I’ve had mixed results when enabling the “DNSBL” filtering option in Forefront. When I’ve turned this feature on, I’ve ended up with a number of false positives although it’s been inconsistent in that one minute an address would work and the next it wouldn’t. The source SMTP server would come up in the NDR as blacklisted but when I checked, it wasn’t.
mail.iwitl.com #<mail.iwitl.com #5.7.1 smtp; 550 5.7.1 :220.127.116.11:Client host 18.104.22.168 UnknownDNSName; Mail from IP banned. To request removal from this list please forward this message to email@example.com>
After doing some investigating, it appears that part of the DNSBL filtering process is that Forefront does a DNS query for dnsbl.forefront.microsoft.com with the expectation that NXDOMAIN is returned. Well some providers (i.e. OpenDNS) do the “favor” of replacing NXDOMAIN with an IP for a default search page; when this happens, Forefront blacklists the email.
So a nslookup of “dnsbl.forefront.microsoft.com” using OpenDNS returns 22.214.171.124 whereas a query using Google’s DNS servers returns “non-existent domain”. The IP address 126.96.36.199 resolves to “hit-nxdomain.opendns.com”.
Changing my DNS forwarders from OpenDNS to Google seems to have resolved the issue.