dns

by Fredrik Berggren on blacklists, dns, email, senderbase, senderscore

depricating current version of emailstuff api

Right now we have a free api emailstuff (see previous post) for looking up talos reputation (former senderbase), senderscore, reputation authority and blacklists. This api have been used a lot by people and companies and that’s really cool to see. What’s not so cool to see is that the users (often big companies with a lot of ips) that uses the api on a daily basis just hammer it like crazy and not folowing the rate limits. So that makes us take action, either we need to start charging a lot of money (wich we do not wan’t) so we decided to take another path.

We are going to depricate the current api and will be releasing a new one in a few weeks. The new api will be fast and i mean really fast. We are right now looking at lookup for 30 blacklists, senderbase, senderscore, reputation authority in under 100ms.

But that’s not all, we will include cyren lookups in the results also, as far as i know we will be the only api supporting this, isn’t that amazing (tv-shop i know)

So if you are interested in continuing using this service you need to send an email to emailstuff[at]dattaproffs.se and we will get you up and running.

The current api will be closed 31/7/2018.

Best regards
Fredrik Berggren

 
by Fredrik Berggren on dns, email

Check if your forward and reverse dns match

When sending email it’s a best practice that your sending ips reverse and forward resolutions match.

When looking up IPv4 addresses you use a special domain called in-addr.arpa so if you want to know the ptr of 8.8.4.4 just run this

See the name = in the answer, that’s the PTR not to see if we have a confirmed forward and are good to go we need to see if the domains A-record match the IP we looked up. Run this

See the Address part in the answer it matches the ip we checked PTR on. That means that they are matching.

ktnxbye!

 
by Fredrik Berggren on dns, email, reputation

How to check Cisco Senderbase reputation from commandline

*UPDATE 2*
I have created an API for all sorts of email and ip related info, read more here Api for talos reputation (previous senderbase.org), senderscore, reputation authority and blacklists.

*UPDATE*
Since this no longer work i have created a solution in c# for now, not as “fancy” but it does the job.  Go here to read the post Public senderbase dns lookup is closed, here is how to look it up in c# using HttpClient and HtmlAgilityPack 

Senderbase is similar to Senderscore it is a reputation score for you IP address and/or domain you can use the website http://www.senderbase.org/ to lookup your IP. But if you just wan’t to check it from the command line this is how you do it.

First little about how the reputation is calculated.

Reputation scores in SenderBase may range from -10 to +10, reflecting the likelihood that a sending IP address is trying to send spam. Highly negative scores indicate senders who are very likely to be sending spam; highly positive scores indicate senders who are unlikely to be sending spam.

SenderBase combines multiple sources of information to determine a “reputation score” for any IP address. This information includes:

  • Email volume information provided by tens of thousands of organizations that regularly receive Internet email
  • Spam complaints received by the SpamCop service
  • Information on other DNS-based blacklists

This is the command to get the score if your IP is 1.2.3.4

Here is the tricky part, if you do a lookup on the website you will get a grouped reputation Poor, Neutral and Good. So how do you know where the score you get in the dns lookup fits?

This is my findings:

Poor is between -10 and -1

Neutral is between -1 and 2

Good is between 2 and 10

If you have any other knowledge about the classification from the scoring please let me know in the comments.

 

 
by Fredrik Berggren on dns, email, telnet

How to validate email address with telnet

When collecting email addresses you will always validate it someway often the validation only consists of validating the format of the email address.

Bu what if you wan’t to know if an email address really exits without sending an actual email and ask (which is the absolute best way ofc)

Then  you can use the command line with nslookup and telnet.

First thing we need to know what the domains mx-record is if there is any.

As you can see dattaproffs.se has two mx-records if the domain of the email you are trying to validate don’t have any mx-records you can stop right here because that domain can’t accept any emails.

If you find a mx you can go on with telnet like this:

If there is a mailserver on the other side you will get a response code 220.

Then you can start sending SMTP-commands:

The first command must be HELO yourdomain.com or EHLO yourdomain.com the difference between the two is that HELO does not respond with any information about the server which EHLO does.

Then MAIL FROM: name@yourdomain.com and you should get a 250 OK

Then RCPT TO: theemail@youwanttotest.com if you get a 250 OK here there is a pretty good guess that the email you have is correct and exists. This is not 100% proof of the email existing for example yahoo will always answer 250 OK and only after the DATA command will they tell you if the email address is ok or not. And you do not want to go there because if it exists the recipient will get your test email.

The reason why we test another recipient with RCPT TO: somejibberishxxzxnnzx@somedomain.com is to see if the mail server has catch-all configured. If you get 250 OK on your completely made up address there is a good chance that the server has catch-all and the it’s no way to know if the original email exists either.

The last command is just QUIT.

validate email with telnet

Validating email addresses with telnet

 

 
by Fredrik Berggren on dns, reputation, senderscore

Check your IPs senderscore from the commandline

So you  have heard about senderscore but you think it’s tedious work to go to the website and log in and/or verifying the captcha..

Don’t worry you can the same way as checking dns blacklists (DNSBL) you can check your score from the command line.

Just reverse your IP and do a dns lookup, like this:

Unlike the DNSBL lookup where you where listed if you got a response the score is part of the Address response. So in the exemple above my score is 99.

You take the last part of the response address and that is your score. When you get Non-existent domain as an answer your IP hasn’t sent out enough email for senderscore to do a measure.

This can be done with dig exactly the same way as done in this post about DNSBL

Update:
This is updated twice a day at ~12:00 GMT and ~22:00 GMT so no need to look more than once after these times.

 
by Fredrik Berggren on blacklists, dns

How to check DNS-blacklists (dnsbl) from commandline (cmd / terminal)

There is a lot of DNS-blacklists out there. Sometimes you just want to check if your IP is listed in one.

A really easy way to do that is to use your shell, terminal, command prompt. Below i will show two examples using nslookup in windows and dig in OSX (Unix).

 

The basics is that if you get a response your IP is listed. There are different type of listings please refer to each services documentation.

You will typically get a response of 127.0.0.x where x has different meaning in different services.

Sometimes they will publish a TXT-record with the A-record to provide some more information about the listing or information on how to delist. So that i something that can be useful to lookup if listed.