Skip to main content
user_frtcb9
1st Topic
1st Reply

Visitor

 • 

17 Messages

Sunday, August 3rd, 2025

Why Blacklisted? Again!

It has been working for several days after nearly 4 days of issues. However, I see my IP is once again listed as blacklisted on a site the checks for blacklisted IPs. I am willing to bet that I will start having issues again. Please note, that my external IP is not under my control. I live in an apartment community and I believe we share this external IP so potentially someone else is causing this. Please validate this for me? Is this possible. Here is the latest from https://check.spamhaus.org/. Any insights would be extremly helpful. I have no idea what the "Most Recent HELO" values represent and why I would be using them? 

Why was this IP listed?

50.144.162.34 is making connections with technical values and unusual sending behavior that indicate a problem: usually malware. In some cases this may also be caused by server misconfiguration.

Please check both things.

Technical information

The most recent connection was on: August 3 2025, 17:30:00 UTC (+/- 5 minutes). The observed HELO value(s) were:

(IP, UTC timestamp, HELO value)

50.144.162.34 2025-08-03 17:30:00 mta7.smtp.airbnb.com
50.144.162.34 2025-07-24 03:00:00 testingserver.com.local
50.144.162.34 2025-07-17 09:45:00 50-144-162-34.excusecolor.com
50.144.162.34 2025-06-08 10:25:00 smtp.johnsonservices.net
50.144.162.34 2025-05-31 00:30:00 testingserver.com.local

What should be done about it?

This issue is very likely to be caused by a personal device, such as a mobile phone, with residential proxy malware or a spambot installed on it. It is EXTREMELY rare for this to be the SMTP server at fault.

DYNAMIC IPs/MOBILE USERS

If you are NOT running a local mail server on this IP, please do the following:

  1. Go to https://www.whatismyip.net/ and find out what your public IP is.
  2. Call your ISP - the company that is providing your internet access via the IP you just looked up.
    • Find out from your ISP if the IP is dedicated or dynamic.
    • If it is dynamic, is it CG/NAT?
  3. What are your outbound mail settings? Have your ISP verify your mail settings are correct:
    • SMTP server name
    • Outgoing SMTP port
    • Are you using SMTP authentication - yes/no?
  4. Once you have this information, open a ticket.

Please provide your verified mail settings in this ticket. Our ability to help you depends on this information!

STATIC IP/LOCAL MAIL SERVER(S)

Do you have one or more local SMTP servers? The problem is NOT your mail server. It is never the mail server. It is always someone's mobile device (phone, laptop, tablet), or more rarely a computer, somewhere on the LAN. There can be more than one!

These are the recent HELOs we have seen. If they match your mail server's rDNS, do not dismiss this, and read on.

(IP, UTC timestamp, HELO value)

50.144.162.34 2025-08-03 17:30:00 mta7.smtp.airbnb.com
50.144.162.34 2025-07-24 03:00:00 testingserver.com.local
50.144.162.34 2025-07-17 09:45:00 50-144-162-34.excusecolor.com
50.144.162.34 2025-06-08 10:25:00 smtp.johnsonservices.net
50.144.162.34 2025-05-31 00:30:00 testingserver.com.local

What to do:

  1. Make sure port 25 access is limited to mail server access only / end-users should be using SMTP authentication on port 587 or 465
    • Guest networks need to be limited too!
    • Remote sending of email to servers via the Internet will still work if web-based, or configured properly to use port 587 using SMTP-AUTH.
  2. Do you have clients or end users NAT'd to the same IP as your mailserver? If so, this is very likely to be the source of the problem.
  3. Set up logging at the exit point and let it run for a few days to find anomalous port 25 traffic - these proxies do not necessarily fire every day.

HELO/EHLO & DNS CHECKS:

  • Check your DNS (A record and rDNS), email authentication and HELO values.
  • Ensure they are realistic for their intended use, and resolvable in external DNS.
  • If this is a Plesk, cPanel or DirectAdmin host, please read the FAQ.

You can test a server's HELO configuration by visiting AboutMyEmail. From there, send an email from the machine in question to the provided email address, and then examine the results. This tool will give a lot of detail about the email. To check HELO/EHLO, navigate to "Delivery" -> "SMTP" and look for the EHLO line.

  • If the HELO value does NOT exist in DNS, that must be corrected
  • If the HELO value is NOT correct, that must be fixed
  • If the HELO is using a domain that does NOT exist, that must be corrected

Make sure your SPF record is current, accurate AND published!

Removal from CSS

If the problem on 50.144.162.34 has been addressed, you can request removal:

Question

 • 

Updated 

19 hours ago

19

1

0

Oldest First
Selected Oldest First
XfinityJeniece

Official Employee

 • 

3.3K Messages

19 hours ago

Hey there, @user_frtcb9, thanks for reaching out through Xfinity Forums regarding the blacklisted IP. Are you still having the same issue? What is the error message you are receiving? 

0

0

forum icon

New to the Community?

Start Here