Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Spamhaus flagged a domain 24 hours after its creation?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Spamhaus flagged a domain 24 hours after its creation?

I bought a domain and Spamhaus has flagged it roughly one day after purchasing it. Porkbun sent me an email to tell this to me.

There is not even a mail server installed on the server pointed by the domain. Fresh Ubuntu install.

Has this ever happened to you?

Comments

  • deankdeank Member, Troll

    By "bought", do you mean you purchased it from some wanker?

    or is it a newly registered domain? Have you looked up the domain's history?

  • @deank said:
    By "bought", do you mean you purchased it from some wanker?

    or is it a newly registered domain? Have you looked up the domain's history?

    Newly registered. I came up with its name. All I did was to point it to a server, which I had hardened a bit (usual stuff, change ssh port, ssh keys, no root ssh, fail2ban), and then I installed powerdns on the sever. There is literally nothing else there.

  • deankdeank Member, Troll

    Then I'd check the header of the email you've gotten. Smells like scam to me.

  • sgheghelesgheghele Member
    edited June 2020

    @deank said:
    Then I'd check the header of the email you've gotten. Smells like scam to me.

    Not only is the e-mail valid, the domain is really in Spamhaus dabatase. That is so odd. And, no history for the domain. It really is brand new.

  • deankdeank Member, Troll

    Then somebody at PMSbaus must hate you and wants you suffer.

    Thanked by 1serversHQ
  • @deank said:
    Then somebody at PMSbaus must hate you and wants you suffer.

  • DPDP Administrator, The Domain Guy

    Are you positive that it has no history?

  • JarryJarry Member

    Maybe the IP you pointed the domain to has some "history"...

    Thanked by 1sgheghele
  • deankdeank Member, Troll

    Gosh, nothing is more haunting than histories with ex...

    Thanked by 1netomx
  • @Jarry said:
    Maybe the IP you pointed the domain to has some "history"...

    Bingo! I temporarily pointed the A record to my home dialup IP (I am developing my own dyndns, have dynamic IPs at home) and dialup IPs of my ISP are automatically flagged.

    I did not even think about the IP because the domain is so new. Spamhaus is fast.

    Thanks!

  • deankdeank Member, Troll

    Dump your host for giving you porn IP.

  • jarjar Patron Provider, Top Host, Veteran

    This is normal. I bought a new domain and set up an IP range on it to be one of MXroute's relays (customers were asking for mxroute.com to be hidden from headers at the time), the domain was on the DBL the next day. I bought another domain and used it to send emails from WHMCS (mxroutemail.com) and it was also listed on the DBL soon after.

    Purchasing new domains and spamming, then dumping them for a new domain has become far too common with low domain prices. Just reach out to spamhaus and let them know what's up, they'll remove you no problem.

    Thanked by 1sgheghele
  • @deank said:
    Dump your host for giving you porn IP.

    I want my $1.50 refunded.

    Removal Procedure / Removal of IP addresses within this range from the PBL is not allowed by the netblock owner's policy.

    Interestingly, my ISP has chosen to blacklist itself on its own.

  • sgheghelesgheghele Member
    edited June 2020

    @jar said:
    This is normal. I bought a new domain and set up an IP range on it to be one of MXroute's relays (customers were asking for mxroute.com to be hidden from headers at the time), the domain was on the DBL the next day. I bought another domain and used it to send emails from WHMCS (mxroutemail.com) and it was also listed on the DBL soon after.

    Purchasing new domains and spamming, then dumping them for a new domain has become far too common with low domain prices. Just reach out to spamhaus and let them know what's up, they'll remove you no problem.

    This might also be the case as my home IP hasn’t been the A entry for very long. Maybe in the last 2-3 hours.

  • deankdeank Member, Troll

    Some bitch made a huge PMSing deal out of 1.25 not long ago.

    Just saying.

    Thanked by 1netomx
  • @deank said:
    Some bitch made a huge PMSing deal out of 1.25 not long ago.

    Just saying.

    Yeah I was referring to that but I was too lazy to go check on the precise amount.

    Anyway, how have you been flagged as a troll here? Spamhaus hit again? Half the fun goes away with a disclaimer.

  • deankdeank Member, Troll

    You cite the end is nigh long enough, you will earn it.

    A natural progression.

    Thanked by 1WSWD
  • jackbjackb Member, Host Rep
    edited June 2020

    @sgheghele said:

    @deank said:
    Dump your host for giving you porn IP.

    I want my $1.50 refunded.

    Removal Procedure / Removal of IP addresses within this range from the PBL is not allowed by the netblock owner's policy.

    Interestingly, my ISP has chosen to blacklist itself on its own.

    The PBL (policy block list) is primarily used for residential networks that have no business sending a large volume of email without using an external mail server. This is why your ISP chose to be blacklisted.

    Thanked by 1TimboJones
  • @sgheghele said:

    @Jarry said:
    Maybe the IP you pointed the domain to has some "history"...

    Bingo! I temporarily pointed the A record to my home dialup IP (I am developing my own dyndns, have dynamic IPs at home) and dialup IPs of my ISP are automatically flagged.

    I did not even think about the IP because the domain is so new. Spamhaus is fast.

    Thanks!

    Did you have "dynamic" autocorrected to "dialup"? Otherwise, wtf? Are you from year 2000?

  • Tony40Tony40 Member
    edited June 2020

    A VPS provider here gives me a blacklisted IP, suspended my account for "Email Abuse", I just had installed the new OS and was not even using the VPS, It was powered off on localhost.
    No domain setup yet, went I check the IP he give me was already blacklisted before he gives to me., I was guilty, I had to prove my innocence... so finally the Email came

    "Yes, there was one listing for several months prior to your usage. Then it quadrupled.

    I have re-activated your server and submitted for the removal of those listings. Please verify your server for any signs that it may have been compromised."

    "Service Unsuspension Notification"

Sign In or Register to comment.