We’re using security software that among other things queries the Spamhaus Project’s RBL and blocks source IPs which are listed. Several of the testing IPs used by the new validation technique are being blocked due to being listed on the Spamhaus XBL list. Querying those IPs, we find that Spamhaus has them listed because they are listed on the AbuseAt Composite Blocking List (CBL) at https://www.abuseat.org/. Testing the three validation IPs that were blocked, shows that according to the CBL, those IPs have been identified as having been infected with a botnet, either nymaim/Gamarue or matsnu.
We can either disable these checks in our security software, but that defeats the purpose of the software. We can whitelist individual IPs, but we don’t know what IPs we need to whitelist or if the list will change without any forewarning, and regardless I’m wary about whitelisting IPs that may be involved with botnets.