Any way to see if ISPs are blocking my domain?

Post #313,355 by drook 9/1/09 9:26:19 AM Reply	Any way to see if ISPs are blocking my domain? I just had a second person tell me they can't see my site at http://blog.cooklikeyourgrandmother.com. Oddly enough, one of them told me via a comment on the site, but that would have been on a detail page. Is it possible I got onto someone's email blacklist -- I catch a lot of bounces from people using my domain as the sender -- and they misconfigured it to block the main page from web browsing? -- Drew
Post #313,356 by boxley 9/1/09 9:40:55 AM Reply	not that way an ISP usually blocks inbound mail from an ip on a blacklist. I would suspect a problematic dns entry, not nescessarily youra but upstream or elsewhere The site appears fine from my desk
Post #313,357 by drook 9/1/09 9:48:33 AM Reply	Symptoms suggest a block, not DNS According to the comment I got, the main page isn't working, but the detail page where they left the comment clearly is. -- Drew
Post #313,359 by boxley 9/1/09 11:16:43 AM Reply	maybe a corporate ban? most ISPs dont block sites by IP range unless its temporary and if they were blocking the IP the detail page wouldnt have come up either. Same with blocking the domain name. Do they get a block message or does the page time out? Some ISPs will do a redirect on a suspect Webpage to a warning page but they usually block the entire site, not parts of it.
Post #313,364 by Andrew Grygus 9/1/09 11:54:39 AM Reply	Yup, sounds like a problem at the user's end.
Post #313,367 by drook 9/1/09 12:18:03 PM 9/2/09 2:29:34 AM Reply	That's what I thought until I got the second report I've asked both of them for details about what they see, and what ISP they use. Nothing I can do until I get more info. === Okay, got the response: I got to this page through Google cache link to your page - it shows a cached version of the blog which it keeps on its servers. The link to comments from this cached page opened this Blogger URL, so I now come directly to the Blogger comment page (which shows up normally). When I go to http://blog.cooklikeyourgrandmother.com, this error message shows up: "Firefox can't find the server at blog.cooklikeyourgrandmother.com." Yep, weird. I noticed this when I followed the link to your fake food article from my RSS feed. I think it worked fine last week. So it does seem to be a DNS issue. And this report is from someone in Slovenia. Hmmm ... could someone have hijacked the DNS in Slovenia to send spam from "me"? -- Drew Edited by drook Sept. 2, 2009, 02:29:34 AM EDT Expand All History
Post #313,410 by folkert 9/2/09 7:09:07 AM Reply	More Like Cache Poisoning. Cache poisoning for Google's entries is more like it. To bad they didn't try for www.'clygm'.com Might have told you more.
Post #313,418 by folkert 9/2/09 8:21:44 AM Reply	looks like that "shortcut" domain might be available. clygm looks to be available. Might be something worth exploring, and since "domain tasting" is a thing of the past, it might just be a good thing.
Post #313,419 by drook 9/2/09 8:23:36 AM Reply	How would that help me? -- Drew
Post #313,423 by folkert 9/2/09 8:42:43 AM Reply	Re: How would that help me? For blogs other than yours? You have to admit: cooklikeyourgrandmother.com is a LOT hard to type and get right than: clygm.com And given the Tweets/SMS/IM character limits, shorter is always better. I know you aren't going after the IM/SMS crowd, but it never hurts to plan ahead in case you NEED it. Considering the price per year... $1/month or less, is it really NOT worth having it at least reserved? (or owned but not used)
Post #313,429 by drook 9/2/09 9:43:36 AM Reply	It's got to be pronounceable Dave Weiner over at scripting.com has been doing a lot of work lately on URL shortening services. The problem is that if one of them goes down a large number of links go dead. His solution is that you have to own your own short names. Having the short URL for my own links would solve that problem, but at the expense of having to set up a 301 redirect for every hit to it, pointing to the corresponding long URL. My URLs are pretty long after the domain anyway, so it's not really saving that much. My site isn't really conducive to reading on a phone anyway, unless you've got enough screen space to be using email instead of SMS anyway, so I'm not terribly worried about the short URLs. Bottom line is I can say "cook like your grandmother dot com" and people get it right. "see el why gee em" won't stick more than 30 seconds for most people. -- Drew
Post #313,440 by folkert 9/2/09 12:27:52 PM Reply	The 301 is a single re-write rule in Apache. As for the pronounceable short URLs... I think you are missing the point in the first place. But I can see your point, stinking in the brain is important. cooklygm.com `greg@maxime:~ [0] $ whois -H cooklygm.com Whois Server Version 2.0 No match for "COOKLYGM.COM". >>> Last update of whois database: Wed, 02 Sep 2009 16:19:57 UTC <<<` And the Redirect would be something like: `RewriteCond %{HTTP_HOST} blog.cooklygm.com$ [OR] RewriteCond %{HTTP_HOST} cooklygm.com$ RewriteRule ^/$ http://blog.cooklikeyourgrandmother.com/ [R=301,L]`
Post #313,515 by drook 9/4/09 9:29:51 AM Reply	Dammit, just got another report it's not coming up This one is local, from right here in Cleveland. Is there any way to find out what various DNS servers have my domain pointing to? -- Drew
Post #313,554 by folkert 9/4/09 3:47:49 PM Reply	What is comes down to I think... Is your DNS servers aren't properly setup with IP addresses. greg@maxime:~ [0] $ whois -H cooklikeyourgrandmother.com Whois Server Version 2.0 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Domain Name: COOKLIKEYOURGRANDMOTHER.COM Registrar: ABACUS AMERICA, INC. DBA NAMES4EVER Whois Server: whois.names4ever.com Referral URL: http://www.names4ever.com Name Server: NS1.ABAC.COM Name Server: NS2.ABAC.COM Status: ok Updated Date: 02-nov-2008 Creation Date: 01-nov-2007 Expiration Date: 01-nov-2009 >>> Last update of whois database: Fri, 04 Sep 2009 19:44:36 UTC <<< [snip] Record last updated on 2008-11-03 00:00:00 Record created on 2007-11-01 00:00:00 Record expires on 2009-11-01 00:00:00 Domain servers in listed order: ns1.abac.com 216.55.128.4 ns2.abac.com Notice anything missing there?
Post #313,558 by drook 9/4/09 4:57:02 PM Reply	How about "ns1.aplus.net"? -- Drew
Post #313,568 by folkert 9/4/09 7:24:39 PM Reply	Sweet! Just what you need. Still has not propagated yet. Dude, that sucks! There is a reason I do my own DNS. I've only ever considered using DNSMADEEASY as they have 14 geo-located DCs that can fail over traffic and do it right. But oh well, this might learn ya to run DNS separate from Registrar. https://www.dnsmadee...06/price/dns.html They have a 100% uptime guarantee. $30/year for 5 million DNS queries a month. DNS is critical to making your site WORK, you might want to take the extra step.
Post #313,378 by folkert 9/1/09 6:49:39 PM Reply	pro2.abac.com == 66.226.64.3 == cooklikeyourgrandmother.com http://www.robtex.co...ro2.abac.com.html http://www.robtex.co.../66.226.64.3.html http://www.robtex.co...ndmother.com.html Its not complete, but it gives you an idea. Someone on that list probably has an site on that IP and has it blocked. Now "blog.cooklikeyourgrandmother.com" is very doubtful to be problematic as its the all mighty google. ;; QUESTION SECTION: ;blog.cooklikeyourgrandmother.com. IN A ;; ANSWER SECTION: blog.cooklikeyourgrandmother.com. 3600 IN CNAME ghs.google.com. ghs.google.com. 136973 IN CNAME ghs.l.google.com. ghs.l.google.com. 300 IN A 74.125.93.121 http://www.robtex.co...s.google.com.html http://www.robtex.co...4.125.93.121.html http://www.robtex.co...ndmother.com.html Not terribly different, but given that google is the reverse for "blog." It is conceivable someone HATES Google. hint hint... Yahoo and AT&T/SBC have an ISP agreement going. Yahoo and Microsoft have a Search thing going. Microsoft has a lot of sway in AOL. Microsoft has a lot of sway in Comcast. DNS Hi-Jacking isn't unheard of even in those big names.
Post #313,379 by folkert 9/1/09 7:05:18 PM Reply	one more, you've got NO SPF/DKIM/SenderIP records... That typically spells bad news period. `greg@maxime:~ [0] $ dig -ttxt cooklikeyourgrandmother.com ;; QUESTION SECTION: ;cooklikeyourgrandmother.com. IN TXT ;; AUTHORITY SECTION: cooklikeyourgrandmother.com. 3600 IN SOA ns1.aplus.net. hostmaster.aplus.net. 2009081023 7200 3600 3600000 3600` Nothing. It is really easy to make one, look at mine. `greg@maxime:~ [0] $ dig -ttxt gregfolkert.net ;; QUESTION SECTION: ;gregfolkert.net. IN TXT ;; ANSWER SECTION: gregfolkert.net. 10800 IN TXT "v=spf1 ip4:208.64.37.170 a mx a:uno.gregfolkert.net mx:uno.gregfolkert.net mx:mail.gregfolkert.net -all"` You can make you own easily at http://www.openspf.org/ SPF is enough right now. I'd use something for your domain like: For Bind: "v=spf1 mx -all" If you use other hosts to send mail, then you will have to add those. Like if you have your "publisher" send out e-mail from info@cooklikeyourgrandmother.com but from a machine called "cooklikeyourgrandmother.thispubservice.com" you'll more than likely have to add the specific IP address they use for it. Making it something like: For Bind: "v=spf1 mx ip4:12.34.56.78 -all" CIDR segments can be specified (12.34.56.78/27 etc.)
Post #313,384 by boxley 9/1/09 7:38:42 PM Reply	I dont have DKIM senderid spf and Im not blocked :-) per rfc dkim an unsigned mail is no different than a signed mail. No reputation is accrued because you sign with dkim successfully. 1/2 of the spam we receive is successfully dkim signed.
Post #313,386 by folkert 9/1/09 7:55:37 PM Reply	Yes, I understand that Bill. But NO SPF record adds 2-3 points to your spam score (taking only a "5" to qualify) is seriously not worth NOT having one (being the default neutral). Having a "-all" and mail coming from your domain that IS NOT from allowed addresses (being a negative return) adds 3-5 points to spam scores (but not plus the 2-3 for no record). This mean you can reduce mail spam scores from your real mail servers by 2-3 points, plus add 3-5 points to fakers. DKIM and SenderID are not ideal solution anyway. DKIM is easy to implement and publish the public keys so... spammer use it AND SPF. Also using the "-all" at the end of your SPF record says ONLY THESE IP/HOSTs are authorized to send mail for your domain. Most places use SPF as another tick mark against depending on the outcome (neutral or negative/not-authorized). Having an SPF record proper gives YOUR mail a much better chance of getting through. Now the Spammers that are properly signing and publishing stuff... you have a real target to go after then. They can and are seriously blacklisted, no amounts of SPF or DKIM will truly overcome the SPAM additives in the scoring engines.
Post #313,388 by boxley 9/1/09 8:27:33 PM Reply	Re: Yes, I understand that Bill. you must be talking about corporate antispam rules. An ISP has to be much more lenient as the customer has decided that ISP delivers mail to them so unless it is a phish pharm or balatant spam is should be delivered to the in box on the off chance the customer wants it. If you dont think that is true put 10 geeks in a room and let them discuss mail from the edge and you will sure see a lot of disparate interests. SPF is implemeted broken in so many places it is almost useless to derive much reputation from that. Now you have legitimate hosters like hotmail business services that use large data centers world wide natted behind a few IP addresses that compound the problem. Corporate antispam is easy peasey. For a large ISP not so much as the false positive rate has to be kept low while still offering protection to its customers
Post #313,389 by drook 9/1/09 8:41:39 PM Reply	Bleurgh ... gotta do some reading You and Box are speaking a dialect I'm only passing acquainted with. Need to read up and see what to do, and how to get my host to do it. All one-off mail goes through their webmail interface, but my autoresponder is sending from the webserver. Don't know how I'll have to set things up so that both of them show up as being from the same place. Maybe I'll just check their knowledgebase, see if they have any pointers. Oh, and thanks for the info. I can't use it yet, but I know it's got everything in there I need to figure it out. -- Drew
Post #313,390 by Another Scott 9/1/09 8:52:35 PM 9/1/09 8:57:25 PM Reply	I find all this stuff rather scary, myself. I was browsing around Google Apps - http://www.google.co.../group/index.html - and noticed that they will register a domain name (or, actually, have someone else do it) for $10 a year. Not bad. Lots of stuff is included with Google Docs, but... Of course, Google scans everything to enable ads, that's understood. (I dunno if they have a paid version where one can encrypt one's stuff by default, or something.) And one can't put one's pr0n there. ;-) But what about all of this other stuff that you're fighting with? Or spam on a Wiki one sets up, or ... I'm beginning to think that I've waited too long to start thinking about setting up a more permanent presence on the Internet. Who has time for all of this minutia? :-( Good luck! [edit:] Apps, not Docs. Cheers, Scott. Edited by Another Scott Sept. 1, 2009, 08:57:25 PM EDT Expand All History
Post #313,394 by static 9/1/09 9:04:49 PM Reply	I guess it's a noble effort. I'm tempted to say 'this is why I have a permanent IP address and my own server', but I set it up years and years ago, long before Google Apps was around. Or even thought of. At least I can put anything I want up on my server. The only thing prohibitied by my ISP is spamming or internet attacks. And I think the latter may only really be prohibited just against other customers of my ISP. Wade. Q:Is it proper to eat cheeseburgers with your fingers? A:No, the fingers should be eaten separately.
Post #313,399 by folkert 9/1/09 10:50:45 PM Reply	I've been thinking about going the OTHER way. taking my $50/month and using other resources, Google Apps (the pay for it version) for mail and calendar, etc... using Google Sites for my website... among other options. Personally I don't care if Google scans my trash, they can get it anyway if they try hard. I can probably pay less than $50/month and get more services (by a factor of 10). Google for Blogs, Apps, Mail, etc. DNSMADEEASY for DNS hosting. Plus I can have a ton of account (for me anyway) on Google for stuff.
Post #313,407 by drook 9/2/09 12:46:47 AM Reply	That's the direction I've been going Like the saying goes, "Never write any software except what you're selling." If someone else makes it, use that one. For me, I've extended that to hosting and configuring. Use the pushbutton Wordpress installation and accept the defaults. (And write a custom theme, of course.) Use the default email options. Follow the host's recommendations for DNS configuration. If setting this stuff up were my job, I'd want to understand it. It's not, so I don't. -- Drew
Post #313,398 by boxley 9/1/09 10:44:13 PM Reply	here ya go http://bbiw.net/spec...mail-arch-11.html dave is very knowledgeable and has been known to have a sense of hupor :-)
Post #313,406 by drook 9/2/09 12:38:31 AM Reply	Are you serious? I'm really not sure here. Are you saying I need to understand everything in there to set this stuff up correctly? If so, it ain't happening. If you're saying everything I need to know is in there somewhere ... well, that's a smaller pile to search through, but I still think I'm better off trying to get help from my site host first. -- Drew
Post #313,417 by boxley 9/2/09 8:05:31 AM Reply	stuff like that interests me, but I understand it doesnt interest everyone. I like to watch sausage being made not everyones cup of tea
Post #313,421 by folkert 9/2/09 8:34:25 AM Reply	Speaking of sausage, You see the recent... Brouhaha about the Male Chicks in an Egg Hatchery for the Egg Producing Industry? They are making chicken sausage. At least it only takes an instant for them to be killed, versus being eaten alive by predators in a few minutes.

Welcome to IWETHEY!