Monitoring Hosts and Domains for RBL Listing Using Azure - Part 1: Design
The thing that prompted the publishing of this series of posts is a recent case of a customer with a large mail platform. The Mail Transfer Agents handling the internet mail flow for such a platform are usually susceptible to being flagged as malicious on RBLs, causing issues with mail flow. The solution described in these posts helps monitor the status on the RBLs and trigger alerts in service management systems, using modern cloud application development techniques. But wait, what is an RBL? A Real Time Block list is a service that keeps track of the domain and/or the IP address of the hosts reported to be sending SPAM or malicius messages. RBLs are actual DNS zones where IP addresses or domain names are represented by A records. Let's take a list, say rbl.example.net, for example. To check if the host with IP 100.101.102.103 is listed we have to query the DNS for the host 103.102.101.100.rbl.example.net. If there is no such host known (the responce is NXDOMAIN) the host