Blacklisted ip

#1

I am having problems with email, I was sent an email and it was rejected: [173.203.187.118]:48151 is 550 in
an
RBL: Blocked - see https://www.spamcop.net/bl.shtml?173.203.187.118" (in
reply to RCPT TO command)

I checked mx records and I see this: Checking mydomain.net which resolves to 104.31.64.230 against 104 known blacklists…
Listed 1 times with 2 timeouts
LISTED Suomispam Reputation 104.31.64.230 was listed

how do I resolve this?

0 Likes

#2

That’s usually some homework for the sender, even though spamcop says it is not listed. How ever, this is not Cloudflare related.

  1. is from AOL. They still exist? :thinking:
0 Likes

#3

The IP address blocked and in the URL is 173.203.187.118. Cloudflare doesn’t proxy outbound email ever. That IP address corresponds to Rackspace.

1 Like

#4

Apparently, but not worth anything:


I recommend switching outbound email providers to a service which doesn’t blacklist CDN IP addresses. A bunch of IP ranges from AWS, GCP, Azure, etc. are also blacklisted because it’s simple to get set up and start sending spam email. The only way to fix this is to ask your email host to whitelist you, whitelist CF’s IP addresses, or switch outbound email providers.

1 Like

#5

Thank you, I am being told by my host, Cloudflare is bing blacklisted with this lookup from mx toolbox: Checking mydomain.net which resolves to 104.31.64.230 against 104 known blacklists…
Listed 1 times with 2 timeouts

Blacklist Reason TTL ResponseTime
LISTED Suomispam Reputation 104.31.64.230 was listed

Can you help me resolve this?

0 Likes

#6

To make sure your emails are not blocked by RBLs and similar email blacklist servers, you should set up SPF, DKIM, and perhaps DMARC, as tools to allow email servers to authenticate any messages sent from your domain as being actually sent from your domain. This is a pretty nice (and long) read about why and how to protect your domain with SPF/DKIM/DMARC. Of course you will need to check with your email provider for specific instructions on how to set up SPF policy, DKIM etc. As the article says, it shouldn’t take more than 10 minutes.

The blacklisting of IPs by RBLs is only indicative, and email servers will then decide what to do when any given IP is flagged as spammy. If you have the above policies in place, your chances of being marked spam are reduced, even if your domain is associated with an IP that is flagged. (There may be hundreds of domains associated with the same IP)

1 Like

#7

I can do that, but how do I get off this blacklist?

0 Likes

#8

You don’t. The IP in case does not belong to you, though it’s used to point to your website. But by creating SPF, DKIM, and (more carefully) DMARC, for your domain, you send a signal to mail servers that they tend to take in consideration when mail is sent from your domain, despite the IP being blacklisted.

These blacklists, BTW, are highly dynamic and change all the time. The IPs you mentioned in your original post are both clear now (but may not be tomorrow).

Instead of being worried with specific IPs, check your own domain agains RBLs, and it should improve after you create the SPF/DKIM records.You can google “rbl monitor” to find free monitoring tools that will alert you in case your domain is ever blacklisted.

0 Likes

#9

Thank you, I really appreciate your advise,

According to MX toolbox, 104.31.64.230 is still blacklisted and this is a cloudflare IP.

LISTED Suomispam Reputation 104.31.64.230 was listed Detail

0 Likes

#10

But that’s not the IP where your e-mail originates from; Cloudflare is not an outgoing e-mail provider, only INCOMING web proxy.

The IP that sends the e-mail, and the one that the remote mail server sees, is not the IP of your domain-over-the-web, rather than the IP which originated the connection - YOUR mail server, as @cscharff wrote above - 173.203.187.118. This is the IP that should be removed from the blacklist, and is probably on their owners (Rackspace) to handle this.

OR… many people just go to “e-mail as a service” and pay someone to handle this getting-more-difficult-every-day task instead of them. For example, services like Amazon SES or SendGrid (easier)…

1 Like

#11

To clarify, There are actually 2 problems.

  1. An incoming email was blacklisted at 173.203.187.118. I have contacted the owner of the email at this IP and asked him to check with Rackspace.

  2. My email is blacklisted according to MX toolbox, 104.31.64.230 is still blacklisted and this is a cloudflare IP.
    LISTED Suomispam Reputation 104.31.64.230 was listed. IP 173.203.187.118 has nothing to do with 104.31.64.230

0 Likes

#12

Also, if you have GSuite, you can use Google’s own SMTP relay to send email as if it was sent from Gmail. I’ve never received complaints about emails going to the spam folder.

0 Likes

#13
  1. Incoming mail - you mean to [email protected], yes? If so, OK

  2. Again, 104.31.64.230 is blacklisted, but when you send an e-mail, this is not the IP that the recipient’s mails server sees, rather than something else - probably the IP of the mail server of your hosting company, or the IP of your server (not Cloudflare). In other words - even if you disable Cloudflare right now, and you’ll not see the IP 104.31.64.230 anymore, I believe whatever outgoing e-mails that are blocked, will continue to be.

0 Likes

#14

@shimi I think the issue is this-

The domain resolves to a blacklisted IP address. So the spam filter flags the email.

The anti-spam filter decided to blacklist the CDN IP address since a completely separate (malicious) domain, which happens to use Cloudflare, was sending spam email.

The fault here is that spam filter. It should know better than to blacklist a CDN IP address. And a domain resolving to an IP address shouldn’t be grounds for hitting the domain. I could point my domain to some of the known NK-based IP addresses, and just because my domain now resolves to them doesn’t mean I own or operate those IPs. Nonetheless, the spam filter continues to use this flawed methodology.


Really, as a fix, you should do one, or all of the following:

  • ask your mail provider to drop that spam identification service. It uses a flawed method for spam identification.
  • ask them to whitelist your domain. Get a contract signed or something.
  • switch to an email-as-a-service provider like sendgrid, mailchimp, GSuite (only 10k recipients a day tho), etc. They generally don’t have false flags as bad as blacklisting CDN ips.
0 Likes

#15

@judge, To me it sounds like @rochelle typed the domain into some service that does checks for whatever is input to it, and the input was a domain, and the domain was resolved, and that IP was checked as “how would e-mail originating from that IP look like?” - and not an actual SMTP response from a server that says that it checked the sender’s domain (instead of the IP connecting to it!), and found that it is blacklisted. This, as opposed to the other message that opened the thread, with the link to spamcop, that looks like a message from an SMTP session…

1 Like

closed #16

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

0 Likes