We run our own if you'd like to add it. Just add "bl.mxrbl.com" to your list.
Actually, you said you won't play GOD but it's actually what you're doing with us...
We reach to you to know why you blacklisted all our ASN (we have more than 3000 IPs). And this is our mail exchange. I'll leave it here for everyone to know how you manage your RBL list and how wrong your "best practices" are:
Me:
> Hello.
> I was notified that you have blacklisted my whole ASN. That is not a good practice.
> Also, we are not a spam network. We are a legit datacenter company operating in Viseu, Portugal.
> We also have counter-measures to prevent any of our clients to send spam from our network.
> If someone complains about spam going out from one of our IPs, you have to forward the complain to our abuse email ([
[email protected]](mailto:
[email protected])). We handle the abuse reports at 15 mins from 7am till 11pm.
> So, can you please unblock all the IPs and inform me what IP has originated spam so we can handle the issue?
Reply from mxrbl:
> To be clear, I don't have to do anything and what is a "good practice" is what best serves my company and my customers. If I only find spam from your network and long listings of PTR records look like obvious spam trends, I list the whole ASN. It's not personal, I have a job to do the same as you.
> A quick run through your ASN looks like spam to me. Let me tell you what I see, you can run with it after hopefully understanding my perspective.
> All of this matches spam trends:
> [list of 8 IPs and their PTR records]
> Randomly generated hostnames for a domain that either has no website or looks suspiciously like something that wouldn't at all need multiple IPs for the type of business implied:
> [list of 256 IPs and their PTR records]
> Should I go on or is that enough for you to work with?
Me:
> So... You block the ips and ASN based only o PTR records?
> There are several reasons why PTR records need to be configured for IP addresses (mail is only one of them).
> Did you actually have records of spam being sent from my ASN/IPs?
> If yes, please send the signature.
> Since September 2020 that we filter all mail going out on our IPs to insure the good reputation of our network.
> Also, juste because there are 10-20 ips that where detected sending spam, you can't block a ASN that has more than 3000 IPs. That's not fair! If you act like that, why not block the hurricane electric or cogent? The answer is obvious, isn't it?
> Let's work correctly.
> I have a public abuse mail for where complains can be sent. And that abuse is publicly listed on the RIR (ripe). I pay a team to handle the complaints and act quickly.
> Best Regards,
mxrbl:
> Yes I go by reverse DNS as well. If you don't have a ton of spammers on your network, then you once did and you never cleaned their PTR records. Let me know when things look cleaner. You don't have to like the way I do things, your approval is not required. You are free to ignore MXRBL entirely and consider us irrelevant if you like. Please don't write back while your ranges are littered with obvious spammer PTR records.
me:
> Hello.
> My ranges are clean. I won't change the PTR records because those PTR are needed for other services.
> I contacted you in first place because I have a client that subscribed a SSL certificate and he isn't receiving the email with the invoice and the certificate itself because his provider is using your rbl.
> So, doing like everyone do, if you don't have any reports from actual spam being sent from my network, you please remove all records?
still me:
> For info, the PTR records you listed aren't using for mail but for server automation on a energy counting record system of one of our clients.
> We have a lot of clients that do use PTR records for other means than mailing systems (SAN traffic, diagnosis, etc...). And asking them to change all PTR records is overkill.
> You start by blocking a full ASN just because you're based on a single aspect. Maybe 2-3 years ago we had a client that sent spam from one of our IPs, but I can assure you that today that is not possible. And also, you should base your filtering on spam signatures and not on PTR records. Are you also blocking the full HE ASN? I guess not or otherwise you'll be out of business...
> Best Regards,
mxrbl:
> If you need the PTR records that I pointed out, then you are in fact running a spam network. Delisting denied.
So, my question is: Will you, has a webhosting provider, use this RBL list to fight SPAM? I certainly not!
I point out the lack of knowledge of how SPAM filtering works and how is mxrbl "implicated" on reducing the false positives...