Determine why our external public IP for email was listed in a block list provider's listing

%3CLINGO-SUB%20id%3D%22lingo-sub-835223%22%20slang%3D%22en-US%22%3EDetermine%20why%20our%20external%20public%20IP%20for%20email%20was%20listed%20in%20a%20block%20list%20provider's%20listing%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-835223%22%20slang%3D%22en-US%22%3E%3CP%3EOur%20external%20IP%20address%20was%20listed%20in%20a%20email%20block%20list%20providers%20list%20and%20thus%20Office%20365%20stopped%20accepting%20email%20from%20our%20users.%3CBR%20%2F%3EThey%20could%20send%20but%20not%20receive.%3CBR%20%2F%3EI%20have%20a%20suspicion%20that%20may%20be%20marketing%20sent%20out%20mass%20email%20and%20then%20it%20got%20blocked.%3CBR%20%2F%3EHow%20can%20I%20determine%20the%20exact%20cause%20of%20block%20place%20d%20on%20our%20IP.%3CBR%20%2F%3EWould%20message%20tracking%20logs%20show%20the%20activity%20is%20someone%20used%20our%20server%20as%20a%20relay%3F%3CBR%20%2F%3EWould%20the%20block%20list%20provider%20be%20able%20to%20provide%20the%20exact%20reason%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-835223%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EQuery%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-835733%22%20slang%3D%22en-US%22%3ERe%3A%20Determine%20why%20our%20external%20public%20IP%20for%20email%20was%20listed%20in%20a%20block%20list%20provider's%20listing%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-835733%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F356941%22%20target%3D%22_blank%22%3E%40m_c_7%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhilst%20many%20services%20exist%20to%20discover%20which%20servers%20you%20are%20blocked%20on%20I've%20found%20%3CA%20href%3D%22https%3A%2F%2Fmxtoolbox.com%2Fblacklists.aspx%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EMXToolbox%3C%2FA%3Eto%20be%20very%20useful%2C%20then%20you%20can%20contact%20each%20list%20provider%20to%20see%20why%20they%20blocked%20your%20IP%2C%20they%20all%20have%20a%20tool%20where%20you%20put%20in%20your%20IP%20and%20the%20generic%20reason%20is%20shown...%20(sent%20spam%20%2F%20open%20relay%20etc)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIts%20worth%20also%20checking%20the%20reputation%20of%20your%20IP%20after%20an%20incident%20like%20this%20as%20it%20may%20also%20cause%20residual%20issues%20even%20once%20you%20have%20resolved%20the%20problem%2C%20sites%20like%20-%26nbsp%3B%20%3CA%20href%3D%22https%3A%2F%2Fwww.cyren.com%2Fsecurity-center%2Fcyren-ip-reputation-check%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3ECyren%3C%2FA%3Eprovide%20one%20such%20reputation%20checking%20service...%20(other%20companies%20are%20available.)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20terms%20of%20knowing%20where%20the%20problem%20came%20from%2C%20do%20you%20have%20logs%20from%20your%20External%20firewalls%2C%20this%20would%20hopefully%20show%20a%20lot%20of%20SMTP%20traffic%20%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Our external IP address was listed in a email block list providers list and thus Office 365 stopped accepting email from our users.
They could send but not receive.
I have a suspicion that may be marketing sent out mass email and then it got blocked.
How can I determine the exact cause of block place d on our IP.
Would message tracking logs show the activity is someone used our server as a relay?
Would the block list provider be able to provide the exact reason?

1 Reply

@m_c_7 

 

Whilst many services exist to discover which servers you are blocked on I've found MXToolbox to be very useful, then you can contact each list provider to see why they blocked your IP, they all have a tool where you put in your IP and the generic reason is shown... (sent spam / open relay etc)

 

Its worth also checking the reputation of your IP after an incident like this as it may also cause residual issues even once you have resolved the problem, sites like -  Cyren provide one such reputation checking service... (other companies are available.)

 

In terms of knowing where the problem came from, do you have logs from your External firewalls, this would hopefully show a lot of SMTP traffic ?