IP policy blocklist (dynamic.mail.abusix.zone)
|Cloud DNS namespace:||<key>.dynamic.mail.abusix.zone.|
|Return Codes:||127.0.0.11, 127.0.0.12|
|Test Points:||127.0.0.2, 127.0.0.11, 127.0.0.12|
This is our email "Policy” blocklist which aims to list all IP addresses that should not be connecting directly to external SMTP servers, but should instead be using their ISP or mail providers smarthost to relay messages using some form of SMTP authentication.
This list is designed to preemptively list any IP that does not appear to be suitable for use with an SMTP server, this is to catch newly compromised hosts, hijacked IP space etc. immediately without requiring trap hits for listings.
It is built by constantly scanning the entire IPv4 range and applying a policy that states:
127.0.0.11 is returned for hosts with generic rDNS.
127.0.0.12 is returned for hosts with no rDNS.
Anyone can request a delist from this zone and a semi-permanent exception will be created automatically. Exceptions are only pruned when they are no longer necessary, but in the future we may require that Policy exceptions are revalidated once per year to prevent them from becoming stale.
There is also a zone file called "policy.zone" which is now deprecated. This was a stricter version of the Policy Blacklist which also included hosts which contained "static" within their rDNS labels. Please check that you are using the correct zone file as "policy.zone" will be removed in the future to save bandwidth and confusion.
$ host 18.104.22.168.<key>.dynamic.mail.abusix.zone. 22.214.171.124.<key>.dynamic.mail.abusix.zone has address 127.0.0.11 126.96.36.199.<key>.dynamic.mail.abusix.zone has address 127.0.0.12
Our award-winning customer care team is here for you.Contact Support