cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

Zoom IP Blacklisted

JoeyK
Newcomer
Newcomer

My email host tells me Zoom has had one if its domains blacklisted by one of the spam filters:

 

http://www.spamcop.net/w3m?action=checkblock&ip=167.89.93.232http://www.spamcop.net/w3m?action=checkblock&ip=167.89.93.232http://www.spamcop.net/w3m?action=checkblock&ip=167.89.93.232http://www.spamcop.net/w3m?action=checkblock&ip=167.89.93.232

 

I am note sure if Zoom is doing anything about this, but when I contacted support, they told me all I could do is try to whitelist it on our server.

Joey

11 REPLIES 11

CarlaA
Community Moderator | Employee
Community Moderator | Employee

Hi @JoeyK, Welcome to the Zoom Community! We're glad you're here šŸ™‚

 

We aim to provide helpful resolutions or workarounds to issues, however, reaching out to our Support and Tech Agents to help troubleshoot was the right call for this specific issue, and whitelisting the address on our server is the best first step! I apologize that you had not yet received a reply from our Community, but I want to thank you for being one of our first contributors. 

 

I am excited to see how else you contribute to the Communtiy!

 

Zoom Moderator 

-CA 


Carla (she/her/hers)
Zoom Community Team
Have you heard of Zoom AI Companion?

I believe youā€™re joking. I am waiting since January for an answer, yet nobody even disturbed themselves to even reply to my issues with what it should be jobeless completely and entirely ā€œtrust and safetyā€ department, which is now going further up in court because of your ignorance of not recognising international laws and regulations. 
your department blocked my apple devices from entering on your server with that stupid error of 1132, and in Europe banning a device from a server it makes the device BLACKLISTED, therefore losing warranty + any insurance. It also been known as going against manufacturers license in the respective continent/countryā€™s and unfortunately even USA providers have regulations to follow. Loss: 2x MacBook Pro M1 2020 , 1x MacBook Air 2017 (apple care available another 2 years just went on the toilet), 1x iPhone 13 Pro Max, 1x iPhone 12 Pro Max (both having apple care and under 1 year of purchase), iPhone XS Max. iPaf air 2017 (apple care lost). Grand total Ā£6,087 where I will add up max to Ā£10,000 in court this Monday, as you had enough time to think about my issue. Ruthles, insensitive and careless company. I will also make sure to go on every newspaper to say what one of ur employees confirmed, which is breach of privacy, and for that I am suing you for over Ā£1m. See you in court. 

lol 

Any update? Invitations are still being blocked by spamcop and SORBS

 

Client Address: 149.72.249.102 [o6.sg.zoom.us]
Content Classification: Blocked using RBL: bl.spamcop.net

 

Whitelisting and bypassing RBL checks for your entire recursive SPF is not practical or feasible for most, and certainly not safe. Above IP is from sendgrid, a wretched hive of scum and villainy...

Hello,

we just detected IP address 170.114.52.2 (zoom.us) is on internet blacklist List of Proxy IPs Used by Killnet, Released (heimdalsecurity.com):

https://github.com/securityscorecard/SSC-Threat-Intel-IoCs/blob/master/KillNet-DDoS-Blocklist/proxyl...

 

We whitelisted the IP address just for your notification more customers may have problems connecting.

 

Best regards,

DennisJO
Newcomer
Newcomer

Carla, we are also seeing zoom IP addresses frequently landing on spammer blacklists. What's worse is that we even received a scam email claiming to be Chase Bank which was sent from one of Zoom's whitelisted IP's. 

WHOIS 149.72.249.102:

 

> NetRange: 149.72.0.0 - 149.72.255.255
> CIDR: 149.72.0.0/16

 ...

> OriginAS: AS11377
> Organization: SendGrid, Inc. (SENDG-12)

 

Reverse lookup:

 

> dig -x 149.72.249.102

...

> o6.sg.zoom.us.

 

It wouldn't appear they are NOT using "shared" Sendgrid relay IPs (at least) since reverse lookup clearly shows Zoom domain. It is odd (and odd in a very bad way) you would get an email from a spammer/hacker if they have these IPs strictly reserved for Zoom use.

 

My recommendation, if I worked there (which would probably fall on deaf middle-management ears), would be to lose Sendgrid and use a service like AWS SES and apply for unique SMTP relay IPs (Or, any provider that doesn't consistently have IPs fall on Spamhaus, Spamcop, SORBS or other large BLs).

Barring that, I would have a nice LONG TALK with Sendgrid as to why Zoom (only) addresses keep consistently getting blacklisted. Admins and End users should NOT have a need to whitelist IPs if these are not marketing related (and the ones I see go to junk occasionally are simply notifications).

Speaking of:

https://support.zoom.us/hc/en-us/articles/360032808951-Not-receiving-emails-from-Zoom


You really think someone is going to go through and whitelist every one of those SENDGRID IPs? Because that is what it would take (at least on mail servers I admin) to counter a blacklist hit.

 

RC11
Newcomer
Newcomer

IP address 170.114.10.160 is on Spamhaus blacklist and our firewall is blocking it causing a bad user experience. Please fix this.

Goyathlay
Newcomer
Newcomer

Zoom's IP address, 149.72.199.144, is listed on 3 blacklists today, SPAMCOP, SORBS SPAM and SORBSNEW.

 

This is blocking our email invitations to some of our members, are you actively trying to get your iP address removed from these lists?

neilh20
Newcomer
Newcomer

Hello,  I'm getting meeting invites from my local city with the same issue .

Its starting happening a couple of times in the last few weeks.

Other invites 

When I check the smtp server log it has:

Mar 16 15:27:08 azonde postfix/smtpd[196358]: connect from o12.ptr3622.sg.zoom.us[167.89.93.232]
Mar 16 15:27:09 azonde postfix/smtpd[196358]: NOQUEUE: reject: RCPT from o12.ptr3622.sg.zoom.us[167.89.93.232]: 454 4.7.1 Service unavailable; Client host [167.89.93.232] blocked using bl.spamcop.net; Blocked - see https://www.spamcop.net/bl.shtml?167.89.93.232; from=<bounces+21079884-9d1c-neilh=***********> to=<***********> proto=ESMTP helo=<o12.ptr3622.sg.zoom.us>
Mar 16 15:27:09 azonde postfix/smtpd[196358]: disconnect from o12.ptr3622.sg.zoom.us[167.89.93.232] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6

 

When I look it up

Query bl.spamcop.net - 167.89.93.232

 

(Help) (Trace IP) (TalosIntelligence Lookup)

167.89.93.232 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 23 hours.

Causes of listing
  • System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)
  • SpamCop users have reported system as a source of spam less than 10 times in the past week



Express-delisting is not available

Listing History

In the past 89.4 days, it has been listed 31 times for a total of 56.8 days

Other hosts in this "neighborhood" with spam reports

167.89.93.30

 

Other IPs work

Mar 16 11:02:45 azonde postfix/smtpd[195268]: connect from mta14.e.zoom.us[13.111.204.236]
Mar 16 11:02:45 azonde postfix/smtpd[195268]: E7B03BD009: client=mta14.e.zoom.us[13.111.204.236]

 

Mar 16 12:02:33 azonde postfix/smtpd[195595]: connect from mta23.e.zoom.us[13.111.204.245]

Mar 16 12:02:33 azonde postfix/smtpd[195595]: DD95BBD009: client=mta23.e.zoom.us[13.111.204.245]


 

Peerasude
Newcomer
Newcomer

I also have the same problem that IP 167.89.93.232 is still blacklisted by SORBS SPAM.    Is there any permanent resolution for this now?    Thank you.

 

Peerasude