Our spam filter (Vamsoft ORF) is configured to look at zen.spamhaus.org among a few others. This morning, I had a mailbox full of spam. As part of my normal procedure, I opened the email, read the headers, got the remote IP (199.116.118.190), and put it into MX Toolbox for a blacklist check. It showed that this particular IP was listed on zen.spamhaus.org.
So, I went to our Exchange box, and did:
dig 190.118.116.199.zen.spamhaus.org +short
Nothing.
So, I also tried:
dig @8.8.8.8 190.118.116.199.zen.spamhaus.org +short
Still nothing.
Something is broken somewhere. My inbox is (unusually) full of spam, and every one of them shows up when I query using MXToolbox.com's blacklist lookup, yet I am getting nothing on my side when I do the lookup (which is why my spam filter is letting them through).
Where else can I look?
Update: Another example: Just got some email in from this IP address, and I am definately checking both the barracuda list and zen.spamhaus.org. This is listed twice, it still got through... 2
Turns out, Google's DNS was just not reporting the correct records. I (wrongly) assumed they would be correct, but as soon as I switched the DNS Servers to OpenDNS (208.67.222.222) everything started working again.
I wouldn't use OpenDNS with Vamsoft. Unless they have changed something, they don't always return the correct information when there are no MX records listed. Any reason you aren't using the root servers? That is what I find best with the Exchange/Vamsoft combo.