Bobcares

Prevent SpamHaus PBL (Policy Block List) blacklisting in web hosting servers

by | Feb 4, 2017

554 5.7.1 Service unavailable; Client host [203.0.113.XXX] blocked using zen.spamhaus.org; https://www.spamhaus.org/pbl/query/PBL289647
554 mysev mysmtp 203.0.113.XXX is on the Spamhaus PBL Please visit: http://www.spamhaus.org/query/bl?ip=203.0.113.XXX

If you’ve received one such error message, you are not alone. Mail bounces due to SpamHaus PBL blacklisting is a common issue faced by web hosts around the world.

Our engineers see these errors everyday in their role as Outsourced Support Specialists for web hosting providers. And we’ve seen perfectly legitimate business mails sent from clean servers tagged as spam by the SpamHaus Zen composite block list.

To make matters worse, de-listing an IP in SpamHaus PBL is at best a temporary fix, and at worst – impossible. Sr. Support Engineer Rai Dhaman explains:

“We see 2 kinds of PBL bounce errors. One where the email user’s laptop, mobile or residential IP is block listed, and the second where the web hosts’s server IP is listed. As we’re the hosting support team, we cannot de-list the email user’s residential IP. As for server IPs, even if we de-listed the IP, it often gets back on the block list.”

Over time, our engineers have found effective ways to delist and prevent blacklisting in SpamHaus PBL. To know how, we need to first look at what exactly is this “Policy Block List”.

What is SpamHaus Policy Block List (PBL)?

The PBL is a list of all IPs that are not likely to be legitimate mail servers hosted by mail service providers. Bobcares Support Engineer Sambhu Prakash explains:

“When you or me send a mail using a laptop, the mail first goes to an ISP’s (or hosting provider’s) mail server, and then to the recipient. In contrast, a virus infected home PC by-passes the mail server, and sends millions of spam directly to recipients. SpamHaus found that almost all mails coming from non-server IPs such as home PC, laptops, etc. are spam. PBL is a collection of all such residential IPs.”

SpamHaus PBL residential IPs sending mail

To make the PBL, SpamHaus compiled a list of IPs that are assigned to cable operators, mobile service providers, and generally any IP that’s used by end-user devices such as PCs, laptops and mobiles.

So then why are clean mails blocked?

[ Use your time to build your business. We’ll take care of your customers. Hire Our Hosting Support Specialists at $9.99/hr. ]

Why does PBL block legitimate mails and clean servers?

Legitimate mails are blocked in two situations. One, when the mail user do not authenticate while sending mails, and two, when the mail server IP previously belonged to a residential connection.

“Mail servers recognize a valid user through a valid username and password.” says Sambhu Prakash, “When a setting called ‘SMTP authentication’ is not enabled in mail clients, the mail servers do not recognize the user. At this point, the PBL says the IP is a residential IP. So the mail server puts 2 and 2 together, and tags the mail as spam.”

The second case is when an ISP or hosting provider takes an IP that was previously a residential IP, and uses it for mail servers.

“Many data centers have both residential internet services and hosting services” Rai says. “When web hosting providers ask for a new IP block, they’re some times given IPs that were used in cable services before. PBL has these “residential IPs” in their list. So, if these IPs are used in mail servers, mails from these servers will bounce.”

So, what’s the solution?

Resolving SpamHaus PBL bounce if it’s not the Server IP

Many web hosting users approach support desk with a bounce message such as this:

spamhaus pbl bounce message

And a corresponding log entry in the mail server would look like this:

554 mysev mysmtp 72.35.XXX.XXX is on the Spamhaus PBL Please visit: http://www.spamhaus.org/query/bl?ip=72.35.XXX.XXX

This is caused when the mail server uses SpamHaus Zen as an anti-spam tool, and when the email user does not use SMTP authentication to send mail.

Rai explains, “Many web hosts use SpamHaus Zen to block spam mails. But the flip side is that, if valid customers do not use SMTP authentication, their IPs would be detected as residential IPs, and their mails would be tagged as spam.”

There are 2 ways to deal with this.

  1. To help mail users enable SMTP authentication in their mail clients each time they open a support request.
  2. To enforce SMTP authentication as the ONLY way to send mails.

We’ve seen that the second method is the most effective and painless route.

“We advice web hosts to configure their mail servers such that only authenticated mails are accepted.” says Sambhu, “In that way, we bring a behavior change in the email users, where they enable SMTP authentication while subscribing to the hosting service. It prevents such PBL bounces down the lane.”

[ Running a hosting business doesn’t have to be hard, or costly. Get world class Hosting Support Specialists at $9.99/hour (bulk discounts available) ]

De-listing mail server IP from SpamHaus PBL

When web hosts request a new IP from the data center, they’re sometimes assigned an IP subnet that was previously used for residential internet services. These IPs would be listed in PBL, and mails sent using these IPs would be blocked the world over.

In this case, there are two things to be done:

  1. Setup a reverse DNS for the IP with the name of the server. The server name should resolve back to the IP as well.
  2. Request a PBL de-listing.

Once the rDNS is setup, the PBL delist request can be submitted. The de-list screen looks something like this:

spamhaus PBL delist

A valid business email ID is required to request a de-listing. Then the IP should be marked as “static” and the purpose should be marked as “Mail server”:

SpamHaus PBL delist

The de-listing should happen within a few days.

But here’s the important part. This de-listing is not permanent. The mail server IP could end up back in the PBL after a few months when the block list is reloaded. So, additional steps need to be taken to prevent this from happening.

[ You don’t have to lose your sleep to keep your customers happy. Our Hosting Support Specialists cover your servers and support your customers 24/7 at just $9.99/hour. ]

Preventing mail bounces due to SpamHaus PBL listing

Yes, it is important to quickly react to a PBL blacklisting issue, but we believe in preventing such issues altogether, which is why our support engineers follow a three step strategy to prevent PBL bounces.

  1. Enforcing SMTP authentication in mail servers : At the time of signup, if a web hosting customer knows that mail can be sent only using SMTP authentication, they’ll set it up right the first time. Our engineers prevent a lot of support tickets and customer by enforcing SMTP auth as the ONLY way to send mails.
  2. Pre-screening IPs for PBL listing before assigning them as mail servers : When our customers [web hosts] receive a new IP from the data center, our engineers look it up in the PBL before it’s assigned to VPSs or dedicated servers. If it’s found in the PBL, it is de-listed, and reverse DNS is added to make it a fully functioning mail sever IP.
  3. 24/7 monitoring of block lists to make sure IPs are not re-listed : We monitor the all the IP block lists round the clock to make sure our customer’s IPs are not listed. If an IP gets listed, we’d be the first ones to know, and we’d get it de-listed before email users are affected.
  4. Subscribe to block list alerts : Many block lists such as SpamHaus allow IP owners to be notified of a new listing. We subscribe to all such lists, and take prompt action in case one of the server IPs are listed as a spam source.

“Constant vigil is the price of a perfect email service,” says Rai. “We are always on the look out for trouble, and find ways to not just resolve, but to prevent service errors. That’s the only way to make sure that not a single mail is affected by issues such as SpamHaus PBL blocks. “

 

STOP SPENDING TIME ON SUPPORT!

Do you spend all day answering technical support queries?

Wish you had more time to focus on your business? Let us help you.

We free up your time by taking care of your customers and servers. Our engineers monitor your servers 24/7, and support your customers over help desk, live chat and phone.

HIRE SUPPORT SPECIALISTS AT $9.99/HR

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.