x

IPv4 Blacklist Removal


IPv4 Market Group takes blacklisting very seriously. One of our primary goals is to provide buyers with quality and clean IPv4 blocks. When a client agrees to sell an IPv4 block through us, we offer a service to clean the range of all possible blacklisting to prepare it for new ownership. Having developed our own software we can comprehensively scan any size IPv4 block against approximately 90 public blacklists. We can scan blocks from /24s right up to /8s. The blacklists monitored are frequently audited and updated to include the most common and reliable ones in service. Beyond our own software we also use several other reputable sources to gather even more blacklisting data, then cross-reference our findings. We provide the seller with a comprehensive blacklist report and begin work on cleaning the block. The seller is periodically updated throughout the cleaning process, and a finalized report is sent when all possible cleaning is complete. A potential buyer may have access to the final report.

 

What exactly are blacklists?

Blacklists are commonly referred to as DNSBLs (Domain Name System Blacklists). They are servers which store lists of IPs that have carried out some kind of malicious attack or been suspected of doing so. Internet users can query public blacklists to stop incoming dangerous networking connections and emails. Users can also submit IPs to a blacklist if spam is received or a malicious attack takes place or is attempted. IPv4 Market Group understands that the blocking of networking connections is a concern for buyers of IPv4 blocks. A new netblock owner should not have to worry about blocked connections based on past activity, which is not affiliated with them or their current/future clients.

 

What information do blacklists store?

A blacklist will typically keep track of one or more lists of IPs. Each list is usually dedicated to a specific type of offense or issue. For example, there may be one list for IPs which have sent spam in the past, and another list for hijacked PCs. A blacklist entry will usually consist of an IP, a code indicating the state/type of listing, and the date of occurrence. While most lists keep track of IPs of a malicious nature, there are also lists which track IPs based on an ISP’s acceptable use policies. For example, an ISP may voluntarily submit a range of dynamic IPs to a public blacklist, which should not be used for sending unauthenticated email.

 

Who manages blacklists?

There are a multitude of organizations who maintain blacklists available for public use. Some popular blacklists are handled by Spamhaus, Sorbs and Barracuda, to name a few. ISPs or companies may also use internal blacklists. A blacklist organization may consist of one person, or an entire team of network engineers and investigators spread out over multiple countries. Sometimes larger blacklists may work with law enforcement to stop illegal network activity. Many blacklist organizations take it upon themselves to add ranges of IPs if dangerous activity is detected. They may even block entire subnets if a few IPs from that range are seen as threats.

 

How does IPv4 Market Group remove IPs from blacklists?

Delisting is not always straight forward, but IPv4 Market Group has years of extensive experience with removal from most major public blacklists. We typically ask the seller of a range to cease any assignment of IPs to clients, such as dynamic IPs, as to avoid any new blacklist entries. We work with reputable sellers, but unfortunately an ISP cannot always control or foresee abuse of IPs by their clients. If possible, it is recommended to cease non-critical networking during an IPv4 transfer.

After network activity is minimized we perform a blacklist scan and analyze the results to understand the type of listings and their severity. On rare occasions a listing can be ignored, for example, if the listing returns a code stating that no SPF (Sender Policy Framework) record was found for an IP. In this example, the entry does not indicate blacklisting, and furthermore, the IP may not even relate to an email server which would use an SPF record. Also, on rare occasions there can be false positives in blacklists. But most listings are serious, and the IPs must be delisted, either one-by-one or in bulk. In most cases IPv4 Market Group can perform the delisting of IP addresses from public blacklists, which may involve filling out a delisting web-form, contacting the removal team directly, or submitting help tickets. Most blacklists will request justification of removal, and on rare occasions prerequisite steps must take place before a delisting is accepted.

Sometimes a delisting request must come directly from the net-block owner. In these situations, we will ask the seller for assistance. This may involve submitting documentation for proof of ownership to the blacklist organization. Once they receive proof of ownership the delisting will occur, or they will provide access to an online portal to perform net-block management and direct IP removal.

 

How long does it take to delist an IP address, or range of addresses?

This depends on the blacklist organization. Some blacklists remove entries immediately, while others may take 2-5 days or even weeks. Delisting sometimes takes longer if the IPs have carried out multiple offenses in the past of a severe nature, or have been suspected of being hacked, hijacked or part of a botnet.

@ipv4mg on Twitter

Articles & News

All About IPv4 Blacklisting
What is a good IPv4 block size to sell?