In reply to a post by ukwiz:

What it needs is for Zen to register their static ip addresses.Of course, with Zen that is unlikely to happen.

Just to clarify, and this is largely historical, it was actually of significant value for LIRs (local internet registries, i.e. those to whom RIRs - regional Internet registries - have allocated blocks of IP addresses, or "address space") to notify managers of RBLs that specific subnets were used as a "pool" for allocation to dial-up users, or these days, for dynamic allocation on broadband lines provided by ISPs: clearly, spam originating from script kiddies can then be filtered out from incoming mail queues because of the presence of the sending IP address on a reliable RBL.

What needs to be clarified here is that there are many RBLs, some good, some bad, and many of them - like the Trend Micro one to which I refer in the original post - are very specific. As already stated, this one comprises dynamic IP addresses, and there is no "behind-the-scenes magic": LIRs can choose to have IP addresses added to all, some, or none of these RBLs.

In other words, there's no central list of static IP addresses... if there was, it would be a "white list", but the issue here is that at some time in the past, Zen Internet had these IP addresses added to a dial-up IP address block list, not necessarily the Trend Micro one, but it must have been an active choice, one that hasn't been documented or worse, their management process has just failed and they've changed how they use a significant part of their address space without updating any relevant RBLs.

My post a couple of months ago was about a completely different problem, but one that arose for exactly the same reason: Zen don't manage their address space properly. From being something apparently affecting only a small part of their allocated address space, it appears from the various responses above that it's a much bigger problem, one that has been hidden because most users of static IP addresses aren't running their own Message Transport Agents (MTAs).

Having a dynamic IP address is fine if a static IP address isn't needed, not least because there are workarounds (e.g. dynamic IP reporting clients), but anyone handling mail for one or more domains needs a static IP address with a good "reputation", and it's a real pain finding out that your static IP address is on an RBL for no good reason.

PS - No response received from Zen Internet other than the automated acknowledgement of the Support query.

In reply to a post by jpm:

If you're sending mail directly from a server you run yourself and it's a production system (which it appears to be as this problem is inconveniencing you) then what was your contingency plan for a broadband outage?

Mail for or from the more important domains can be routed by Siteground's mail facilities, but TBH this instance only arose because a single recipient - it happens to be Asda, part of Walmart - uses this particular RBL, of which I wasn't even aware until now.

But it shouldn't be necessary to invoke a contingency plan because your ISP is rubbish at network management...

In reply to a post by SteveBen:

If it appears autogenerated (88-98-240-10.dsl.zen.co.uk for example)...

That would be autogenerated for 10.240.98.88 which is within the Class A private address range 10.0.0.0/8, unrouteable on the Internet, or was that deliberate?

Edit: Ah, I see, this is theoretically generated from 88.98.240.10! I'm thinking ARPA TXT DNS records...

Edited by deleted (Wed 13-Jul-22 20:47:29)

In reply to a post by GraceCourt:

Just to clarify, and this is largely historical, it was actually of significant value for LIRs (local internet registries, i.e. those to whom RIRs - regional Internet registries - have allocated blocks of IP addresses, or "address space") to notify managers of RBLs that specific subnets were used as a "pool" for allocation to dial-up users, or these days, for dynamic allocation on broadband lines provided by ISPs: clearly, spam originating from script kiddies can then be filtered out from incoming mail queues because of the presence of the sending IP address on a reliable RBL.

No, that is not how it works. ISPs don't register their addresses with RBLs as dynamic/static/whatever. That is just not a thing,

In reply to a post by GraceCourt:

In other words, there's no central list of static IP addresses... if there was, it would be a "white list", but the issue here is that at some time in the past, Zen Internet had these IP addresses added to a dial-up IP address block list, not necessarily the Trend Micro one, but it must have been an active choice, one that hasn't been documented or worse, their management process has just failed and they've changed how they use a significant part of their address space without updating any relevant RBLs.

Again, not a thing. In fact the subnet you are referring to is 51.155.0.0/16 up until a few years ago belonged to the DWP. (https://petition.parliament.uk/archived/petitions/38744). Do you think Zen added addresses to some magical list of dial-up addresses in 2015 when it appears it purchased them? (https://apps.db.ripe.net/db-web-ui/query?searchtext=51.155.0.0%2F16) Or do you think the DWP were adding addresses to an RBL marking them as dialup?

This is not a thing. RBL maintainers make their own mind up, about what they think is a dynamic residential internet address, and what is not. You can ask them nicely to take an address off their list.

It really sounds like you should not be running your own MTA.

This is off-topic but that petition made me laugh. Not selling something that has value but was allocated at no cost and has no ongoing costs is not a "waste of funds", there's been a massive assumption made that re-addressing internal systems is a zero cost exercise, and freeing up £1bn with the aim of reducing a deficit is like taking a slash into the ocean.

In reply to a post by SteveBen:

No, that is not how it works. ISPs don't register their addresses with RBLs as dynamic/static/whatever. That is just not a thing.

I only commented on dynamically-allocated IP addresses. But LIRs can, and do, choose to provide information about their address space to third parties - including RBL maintainers - in this way, because spam proliferation isn't in anyone's interest except the spammers.

In reply to a post by SteveBen:

Do you think Zen added addresses to some magical list of dial-up addresses in 2015 when it appears it purchased them? (https://apps.db.ripe.net/db-web-ui/query?searchtext=51.155.0.0%2F16) Or do you think the DWP were adding addresses to an RBL marking them as dialup?

No, to both questions.

In reply to a post by SteveBen:

This is not a thing. RBL maintainers make their own mind up, about what they think is a dynamic residential internet address, and what is not. You can ask them nicely to take an address off their list.

Already done before making the post, as implied in it, and message successfully delivered to Asda. Thanks for the history of the IP block, I didn't know that. But I'm trying hard to think how one might successfully set up and maintain an RBL of dynamically-allocated IP addresses without any third party information about these.

In reply to a post by SteveBen:

It really sounds like you should not be running your own MTA.

I've been happily doing so for about fifteen years, but I respect your right to have an opinion about that. However, you might want to think hard about the way you convey your opinions to others, it's a useful skill when you can do that without giving unnecessary offence.

In reply to a post by GraceCourt:

But I'm trying hard to think how one might successfully set up and maintain an RBL of dynamically-allocated IP addresses without any third party information about these.

As already mentioned, checking for rDNS, checking if its an auto-generated rDNS, user reports, etc.

It makes perfect sense that if an IP has no rDNS or an automated one to block e-mail from it, as a legitimate server should have these.

Edited by alexatkin (Tue 19-Jul-22 00:45:11)

In reply to a post by alexatkin:

As already mentioned, checking for rDNS, checking if its an auto-generated rDNS, user reports, etc.

It makes perfect sense that if an IP has no rDNS or an automated one to block e-mail from it, as a legitimate server should have these.

Sure. But this IP address did have a custom rDNS, and I've subscribed to a commercial DNSBL monitoring service for years, quite successfully.
Not the most pragmatic way for Trend Micro to compile a block list to sell commercially to its many customers, such as Walmart (owner of Asda).

Asda is no longer owned my walmart. Its owned by the Issa brothers and TDR Capital

In reply to a post by GraceCourt:

In reply to a post by alexatkin:

As already mentioned, checking for rDNS, checking if its an auto-generated rDNS, user reports, etc.

It makes perfect sense that if an IP has no rDNS or an automated one to block e-mail from it, as a legitimate server should have these.

Sure. But this IP address did have a custom rDNS, and I've subscribed to a commercial DNSBL monitoring service for years, quite successfully.
Not the most pragmatic way for Trend Micro to compile a block list to sell commercially to its many customers, such as Walmart (owner of Asda).

In reply to a post by iannewson:

Asda is no longer owned my walmart. Its owned by the Issa brothers and TDR Capital

Thanks for that... my error arose out of the fact that all of Asda's e-mails to customers are still being sent from the walmart.com domain... the new owners must be paying Walmart to continue to provide that as a service.