There are only 3 ways for IP addresses to get listed in the njabl.org
- Operating an open relay or proxy
For the purposes of our dnsbl,
an open relay is any system that will deliver email to any address from any
source. Spammers tend to hunt for these systems, and then dump thousands,
sometimes hundreds of thousands of emails into these servers, which they
then spend hours or days trying to deliver to sites all over the world. In
addition to insecurely configured mail servers, web servers with insecure
HTML form to mail gateway CGI scripts can be used as "open relays", as can
insecurely configured proxy servers. The bottom line is if a server can be
used by any non-authenticated source to send email to any address on the Internet, it qualifies as an open relay and may be added to this
dnsbl. See our Methodology page for more information on how we find and determine which systems are open relays.
- Being a dial-up port IP or other dynamic address
hunt for open relays, some spammers will send their email directly
from a dial-up account. In general, there's no need for a dial-up
user to talk directly to any SMTP server other than that of their
own ISP. So we're compiling a list of dial-up port IP ranges,
mostly at larger providers where the abuse seems to be the worst,
and we add those to the list. We also include any other IP pools
that appear to be dynamically assigned as well as NAT pools, since
they are effectively dynamic. Open proxies and trojan proxies are
so rampant now that a large percentage of 'open proxies' are
actually dynamically assigned dial-up, DSL, or cable modem IPs.
These users should all be using their own provider's SMTP servers
rather than direct-to-MX as is often done with spam.
- Operating a system that directly sends out spam (unsolicited,
bulk email, usually of a commercial nature) or continually does so
on behalf of customers ignoring abuse complaints
You know who
these people are...they're the big commercial spammers who swear
they got your name from an affiliate or an associate who swears you
visited their web site and opted into the "all the spam you can
handle" service plan. I don't know where they really get their
lists, but judging from the number of bounces generated by "no such
user" errors, I'm guessing all these non-existent accounts didn't
really opt-in. In extreme cases, when an ISP is hosting spamming
customers and either ignoring abuse complaints or refuses to act on
complaints, we'll resort to listing the ISP's servers.
Occasionally, this is the only way to convince them that they have a
So that's it. Those are the ways an IP or IP range may be listed. So now the big question is, "how does an IP get de-listed?"
- If an IP is listed because it's an open relay, secure the relay such that it's not open.
If you don't know how to do this, don't ask us. Check your documentation. Check with your vendor. Search the net for help. Other sites are almost certainly running whatever software you use (odds are, we're not) and have figured out how to secure it. The people at mail-abuse.org have compiled a fairly extensive list of mail server software and tips on how you can secure them. Once your relay has been secured, you can come back here and remove it. If you didn't really secure the relay, it'll end up back in the list.
- If an IP is listed because we think it's in a dial-up range, show us that it not. If it really is a dial-up, it'll most likely remain in the list, but we may add non-dial-up range IP's to the list thinking they are dial-up range IP's. In these cases, we'll be happy to correct the error.
Also note, if you're trying to get an IP removed from dynablock.njabl.org,
please see the updated info on dynablock.
- If an IP is listed as a spam source, that means we have spam on file that appears to have originated on that system, but we did not find it to be an open relay or proxy. If you want such a listing removed, please explain how the spam came from/through the IP and what has been done to prevent additional spam from transiting your system.
- If you're a commercial spam provider, you're pretty much stuck
until you convince us that you're not.
If you would like to get an IP removed according to the guidelines above, and cannot remove it via the removal form send an email to
removals at mail.njabl.org. Be sure to include the IP address you want de-listed and the reason it should be removed.
Also, your message must list the 4 byte dotted quad IP / network in the
subject, or it won't make it through our filters.
If your IP is listed as a spam source, your request will be ignored unless you include how the spam originated from your IP and what has been done to prevent future abuse.
If your IP is listed as dynamic, please contact us from the RIR contact email address to inform us that it is not.
If none of this makes much sense to you, you should probably read our
Information for End Users page.
Please note: If your IP is listed because it was found to be an open
relay or proxy do not email asking for your server's IP to be removed if you have not already closed the
relay or proxy and tried using the removal
If you cannot send us email because your outgoing email goes through a
listed server, you can email removals via rt.njabl.org as
removals at rt.njabl.org. However, you
must put the IP address you're contacting us about in the subject of your
message or it will not make it through our filters and will be discarded.