Blacklisted by APEWS?
If you are reading this you've probably found yourself being blacklisted by APEWS.
- You may check if your IP is blacklisted by APEWS on their webpage apews.org
- Your IP is blacklisted not blocked
These are two different things. Your email is blocked by APEWS blacklist when the recipient's postmaster decide to use APEWS DNSBL only. Since 2007 I have seen few (<10) mailservers using APEWS blacklist. And no, hotmail, yahoo, google nor anyone bigger than 10k users (AFAIK) do not use APEWS.
- Your email is "blocked" if you see something like that in your log files or delivery status notification message:
554 5.7.1 Service unavailable; Client host [188.8.131.52] blocked using l1.apews.org;
If you see:
554 5.7.1 Service unavailable; Client host [184.108.40.206] blocked using cbl.abuseat.org;
AND your IP is blacklisted by APEWS then you're "blacklisted" by APEWS, not "blocked" - you are blacklisted by CBL and blocked by CBL, on this very recipient's server - nothing more.
- every postmaster has his own set of rules (including DNSBLs) he use to block spam. There are popular filters like spamcop, spamhaus, cbl and less popular like dnsbl.net.au and almost-no-one-is-using-it - APEWS
- If you still do not understand difference between "blacklisted" and "blocked" then you may skip this article and go find someone, who does.
APEWS is listing networks
- If you have found your IP blacklisted by APEWS then not only your IP is blacklisted but entire network surrounding it.
- the next thing you should know is the network owner - the company you're paying for connectivity or hosting.
- if this company is not the owner of entire network blacklisted by APEWS then maybe their upstream Internet Service Provider is (repeat this step until you find the owner of entire network blacklisted by APEWS)
- If you still do not understand difference between "single IP" and "network" or "you" and "network owner" then you may skip this article and go find someone, who does.
- If you own single IP or a small network and the listing is bigger than your network - please contact your upstream ISP. They should have current list of spam and abuse issues outgoing from their network (including your IP)
- If there was a spam or abuse outgoing of your network then your upstream ISP should have contacted you. They should've told you "this IP is sending spam, clean it within 24h or else we will disconnect you" or something like that. If not - ask them to do it in future or stop paying for malfunctioning service they provide.
APEWS is listing networks from which spam or other abuse was originating.
- If you are the network owner then you probably know what RIPE, ARIN, LACNIC, AFRINIC, APNIC ond other *NIC are
- and you should have a working firstname.lastname@example.org address
usually if your domain does not have working abuse@ then your domain is listed by www.rfc-ignorant.org
- and you should have email@example.com address included in *NIC records
please execute #whois your.ip.add.ress and search for your firstname.lastname@example.org address
- write an email to email@example.com address and check which human being in your company is reading it.
- ask him/her what does he do if he/she receive a complaint about your IP sending spam or making abuse.
- if this person began to stare at you with blank look on the face - you are in deep shit called SNAFU.
- if this person provides you with list of spamming ex-clients - your have just dirty shoes, dirty of shit of course.
if any of these are true:
- you have no working abuse@your domain mailbox
- there is no human reading emails from it
- the human is not dealing with the complaints
- the human is dealing with the complaints but:
- the spam and other abuse keep outgoing from your networks
then your listing is correct, your listing is not false-positive and this is not a mistake. And it is you and your company who is at fault (not dealing with the spammers is a fault). You made a mess, you should clean your poo. It does no matter if the listing was created 5 years ago. It means somebody 5 years ago fucked up the case and you are paying for that mistake now. The rest of the Internet was forced to live with that mistake for 5 years. And you are living with this problem for how much? 5 hours?
what to do if you are blacklisted by APEWS
- read their FAQ
- the news.admin.net-abuse.email usenet group is not a place for "removal requests"
I doubt there are APEWS maintainers reading it. And of course they are not removing anything from their list. On news.admin.net-abuse.email you may talk about APEWS in general, not about your listing (unless you're asking for help to search&destroy zombies on your network). Please read the history of this usenet group FIRST. Please search this newsgroup for "APEWS" keyword FIRST.
- who are the people reading/posting on nanae? there are few sysadmins, sometimes various DNSBL maintainers, spammers, spam supporters, crying babies (people who found themselves blacklisted), users, lusers and a lot of trolls. The number of trolls and their threads greatly exceeds anything I have seen on any other newsgroup. Be warned - not to feed them with your flesh
- on nanae you can ask for help: some volunteers may help you with finding zombies, securing your network, pointing who are the spammers on your network and pointing various errors in mailserver configuration. Only if you ask politely. Volunteers cannot replace your sysadmin crew.
- the APEWS maintainers cannot be contacted in any way
- nor I do not know of any person who contacted them. But I see many trolls, who claim to know their e-mail addresses.
- I do not have knowledge about single entry removed from APEWS listing
- nor I do not know of any person wittnessing it
- the APEWS maintainers cannot be sued - simply because you don't know which country they are from and what laws they should abide. Posts which say something about sueing are called cartooneys and are laughed at. You will be considered a spam supporter and you will not receive any help. Many people (including myself) will consider you a moron.
- do not TALK about how big is your legal department is. The bigger your legal department is the smaller dick you have.
- if you have the money to hire lawyers you may hire skilled sysadmins to clean the mess as well.
- you may simply consider yourself fucked up.
That would be all. Thank you.
What to do if your email was blocked
- refer to your mailserver log files or to delivery status notification message to find what exactly happened
- do not browse randomly every possible DNSBL, "blacklisted" and "blocked" are two different things, remember that
- your email may be blocked by hundreds of different filters (including DNSBLs), a skilled administrator is able to determine what kind of filter was the cause from the log files or DSN
- If you are looking at the log files and you're thinking: "WTF is that" - go find an administrator who can read the logs like Mouse reads Matrix (Have you seen the Matrix movie? Do you remember the consoles with green chars falling down?)
- if you don't have access to log files, don't have access to DSN, you don't know what I am talking about - get the fuck of my sight and bring someone who is skilled enough.
Find the cause - why your IP was blacklisted or why your email was blocked
- your IP in blacklist is not the part of cause, It is the solution for the Internet to deal with spam - your spam
- there might be spam / abuse originating from your IP
- from hacked mailserver
- from hacked webserver
- from Windows behind NAT
- from a enough-to-be-smart device like printer
- from mailserver sending backscatter ("Your email cannot be delivered because ..."), see www.backscatterer.org
- from spam/antivirus filter ("Your email cannot be delivered because it contains spam or virus")
- from misconfigured mailserver (open-relay)
- from misconfigured open-proxy
- or simply you are harboring spammers
- your mailserver is not correctly configured
- your network connectivity is bad and connection breaks while sending large emails
- you have misspelled recipient's email address or his address is no longer available
- if you still don't know why - ask the recipient's postmaster/administrator, pick up the phone and call your recipient, she/he should give you an information who her/his postmaster is.
Find the solution
by stopping all spam and abuse outgoing of your networks
- remove spammers (your spamming clients, yes I know they are paying you money and you allow them to spam, with enough money you would allow them to kill your relatives)
either you have your paying clients, paying spammers and trouble or just paying clients. The choice is yours.
- block outgoing port 25 traffic for all computers, use port 587 instead. Allow port 25 for smtp servers only
- make sure your server is secure, passwords are strong (the most common password is 123456)
- for servers - block the traffic, that is not needed - incoming and outgoing.
- if you don't know (WTF) port 587 is - go find someone who does...
an example of removal request on wrong forum (spamcop is not apews):