We all like to think of ourselves as popular, so it comes of something of a shock to find yourself on a blacklist. But that’s exactly what happened to me last week or, rather, to my public IP address which, if you rely on email, is an equally damaging slight. Moreover, it’s an illustration of the fact that no matter how well protected you think you are, network security is easily breached.

It all started when my outgoing emails started to bounce back. Not all of them, just a few (including those to IT Week), leading me to think that it was a problem with the receiving servers. But then a pattern emerged. The bounce-backs were all from servers using MessageLabs filters, telling me in no uncertain terms that I was a suspected spammer and needed to do something about it.

A quick search on www.dnsstuff.com soon revealed the cause. There was my public IP address on not just one, but five blacklists, clearly highlighted as a potential source of spam. According to the mail logs at my ISP, the messages weren’t being sent by their servers, so a mass-mailing virus on a machine somewhere on my LAN was the most likely culprit. Equipped with the latest updates I diligently checked all my PCs and servers for viruses. I even checked machines running Linux, but all came up clean. Yet I was still being blacklisted.

I then configured a firewall rule to block and log any outgoing messages on port 25 (the SMTP “email” port). Again all was quiet until my better half came home from work and switched on her wireless laptop. Within seconds, I could see it repeatedly trying to distribute spam.

I didn’t know exactly what the laptop was infected with, and I didn’t really care. I just stopped it connecting to my network and told my spouse to take it away and get it sorted by her IT department.

It just shows how easy it can be for one rogue system to bring a whole network to its knees even when you have all the usual security measures in place. Mine include a router with network address translation and a stateful inspection firewall. All my systems have up-to-date antivirus software with on-demand scanning and, if running Windows, anti-spyware software as well. I’m also very careful not to download anything new to a live system before checking it out on an isolated virtual host. None of my systems has ever been infected with anything – until now.

Luckily I caught it quite quickly and was able to remove my address from the blacklists fairly easily. I hate to imagine how much more difficult it would have been for a large company to resolve the problem. It only takes one small slip and the consequences can be huge.