains, sites, servers, etc.) get listed on the Spamhaus SBL as «under the control of a ROKSO-listed spammer» whether there is spam coming from them or not (as a preemptive measure).

There is a special version of ROKSO, available to Law Enforcement Agencies, containing data on hundreds of spam gangs, with evidence, logs and information on illegal activities of these gangs, too sensitive to publish in the public part of ROKSO.

Don’t Route Or Peer list

The Spamhaus Don’t Route Or Peer (DROP) List is a text file delineating that have been stolen or are otherwise «totally controlled by spammers or 100% spam hosting operations». As a small subset of the SBL, it does not include address ranges registered to ISPs and sublet to spammers, but only those network blocks wholly used by spammers. It is intended to be incorporated in firewalls and routing equipment to drop all network traffic to and from the listed blocks. The DROP webpage FAQ states the data is free for all to download and use. In 2012 Spamhaus offered a BGP feed of the same DROP data.

Как попасть в списки Spamhaus, не рассылая спам +15

• 22.05.15 09:36

•
mindego
•
#258535
•
Хабрахабр

•

•

10584

Хостинг

Незапрошенная корреспонденция (СПАМ), несомненно, стала неотъемлемой (увы!) частью современной сети Интернет. Конечно же со спамом можно (и нужно!) бороться, но методы такой борьбы могут быть различными. Можно бороться со спамом на этапе отправки писем, можно на этапе получения. При получении писем их можно фильтровать различными способами — проверка SPF, DKIM, спам-листы. Вот о последнем, а именно о спам-листах Spamhaus я и хотел бы написать.
В принципе, спам-листы являются полезным изобретением — их использование действительно позволяет отсеять значительную часть спама. Однако, такие листы имеют смысл лишь если в них есть актуальная информация. Вот тут-то и начинаются проблема.
Существует такая организация как Spamhaus, спам-листы от которой являются весьма популярным и, более того, некоторые реестры доменных зон принимают данные из этих списков как основание для блокировки домена. Тем не менее подходы Spamhaus несколько удивляют.
К примеру, IP адрес может попасть с спам-листы, даже если с него в принципе не отправлялось ни одного письма. Справедливости ради стоит отметить, что обычно это всё же связано тем или иным образом с сомнительной деятельностью, но при виртуальном хостинге попадание IP адреса с такой список влияет на всех пользователей этого хостинга, включая добросовестных, которых обычно большинство.
Несколько лет назад при таком внесении Spamhaus предоставлял достаточные доказательства с заголовками письма, но не так давно подход изменился. Теперь такое внесение Spamhaus производит не только при обнаружении рассылки спама, но и при обнаружении ботнет-контроллеров, однако доказательства весьма лаконичные. К примеру, в одном из SBL (http://www.spamhaus.org/sbl/query/SBL194743) доказательством такой деятельности был открытый 6522 порт, но был ещё SBL194500 (сейчас, правда, уже удалённый) где порт был 443 и всё доказательство заключалось в подключении к этому порту при помощи telnet.
Таким образом, для попадания в спам-листы достаточно чтобы _один_ клиент разместил ботнет-контроллер (которым последнее время является просто php скрипт). Даже если предоставляющий виртуальный хостинг провайдер непримиримо относится к рассылке спама, он всё равно рано или поздно попадёт в спам-листы Spamhaus и узнает об этом лишь после множественных обращений к нему его клиентов с вопросами вида «почему моя почта теряется». Существует, правда, услуга «DNSBL Datafeed», которую предоставляет Spamhaus и она позволяет получить информацию о внесении в листы несколько раньше, но эта услуга, естественно, платная.