IP addresses and DataCenters...

rivermobster

Well-Known Member
Dec 16, 2020
101
24
18
SoCal
cPanel Access Level
Root Administrator
Hey all,

This is gonna be tough to put into words, but I'm gonna try. Lemme describe the problem...

I recently moved from a shared server, to a Virtual Cloud server (with my own IP address for me and my clients) to avoid all the blacklisting issues that arise from being on a shared server. Good idea, right? Maybe not...

Cause now I have a whole new set of problems...

1. I checked the IP with MXToolBox before I put it into play. Everything looked good. I'm stoked. Shortly after I moved all my clients to the new cloud server, I find out Microsoft has BLOCKED my IP. *pullinghairout*. Went though a bit of drama with them to get my IP unblocked, and all is now well when checking with SNDS. *phew*. But even now, any email I send to an MS email (hotmail, live, outlook) will end up in that persons accounts spam folder until replied to. Ok, I can maybe live with that, but I'm gonna pursue that with MS and see how far I get with it.


2. I'm subscribed to MXToolBox with one of my clients domains. A couple days ago, I get notified that I'm now on the UCEPROTECTL3 blacklist. I call my domain provider and they tell me they are aware, removing the spammer, and trying to get my IP off the blacklist.

Apparently UCEPROTECTL3 has blacklisted a whole block of IP addresses, and mine is somewhere in the middle of that block of IP addresses.

The whole reason I moved to a cloud server, with my own IP was to prevent all these email issues, and NOW I have almost the same problem??? Suffice it to say, I'm not real happy at all!! lol

So I guess the question I have is...

Is it even possible to protect yourself from these issues of being in a range of blocked IP addresses?

I have more questions, but I'll just leave it at that for now to make life simple.

Thanks in advance for the help!
 
Last edited by a moderator:

andrew.n

Well-Known Member
Jun 9, 2020
518
138
43
EU
cPanel Access Level
Root Administrator
Yes and no. Like you said if you are in a bad neighbourhood you can't do anything to prevent your IP being blocked. On the other side having your own server means you can set your own rules and control as well as limit email flow as you want. Setting up alert and low max hourly email limit in WHM under Tweak Settings is the first step to catch a compromised account before it can do any harm. There are some 3rd party plugins as well as monitoring solutions to make sure you got alerted if there are higher than usual outgoing emails on your server. So if your server is properly setup and configured for the purpose of it's use you should be good to go as long as you have good neighbours :)
 

rivermobster

Well-Known Member
Dec 16, 2020
101
24
18
SoCal
cPanel Access Level
Root Administrator
Yes and no. Like you said if you are in a bad neighbourhood you can't do anything to prevent your IP being blocked. On the other side having your own server means you can set your own rules and control as well as limit email flow as you want. Setting up alert and low max hourly email limit in WHM under Tweak Settings is the first step to catch a compromised account before it can do any harm. There are some 3rd party plugins as well as monitoring solutions to make sure you got alerted if there are higher than usual outgoing emails on your server. So if your server is properly setup and configured for the purpose of it's use you should be good to go as long as you have good neighbours :)
Yeah, it's not me and my clients, it's defiantly the neighbors! lol

Is there a way to know what zip code (range of IP addresses) you'll be in, beforehand, so you'll know what your neighborhood might be like??
 

andrew.n

Well-Known Member
Jun 9, 2020
518
138
43
EU
cPanel Access Level
Root Administrator
  • Like
Reactions: rivermobster

rivermobster

Well-Known Member
Dec 16, 2020
101
24
18
SoCal
cPanel Access Level
Root Administrator
Yes and no. Providers usually don't tell you in advance what IP range you will get as it's being assigned randomly however once you got the IP there are checkers where you can see your "neighbours" like IP and Domain Reputation Center || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence. One other way might be to buy a bigger IP range reducing your risk to be blocked but of course that means more $$$ and otherwise you wouldn't even use that many IPs.
Cool bro, thanks. I'll get to reading...

-Joe
 
  • Like
Reactions: cPRex

rivermobster

Well-Known Member
Dec 16, 2020
101
24
18
SoCal
cPanel Access Level
Root Administrator
Isn't email great?
Well that was an interesting rabbit hole @andrew.n sent me down...

Turns out my IP isn't owned by my hosting provider, it's owned by the provider that owns them!

What's even more interesting is...

The block that I appear to be in xxx.xxx.xxx.5 to xxx.xxx.xxx.242 (only 17 showing) are all neutral or good. So I wonder why I'm having these issues??

Edited: 24 to 242
 
Last edited:

andrew.n

Well-Known Member
Jun 9, 2020
518
138
43
EU
cPanel Access Level
Root Administrator
You sure you didn't cause this right?:D Have you checked exim queue in WHM? If you see many stuck emails there then you have a problem for sure.
 

andrewmoras

Member
Feb 6, 2021
20
11
3
Remote
cPanel Access Level
DataCenter Provider
2. I'm subscribed to MXToolBox with one of my clients domains. A couple days ago, I get notified that I'm now on the UCEPROTECTL3 blacklist. I call my domain provider and they tell me they are aware, removing the spammer, and trying to get my IP off the blacklist.

Apparently UCEPROTECTL3 has blacklisted a whole block of IP addresses, and mine is somewhere in the middle of that block of IP addresses.
I wouldn't worry too much about UCEPROTECTL3 as it's not really used by everyone. Unfortunately you can't do much about it and it's up to the provider to find the spammers in their network (your neighbours) and deal with the delisting process.

Microsoft... that's a different beast and you'll probably have more issues later down the road because they don't really talk to you and when they do, you get a canned reply.

On a VPS/Cloud server/dedicated you have more flexibility and you can always make sure that DKIM, SPF and DMARC are enabled for your domains which will increase the chance to get your users' email in inbox with all major email providers.

Thanks,

A
 
  • Like
Reactions: cPRex

rivermobster

Well-Known Member
Dec 16, 2020
101
24
18
SoCal
cPanel Access Level
Root Administrator
You sure you didn't cause this right?:D Have you checked exim queue in WHM? If you see many stuck emails there then you have a problem for sure.
My provider has checked and said there are no issues. At this point in time, I know all my clients personally. All my business has been word of mouth. Most of them use their own email!

But if you don't mind...

How exactly would I check for myself?
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
4,151
523
273
cPanel Access Level
Root Administrator
It's important to note that @andrew.n isn't necessarily trying to blame your users, but it's totally possible that just one piece of malware on a client's system could cause an issue.

Working through this guide would let you see where the spam is coming from on your server:

 
  • Like
Reactions: rivermobster

rivermobster

Well-Known Member
Dec 16, 2020
101
24
18
SoCal
cPanel Access Level
Root Administrator
I wouldn't worry too much about UCEPROTECTL3 as it's not really used by everyone. Unfortunately you can't do much about it and it's up to the provider to find the spammers in their network (your neighbours) and deal with the delisting process.

Microsoft... that's a different beast and you'll probably have more issues later down the road because they don't really talk to you and when they do, you get a canned reply.

On a VPS/Cloud server/dedicated you have more flexibility and you can always make sure that DKIM, SPF and DMARC are enabled for your domains which will increase the chance to get your users' email in inbox with all major email providers.

Thanks,

A
They say they are on it. I haven't checked this morning yet, but I will. Need coffee first. :p

Microsoft was actually pretty good and surprised me. The 1st canned response got back to me right away. When I replied to it, a human got back to me, and they eventually delisted my IP. Just had to show them the proof that I owned the IP. It was much easier than I thought it would be!

I have all of those records set properly. MxToolbox has verified that for me.

Apparently my current domain name provider does not support DNSSEC, so I'm moving a couple of my testing domian names to Cloudflare to get that piece of the puzzle in place.

Once they fully transfer, I'll see if that makes any difference.
 

rivermobster

Well-Known Member
Dec 16, 2020
101
24
18
SoCal
cPanel Access Level
Root Administrator
oh boy try it with gmail....not even a reply lol
Yeah, google is stupid!

I create business listings for my customers. There was an error in one of the listings, and after WEEKS of back and fourth with them, we finally deleted it, and started all over from scratch! Even they couldn't figure out how to correct the error. Brilliant.

At least now I know what to do when there is a problem with them...

:rolleyes:
 

andrewmoras

Member
Feb 6, 2021
20
11
3
Remote
cPanel Access Level
DataCenter Provider
They say they are on it. I haven't checked this morning yet, but I will. Need coffee first. :p

Microsoft was actually pretty good and surprised me. The 1st canned response got back to me right away. When I replied to it, a human got back to me, and they eventually delisted my IP. Just had to show them the proof that I owned the IP. It was much easier than I thought it would be!

I have all of those records set properly. MxToolbox has verified that for me.

Apparently my current domain name provider does not support DNSSEC, so I'm moving a couple of my testing domian names to Cloudflare to get that piece of the puzzle in place.

Once they fully transfer, I'll see if that makes any difference.
DNSSEC won't make much difference when it comes to email delivery, however SPF, DKIM and DMARC will :cool:

Good luck!

A
 
  • Like
Reactions: rivermobster

rivermobster

Well-Known Member
Dec 16, 2020
101
24
18
SoCal
cPanel Access Level
Root Administrator
You sure you didn't cause this right?:D Have you checked exim queue in WHM? If you see many stuck emails there then you have a problem for sure.
Checked in WHM. Went back to December 2020. There was nothing there. If I ran the report right anyway...

:P
 
  • Like
Reactions: cPRex

wintech2003

Well-Known Member
PartnerNOC
Sep 15, 2010
103
28
78
Greece
cPanel Access Level
DataCenter Provider
Which is why solutions like MailChannels exist :)

BTW there's a new kid on the block, Home - Mail Baby offering a similar solution (outbound antispam, delivery through their IPs etc) with much friendlier pricing for small hosts, so you might wanna give it a try. If you do like 5K emails per month, it's only $2/mo.
 

andrew.n

Well-Known Member
Jun 9, 2020
518
138
43
EU
cPanel Access Level
Root Administrator
yes these 3rd party bulk email services are great but all the emails goes through them so privacy is nada. I usually only recommend it if the server got blocked with it's whole range and there is no chance of delisting :(
 
  • Like
Reactions: rivermobster

rivermobster

Well-Known Member
Dec 16, 2020
101
24
18
SoCal
cPanel Access Level
Root Administrator
Just a note to say my hosting company got me off that blacklist. Everything is clear now and looking good! Gonna pray that it stays this way for awhile. Hopefully I'll earn a "good' reputation in the near future.

Thanks for all of your help!