This blog post from the Internet Storm Center over at SANS highlights the need to pay attention to the setup of your server systems. We aren’t using this particular blacklist but it still highlights the point. This is why I spend so much time following mailing lists and keeping up with my feed reader. This kind of thing is easily avoidable.
Aaron let us know about a discussion thread on the NANOG mailing list about issues with the blackholes.us DNS block list (DNSBL):
The issue is the maintainer of the blackholes.us DNSBL shut the list down some time back and the IP address space that the DNS servers for it were on was given back to ARIN. That address space has since been re-allocated to a new company and they are getting tired of the continual inbound DNS queries to the IP address of the old server. Apparently they have now stood up a DNS server to answer those queries with a wildcard record that effectively returns “yes, the IP you are inquiring about is a spammer”. As a result, lots of mail relays that are still configured to do lookups against this DNSBL are now being told that everyone on the Internet is a spam source.
According to this post in the news.admin.net-abuse.email Usenet newsgroup, the DNSBL was shutdown 2 years ago.
If you are an email administrator, please check your RBLs to see if you are still submitting queries to blackholes.us and remove it from your configurations if you are. You should also review any other RBLs you are using to ensure that they are still in operation as well.