Spamhaus blocking client's email

[Krynn72]

Got a pretty new client, only one pc for their business and all I've done for them so far is fix some software issues and upgrade to SSD. They're getting their outgoing emails blocked, though they mention only about 75% are getting blocked and so a few go through. They get an error message in outlook referring them to Spamhaus (i don't have an actual error, just going off the phone call when I spoke to them).

I checked their IP on Spamhaus' website and it does show as being on a list. I had them call their ISP (Earthlink) and Earthlink said its something with their exchange. Spamhaus itself says it needs "the Abuse/Security representative of earthlink.net to contact the SBL Team by email to explain how the abuse problem has been terminated"

Never had to deal with something like this, so could use some direction. Going out tomorrow morning to get some more info on the clients setup and figure it out. Should Earthlink be the one to take care of it since its the IP that is blocked?

 

[freedomit]

Depends really on there email setup, are they using pop/imap, Exchange, O365 etc.

Is the blocked IP there local internet? Do they have a static IP address? If not just switch the router off for 10 minutes and get a new IP that hopefully isn't blocked

 

[jmitservices]

Its probably a shared server and someone else on that server has had the IP blocked due to sending spam etc...

 

[nlinecomputers]

What does mxtoolbox report on the domain name?

 

[Krynn72]

Depends really on there email setup, are they using pop/imap, Exchange, O365 etc.

Is the blocked IP there local internet? Do they have a static IP address? If not just switch the router off for 10 minutes and get a new IP that hopefully isn't blocked

If I recall correctly they're just using their webhost's provided email service to get their @domainname.com. Using IMAP I think. Only glanced at it last time I was there. They do have business internet so I would guess they have a static IP as well. Will confirm all this tomorrow.

@nlinecomputers mxtoolbox has it listed on SORBS SPAM, but no others.

They do have wifi as well, so it is possible they had someone bring a personal device that may be infected, which could presumably cause this?

 

[drpcfix]

If they are using ISP email, their office IP in the blacklist should not matter.

One quick method to fix is add a firewall rule at the office blocking outbound to destination port 25 (except from a local mail server if there is one) and any spam/virus/etc software on the office network will be blocked.

If they do have an on-prem server, definitely need to get into the send logs and see what it says..

 

[Krynn72]

If they are using ISP email, their office IP in the blacklist should not matter.

One quick method to fix is add a firewall rule at the office blocking outbound to destination port 25 (except from a local mail server if there is one) and any spam/virus/etc software on the office network will be blocked.

If they do have an on-prem server, definitely need to get into the send logs and see what it says..

Thanks, will test with the firewall rule. No on-premises server. Its a catering business so they just have one desktop in the whole place for accounting and emailing invoices/etc.

 

[TAPtech]

They're probably already aware, but you most likely need to get in touch with the web host provider. In all likelihood this is a shared host so they've already gotten the complaints and are working to get the issue resolved. These spam RBL's can take time to get resolved, so you'll usually have blocked emails for a couple days.

 

[TurricanII]

They sound like a prime candidate for office365. Let Microsoft deal with all that nonsense for them instead, and they get to enjoy the shared calendar/contacts across devices!

 

[Krynn72]

The plot thickens. I just checked their website and its now just basically a text doc with the word "Forbidden." in it. Still a registered domain according to whois, until the end of March at least. Wonder if they neglected to mention they're switching around services. I'll find out soon enough I guess.

 

[YeOldeStonecat]

Time to move the business client to business class email, instead of ISP hosted stuff.

 

[TAPtech]

I'm a little unclear as to whether their email is hosted by the ISP or a separate webhost... One possibility, though, is that their website is infected and sending spam emails (WordPress hacknor something) and the webhost disabled it.

 

[YeOldeStonecat]

What does mxtoolbox report on the domain name?

This is the first thing I'd check....waiting for these results.

 

[ComputerRepairTech]

You left the record # visible but when I check the sbl record # it can't find it in the system. I assume you have it resolved now?

 

[Krynn72]

It is solved now, yes. They did actually have a dynamic ip, so it was resolved by simply getting a new ip. But the business owner is pretty tech challenged and looks at me with a daze anytime I ask remotely technical questions. They don't know how their email is set up, they didn't even know if they were on a business or residential plan with Earthlink (though they showed me a bill which proved they are on business). They had an employee set up all their email, website, etc nearly 10 years ago and have just been cutting the checks since. No login information for any of it :/ and the employee is long gone.

Going to write up a proposal to migrate them to o365 and do something for their website and bring order to this chaos, but for now the email issue is at least solved.