[June 18, 2017 – UPDATE]
The situation seems to have been fixed on their side.
[May 8, 2017]
We’ve noticed a wave of false positives coming from the junkemailfilter.com RBLs.
After some investigation we’ve determined that their nameservers may not be properly synced, since they seem to be giving out mixed signals.
Test case: let’s take the following IP address, we manually check it on their website, and it’s clearly blacklisted:
Now, when running that same IP address against all of their nameservers, via DNS query, we find that most of the nameservers are saying the IP is in fact not blacklisted:
==================
Checking 67.215.5.186 against hostkarma.junkemailfilter.com nameservers
==================
184.105.182.248 - 127.0.0.2
184.105.182.249 - 0
69.50.231.142 - 0
108.38.233.26 - 0
184.105.182.250 - 0
184.105.182.251 - 0
184.105.182.252 - 0
184.105.182.253 - 127.0.0.2
As you can notice, only 2 out of 8 of their nameservers are responding as if the IP is blacklisted, while the other 6 are responding as the IP is not blacklisted.
Our system does have an algorithm in place just for such events, in order to minimize false positives, but there may be cases, where the results are overwhelmingly wrong, in which false alerts may be issued in regards to these RBLs.
We’ll continue to monitor this issue, as it progresses.