I have experienced something very strange today, an email I had sent to a computer was returned to me with the mention "undelivered mail returned to sender". (I removed the IP adresses because I don't know if posting them on a public forum is secure or not.
I got following message : Client host [XXXXXXXXXX] blocked using zen.spamhaus.org;
https://www.spamhaus.org/query/ip/XXXXXXXX (in reply to RCPT TO
It is with great regret that we have implemented a Captcha on this page. After 11 years the number of automated/abusive queries have grown so high it's now necessary. Only manual use of this lookup page is permitted. All automated/scripted queries are prohibited, and may result in listing of the source IP address.IP address: XXXXXXXXXXXXX
IP Address XXXXXXXXX is listed in the CBL. It shows signs of being infected with a spam sending trojan, malicious link or some other form of botnet.
It was last detected at 2017-01-26 23:00 GMT (+/- 30 minutes), approximately 21 hours, 30 minutes ago.
This IP is infected (or NATting for a computer that is infected) with a spam-sending botnet, most likely Necurs. Necurs generally sends large volumes of Dyre/Dridex/Locky malware, fake pharmaeutical or pornography/dating scams.
At present, the vast majority is "Locky" malware. "Locky" is "ransomware" - encrypts the victim's files and demands payment to decrypt them.
If you simply remove the listing without ensuring that the infection is removed (or the NAT secured), it will probably relist again. Meanwhile, you run the risk of locky encrypting the user's computer resulting in either loss of all their data, or a high extortion payment.
This IP is infected (or NATting for a computer that is infected) with a spam-sending infection. In other words, it's participating in a botnet. If you simply remove the listing without ensuring that the infection is removed (or the NAT secured), it will probably relist again.
Now I have run Karspersky, and double-checked my IP on Karspersky https://blog.kaspersky.com/simda-botnet-check/8304/
and it says I have no infection. Also, THE IP ADRESS RETURNED TO ME BY KARSPESKY IS DIFFERENT FROM THE ONE THAT WAS LISTED. Is it because my internet provider changess IP adresses at each new connection ?
I don't know where the problem might come from ? I have sent other emails in the day, and have had no problem. How can I know for sure that I'm not infected ?