History of Blacklists

Blacklist – in the context of technology, a list of items, such as usernames or IP addresses, that are denied access to a certain system protocol. When a blacklist is used for security purposes or access control, all entities are allowed access, minus those actually listed in the blacklist. Moreover, an email blacklist is a real-time database that utilizes criteria to determine if an IP is sending email it considers to be spam. There are many operable blacklists, and each has a unique way of accepting inbound mail and determining if messages are considered spam. Needless to say, blacklists directly impact the deliverability of your company’s emails.

Note: A Whitelist or whitelisting is NOT the opposite of a blacklist.  A whitelist is a connection or group of IP addresses that will always be accepted, typically bypassing many other security controls.  Do not ask for someone to whitelist you.

The first Domain Name System-based Blackhole List (DNSBL) was the Real-time Blackhole List (RBL) created in 1997 as a Border Gateway Protocol (BGP) list. Interestingly, the initial version of the RBL was not published using DNS, but rather a list of networks transmitted via BGP to routers owned by subscribers so that network operators could drop all TCP/IP traffic for machines used to send spam/host spam supporting services, such as a website. The term “blackhole list” is often interchanged with “blacklist” and “blocklist.”

Overview of Blacklists

Generally speaking, a DNSBL or RBL is an effort to stop email spamming. It is a blacklist of locations on the Internet believed to actively send email spam. The locations consist of IP addresses, which are typically  linked to spamming. Most mail server software can be configured to reject or flag messages that have been sent from a site listed on one or more of these lists.

Furthermore, a DNSBL is a software mechanism, rather than a specific list or policy. There are many DNSBLs in existence, which use a wide array of criteria for listing and delisting addresses. For example:

• The IP addresses of zombie computers or other machines being used to send spam (some RBLs specialize in spam in different languages)
• Internet service providers (ISPs) who willingly host spammers, or those which have sent spam to a honeypot system.
• List of the IP addresses of email systems that openly relay mail (which could be used by spammers)
• List of dynamic IP addresses at ISPs
• List of domain names typically used in spam emails.

In order to operate a DNSBL three things are needed: a domain to host it under, a nameserver for that domain, and a list of addresses to publish.

In addition, based on data received about your IP address, there are three places for your email to end up. If your company is on a blacklist, outbound messages could end up in spam or not delivered. If in good standing, your business emails will be then go through secondary processing by the inbox provider.  Most will be delivered and show up in the inbox as intended. Most blacklist services set up their own specific methods, algorithms and honeypots and have websites that detail the reasons for listing along with delisting options.  Delisting may be requested or may be automatic in some cases (keep reading).  Note: Some less savory blacklists require a payment for delisting; Mxtoolbox does not approve of this type of business model.

What Is an IP or Domain Blacklist Problem?

Most businesses learn that their IP address is blacklisted when a customer reports missing an important email.  After multiple reports, someone usually contacts IT who looks into the problem.  Without proper monitoring of your blacklist status, your business could be at risk.

MxToolbox to the Rescue

An early innovator in addressing blacklist issues, MxToolbox built started with a free online Blacklist Check tool to help email admins, marketers, and business owners monitor their sending reputation. Since then, we have focused on email delivery solutions, introducing the most comprehensive Blacklist Monitoring service on the Internet and, now, providing DMARC-based email deliver solutions.

The Future of Blacklist Monitoring

MxToolbox believes in continually delivering innovative tools and services to help our customers who face an ever changing email world.  Recently, we released Adaptive Blacklist Monitoring, expanding the frontier of blacklist monitoring beyond traditional blacklist monitoring for businesses to answer the following questions:

1. How do you maintain lists of all internal and external sender’s IP addresses?
2. How do you update IP addresses being monitored when they change?
3. How do you monitor cloud email services sending from large pools of IPs?

MxToolbox Adaptive Blacklist Monitoring leverages new technologies like SPF and DMARC to monitor your blacklist status and email deliverability across all of your senders: internal, external and cloud-based.

Automatic Monitoring

MxToolbox automatically detects all your Outbound IP addresses that you actively send email from and monitors them for blacklistings.  Add a new 3rd party sender? MxToolbox automatically monitors those new IP addresses as well. With this solution you no longer need to maintain IP lists and update monitoring.

Sender/Cloud Email Reputation

Send email through Office 365 or GSuite, etc.? MxToolbox detects the IP addresses those services are actively using to send your messages and if they are blacklisted. You can even view your sender’s reputation via MxRep to gauge how well their services are functioning.