My site has been blacklisted due to Cloudflare sharing "webmailtcs.xyz" on the same server


#1

Hi everyone,

I’m sorry in advance that I have next to no idea what I’m talking about! :man_shrugging:t2:

I am unable to send an email to a client as my site has been apparently blacklisted (see email message below). I have chatted to the support staff of Siteground who have helped me understand that it may be due to sharing the same cloudflare DNS as a reported malicious site “webmailtcs.xyz”

Could this be the case? Do I have to stop using cloud flare in order to get myself off the blacklist? Or could cloudflare investigate webmailtcs.xyz and take them off the server if they are affecting other clients? I don’t realistically expect that to happen, but would be sad to have to leave cloud flare because of them.

Thank you anyone has paid attention this far and is willing to help!!

Message not delivered

There was a problem delivering your message to **** . See the technical details below, or try resending in a few minutes.

521 A URL in the email resolved to a blacklisted IP: 521 The IP 104.28.8.47 is Blacklisted by cbl.abuseat.org. locked - see http://www.abuseat.org/lookup.cgi?ip=104.28.8.47 — --- .


Cloudflare IP is blacklisted by SPAMHAUS
#2

That a braindead way for an organization to blacklist email. They should know better than to lump you in with other sites on shared hosting.

abuseat incorporates an infuriating Google captcha I can’t pass, so I can’t see how they recommend you getting off that blacklist.

There’s nothing Cloudflare can do about this, so your next step would be to contact a postmaster at the destination host.

What does help with email delivery is to set up some anti-spam verification:
https://dmarcian.com/domain-checker/


#3

I’m not seeing an SPF, DMARC or MX records for that domain and you’ll want to fix that ASAP before anything changes. Also, you’ll want to check the IP of the actual server that’s sending the mail assuming it’s your webhost as that’s the IP actually sending the mail. But again, you’ll need to fix your records first.

https://mxtoolbox.com/domain/webmailtcs.xyz/


#4

After you fix those issues, wait an bit then use these email tests.

http://dkimvalidator.com/


#5

after that, it’s some generic Linux commands to look for malware, then at the bottom:


I agree that blacklisting an IP address is really bad news. Many websites use CDNs like Cloudflare, Akami, etc. that share an IP address across many different websites. The only thing keeping the other CDNs from experiencing this issue [as frequently as Cloudflare] is the number of people using it.

As for an immediate solution, I recommend using another SMTP service, preferably one that uses an anti-abuse service that doesn’t have false-positives for CDN usage :stuck_out_tongue:


#6

Would it be achievable to request to Cloudflare to change to a different IP?


#7

Also, thank you all so much for offering your time and knowledge!


#8

You’ll need to address all the issues we noted or a new up won’t make difference.


#9

webmailtcs.xyz is not operated by me. I have nothing to do with it so I am not able to fix any of its issues. It is just on the same cloudflare server as my site rickliston.com and so I have been blacklisted as well. Given that I’m unable to fix its issues, I will have to either change Cloudflare servers (is this possible?), leave cloudflare, or ignore it and continue to be blacklisted


#10

The only issues or blacklists rickliston.com mail is on is actually Googles’s mail server. https://mxtoolbox.com/domain/rickliston.com/


#11

Do you send out any email from your website directly or send/receive everything from Google mail?


#12

I don’t send anything through my website directly. I just use my Apple Mail application on my computer and on my phone which is linked with my gmail account. The SORBS DUHL blacklist is blocking emails from host servers known to disseminate spam. So if webmailtcs.xyz is on the same server as me and has been spamming, then I get blacklisted too and can’t get off until I’m either on a different IP or they get off the blacklist. That’s my understanding, at least.


#13

" Sorbs Duhl Reports Subnets

Subnet-based Blacklists are used to reject email from entire ranges of IP Addresses, i.e. providers that are hosting companies sending spam, as well as single IP Addresses that may fall in that range of IP Address."


#14

We’ll get is all fixed up @Liston
Now, webmatics.xyz is not sending mail from the same IP as you / google and that’s what the other email servers and spam software are looking at.
The reason I was asking if you send mail from the website too is that, if you did, you’d have to update your Cloudflare SPF record to indicate you rickliston.com is also allowed to send mail from your hosting company’s IP or mail servers too. E.g. from something like a CRM/ERP.


#15

Also go to the link below, send an email and tell me what your score is.


#16

Wow! Legends! I seriously didn’t expect a solution. Thank you so much for your help! I just submitted a ticket before but I guess that can be ignored.

I just did the mail test and got a score of 9.5/10. I hope that’s as good as it sounds!

Thank you!!


#17

9.5 is actually really good. Read their recommendations and try for 10 :slight_smile:


#18

It penalised me for being on the SORBS blacklist in the last 48 hours. So I’ll try again in a few days and see if I can hit that 10.

Thanks again, Withheld!


#19

My pleasure @Liston and don’t worry at all about Google’s mail being on a list. The companies that maintain these blacklists know they can’t block everyone from Google, Microsoft etc. or the majority of email would instantly stop… lol


#20

Feel free to join me in my crusade :smile:

I got slightly confused by the last responses, but if they really list IP addresses because of hosted content they might want to travel back in time to the 90s and learn about virtual hosts :roll_eyes: