Email MX Blacklist, RBL Real-time Blackhole List

A RBL is a Real-time Blackhole List (RBL). These are designed to stop spam.


What does “listed on RBL” mean?

cPanel services are shared by many users. Those users (customers) are rarely keeping their website applications up to date, causing them to be hacked. The hackers use the accounts belonging to those shared users for various malicious purposes, such as sending out SPAM email.

RBL (Real-time Blackhole List) allows server administrators to prevent SPAM from being spread around the internet by blocking email access to/from servers which are identified as a known origin of sending spam email. Most ISPs (Internet Service Providers) subscribe to various different RBL suppliers, as do we. A lot of free email systems do NOT subscribe to any RBLs (e.g. Hotmail, Gmail).

The effect of being listed in RBL is – email user on the given server is unable to email messages to servers which subscribe to the given RBL. The email user receives bounce messages referring to a Blacklisting. Senders to this email user at times also become unable to successfully send mail to them, receiving similar bounce messages referring to a Blacklisting of the recipients server.

How did our servers get listed?

A number of customers who are sharing the email services on those cPanel machines may have been hacked and subsequently exploited for the purpose of sending SPAM. This has caused the IPs of the servers to become listed with RBL suppliers, stopping email from operating reliably for all users on those cPanel servers.

It is rare for our servers to be listed – as SPAM issues are usually detected and corrected before it becomes a problem.

How long till it’s fixed?

Our System Administration team is working with the RBL supplier organisations on this currently. Most RBLs differ in the period of time they take to delist a server, the effects of the listing can last between 2 hrs to a whole calendar month, depending on the reputation of the server as time goes by. It’s imperative to ensure no repeat abuses from our IPs to prevent a re-listing, which requires us to find all hacked users and have them resolve the issues on their applications end.

The server administrators are notified twice weekly about servers being listed on RBL’s and they then work on removing the ip address from the blacklists. They do this usually by proving to the blacklist operator that they have taken action to suspend or ban the spammer.

There is no guarantee an RBL will de-list even after the IP address being proven as ok, this is the rarest of situations though. Trusted RBLs are those that are adaptive and correction made from 0 to 48 hours and 72 hours maximum.

We apologise for the inconvenience this undoubtedly causes our customers with running of their businesses, and this issue is treated as highest of priorities for the System Administration team.

What can I do?

We encourage you to check, as we work on the situation the RBL providers are a law unto their own.

  1. Click here; Find your hosting server IP
  2. Check the RBL lists at; http://www.mxtoolbox.com/blacklists.aspx

If you find that you are listed on a RBL list please report it to us. After we’ve corrected please continue to check up to 72 hours from the fix (usually up to 48hours).

Why me? Why don’t other experience this?

It is a rare situation in the first place also we have many servers with different IPs so a problem affecting one will not affect another. The larger your email lists the more obvious the problem will be and more susceptible you can be. Also, you may not be aware but you may in fact be sending SPAM.

What if the IP can not be removed from an RBL?

  1. It is rare that our servers are listed on the RBL because they are usually detected and corrected before an RBL lists one of our servers.
  2. If listed, we work with the client account and RBL to have delisted.
  3. Is not delisted, we can move servers to a proven non-RBL IP.

Leave a Reply