The Lemon Fool

Like some others here, I've had my domains registered with Have I Been Pwned, https://haveibeenpwned.com, for many yonks, and overnight I received the first ever message from them telling me that an address on one of my domains has been pwned.

The email has a "Go to domain search dashboard" button which will, they say, will tell me exactly which address(es) have been compromised, and that takes me to a page on their site that says: "In order to perform a domain search, an email will be sent to the registered owner of this resource. Once the email is sent, there's a 60 minute window where the links in the email can be used to access the search in a variety of different formats. Click the button below to get started."

Ok, fine, so I click the button and .... no email. Wait a while and try again and still no email. So, I go into the control panel for the domain to look at the delivery reports and....

"JunkMail rejected - o1.mail.haveibeenpwned.com [167.89.85.8]:20226 is in an RBL: Blocked - see https://www.spamcop.net/bl.shtml?167.89.85.8"

Their mailer is on a blacklist! Two in fact: https://mxtoolbox.com/SuperTool.aspx?action=blacklist:o1.mail.haveibeenpwned.com&run=toolpage

There's got to be an irony there!

HIBP reported that my domain email had been leaked a couple of years back - I posted about it on here.
But... when I check my domain email addresses on the HIBP site they come back clean...

The main man is on X (aka twitter) if you ever need to deal with the guy behind HIBP...

https://twitter.com/troyhunt

https://twitter.com/haveibeenpwned