Spamhaus blacklist.

[aikooo7]

Describe the bug, issue, or problem:
us.kg is in spamhaus's dbl blacklist, making hard to impossible to send emails.

URL (if applicable):
https://check.spamhaus.org/results?query=us.kg

Domain Name (if applicable):
*.us.kg

Expected Behavior:
I wouldn't expect it to not be blacklisted, but what at least you could try remove it from it.

Additional Context:
I tried to do a ticket myself but they want to talk with the owner of us.kg

[aikooo7]

I was able to get more information

~ $ dig us.kg

; <<>> DiG 9.16.41 <<>> us.kg
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9607
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;us.kg.                         IN      A

;; ANSWER SECTION:
us.kg.                  3600    IN      A       192.9.243.240

;; Query time: 256 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Aug 31 19:34:18 WEST 2024
;; MSG SIZE  rcvd: 50

Doing a dig in us.kg shows it points to a private it further that is likely the reason of the blacklist:

https://mxtoolbox.com/Problem/Blacklist/Spamhaus-DBL/?page=prob_blacklist&ip=us.kg&link=button&action=blacklist:us.kg&showLogin=1&hidetoc=1&reason=127.0.1.6,%20127.0.1.4,%20127.0.1.5

No IP queries for DBL, see https://www.spamhaus.org/faqs/domain-blocklist#can-the-dbl-be-used-to-look-up-ip-addresses

At the same, seeing the return codes and crossing with the spamhaus's table shows:

127.0.1.6 botnet C&C domain 127.0.1.4 phish domain 127.0.1.5 malware domain

This might be happening because someone is using us kg domains for nerferious activities and us.kg if begin flagged of bad activiity instead of the proper invidivual?

[EdwardLab]

We are aware that some domains are being used for fraudulent activities, phishing, and other illegal actions. While we are blocking accounts that are clearly involved in these activities, the large number of registered domains makes it likely that some involved in criminal activity still exist. If possible, please have them email us at contact@digitalplat.org or contact@nic.us.kg to discuss the matter. We are also working to remove US.KG from the DBL list. Thank you.

[aikooo7]

We are aware that some domains are being used for fraudulent activities, phishing, and other illegal actions. While we are blocking accounts that are clearly involved in these activities, the large number of registered domains makes it likely that some involved in criminal activity still exist. If possible, please have them email us at contact@digitalplat.org or contact@nic.us.kg to discuss the matter. We are also working to remove US.KG from the DBL list. Thank you.

I have done a second ticket but I am pretty sure it was deleted as when I access it it is blank. Please let me know of anything else I can help you with and thanks for doing what you can to fix it.

[EdwardLab]

They have not been removed from the list. I think we need to ban accounts that are used for criminal activities on a large scale. They said they will not remove them from the list until there are no more domains involved in criminal violations. :(

[aikooo7]

They have not been removed from the list. I think we need to ban accounts that are used for criminal activities on a large scale. They said they will not remove them from the list until there are no more domains involved in criminal violations. :(

Well if we need to go that route:

First I wonder, if the domains are up means that they weren't reported to you, right? Why would someone else report a domain other than the abuse contact, I wonder.

I really hate to say this because this way the unique way that I could get my domains but maybe GitHub kyc is too lax?

Making a tool to scan registered domains for abusive content is a maybe a good idea?

This was only a thing that went into my mind to fix the issue :)

[aikooo7]

@EdwardLab Do you think asking them to treat us.kg as a tld would work? Then they would blacklist domains but us.kg itself no

[EdwardLab]

I’ve been so busy lately that I haven't really been managing US.KG or updating the backend (since I'm in school and also working on developing and managing other projects). They won't take care of it, so the only solution is to clean up spam, abuse, and criminal domains to resolve the issue. Once I have some free time, I'll start cleaning things up and tightening the KYC process.

[aikooo7]

I’ve been so busy lately that I haven't really been managing US.KG or updating the backend (since I'm in school and also working on developing and managing other projects). They won't take care of it, so the only solution is to clean up spam, abuse, and criminal domains to resolve the issue. Once I have some free time, I'll start cleaning things up and tightening the KYC process.

Alright that's totally fine, let me know if you need anything

[aikooo7]

https://github.com/DigitalPlatDev/US.KG/commit/4e159b6841f1d394617d5bc9838c98139f9b29b7 and manual review of all current domains could fix this issue

[EdwardLab]

Yes, I use a simple script to scan domains with open ports 443 and 80 to identify those that might be used for criminal purposes.

[EdwardLab]

I'll continue to follow up with them to ensure they are removed from the blacklist.

[aikooo7]

I'll continue to follow up with them to ensure they are removed from the blacklist.

Alright, thanks for your cooperation, this is a real big deal for me because of sending emails to microsoft

[zhuzxmas]

I found the same issue, my email sent from xxx.us.kg will be marked as junk email or spam email, as the domain us.kg is listed on the blacklist...

[EdwardLab]

yes, I submitted a removal request ticket to Spamhaus yesterday. they didn't reply to me yet, I'll update here once they reply ticket, just wait first.

I found the same issue, my email sent from xxx.us.kg will be marked as junk email or spam email, as the domain us.kg is listed on the blacklist...

[aikooo7]

They have not been removed from the list. I think we need to ban accounts that are used for criminal activities on a large scale. They said they will not remove them from the list until there are no more domains involved in criminal violations. :(

Sidenote: Was this fixed? If not it would be pointless to do a ticket, I guess?

[EdwardLab]

Update: After scanning, they found that there are still misused domains. We may need to use a domain scanning tool and ban misuse domains to solve it, but I am not sure what tool to use. I will ask for their advice.

I used a script I wrote to scan, but it didn't work very well

[aikooo7]

Update: After scanning, they found that there are still misused domains. We may need to use a domain scanning tool and ban misuse domains to solve it, but I am not sure what tool to use. I will ask for their advice.

I used a script I wrote to scan, but it didn't work very well

Thanks for the update!

If it was me, I would ask them for recommendation as you said.

[EdwardLab]

Update: They seem unwilling to provide scanning tools, suggestions or even answer my questions, and just suggest that I delete these domains or shut down us.kg service. :(

[aikooo7]

Update: They seem unwilling to provide scanning tools, suggestions or even answer my questions, and just suggest that I delete these domains or shut down us.kg service. :(

You could try talking to cloudns.net to check how they do it? They have free domains and aren't on spamhaus's.

https://check.spamhaus.org/results?query=aikoo7.cloudns.ch