Author Archives: stephenmxtoolbox

It’s time to adopt MTA-STS

Inbox Providers like Google, Yahoo! and Outlook.com are in a constant arms race trying to protect their users from spammers, spoofers and irrelevant content. Since the late 90’s dozens of new technologies have been proposed and adopted, including: Blacklists, TLS Encryption, SPF, DKIM, DMARC, BIMI and, now, MTA-STS. With the continued progression of MTA-STS, it is now time for all domains to adopt the technology to secure inbound email and reduce the threat of spam.

What is MTA-STS?

MTA-STS is an update to TLS Encryption that allows an Inbox Provider to specify a list of secure servers to receive email and mandates a secure TLS connection to these servers. Insecure connections will not be accepted. This corrects a few of the short-comings of TLS alone: Expired TLS Security Certificates, Man-in-the-Middle Attacks and attacks that downgrade to no encryption.

How does MTA-STS Work?

When a sender wants to connect to an inbox provider or domain’s email servers to deliver email, they first query the MTA-STS DNS entry which contains the location of a policy file. The policy file is accessed via HTTPs and contains information about the correct servers to use, which must match the MX records exactly, the TLS encryption requirements, the MTA-STS policy mode and the maximum length to cache this information. Senders then encrypt communication with the servers and transmit the email.

Since the sender is required to verify the connection and it is encrypted to known servers, the sender has a slightly higher level of trust. Any sender that fails this mini test can be considered a threat.

What does MxToolbox recommend?

MxToolbox recommends that all companies setup MTA-STS for their receiving domains to inform senders that their email servers and providers accept secure message delivery using SMTP over TLS and also require that email should not be delivered using an insecure SMTP connection. When MTA-STS is enabled for your receiving domain, it requests external servers to send messages to your domain only when the SMTP connection is authenticated with a valid public certificate AND encrypted with TLS 1.2 or higher. This is a higher level of security for incoming email and should reduce spam to your domain.

In addition, you should ensure that all your domain’s email senders support MTA-STS. This includes your email server software, email marketing, and any other potential email senders: CRM, Order Management, Support, etc. Once you select a provider’s MTA-STS policy, messages sent from your domain to external servers will also comply with the standard and improve delivery.

Test Your MTA-SLS setup with MxToolbox

To help all our users get a head start with MTA-STS, we’ve created a free lookup tool as part of our SuperTool. Check your MTA-STS policy setup as well as any email sender!

Check My MTA-STS

Does your email make it to the Inbox?

Inbox Providers are constantly adapting their algorithms to detect and eliminate spam while simultaneously elevating wanted email. This arms race puts Email Marketing at a disadvantage – we typically only receive a few data points:

  • # of Sent Emails
  • # of Emails Opened
  • # of Click-Throughs

While these leading indicators of sales are very valuable, they miss out on two key details:

  • Was the email delivered at all?
  • Was the email delivered to the Inbox or Spam/Junk Folder?

If you can’t answer those questions, then you may be missing out on simple methods to improve sales! Every email that fails to make the inbox is a conversation that did not happen!

MxToolbox Inbox Placement

The newest feature of MxToolbox Delivery Center provides you with direct insight into the inbox placement of your newsletters and campaigns at major inbox providers like Google, Yahoo! and Outlook.com. In addition, MxToolbox will analyze the each email for potential issues with content, format, sending configuration, etc that will impact email delivery. Learn More

How does it work?

MxToolbox Inbox Placement works in two ways:

  • Send a Test Email to our list of email boxes when creating new campaigns to see how they might perform. Refine your campaign to get better performance.
  • Include our email list in your newsletter and campaign lists to gain insight into how they perform in real-time.

Our tool aggregates campaigns/newsletters by subject and sending date, analyzes the contents and provides a clear, concise report of placement (Inbox, Junk/Spam, Not Delivered) and potential reasons for lower placement. Learn More

How do you get Inbox Placement?

Simply subscribe to MxToolbox Delivery Center to begin analyzing your Inbox Placement!

The Flavors of Successfully Delivered Email

Email delivery is a complicated thing. There are multiple layers of technology protecting an inbox at modern inbox providers like Google, Yahoo! and Outlook.com. For example:

  • Blacklists are used to identify IP addresses that have spammed or otherwise should not be trusted
  • SPF identifies legitimate sending IP addresses for a domain
  • DKIM allows a domain to sign email to ensure the integrity of the email
  • DMARC enables a sending domain to get feedback from Inbox Providers on SPF and DKIM compliance
  • Inbox Providers maintain internal Unsubscribe Lists
  • Inbox Providers maintains internal Spam Lists
  • Inbox Providers run proprietary Spam Content Analyses
  • Inbox Providers monitor engagement with emails from a domain

Email Delivery Standards

Technically Delivered

In the email world, a message is considered successfully delivered when the recipient can access the email. The email could be delivered to any subfolder for example:

  • Junk
  • Spam
  • Quarantine
  • Bulk
  • Promotions
  • Customer configured Filter or Subfolder

While this does not seem optimal to the recipient or sender, the email is accessible, just not in the main Inbox.

Undelivered email is completely inaccessible to the recipient. An email could be undelivered for multiple reasons, depending on how the Inbox Provider’s algorithms work:

  • The sending IP was blacklisted so the system declared the email Spam and rejected it.
  • The Sending IP was not listed in the Sending Domain’s SPF record. This is either a misconfiguration or a sign of a deliberate spoofing attempt.
  • The DKIM signature does not align with the Sender’s signature.
  • The recipient mailbox is full
  • The recipient mailbox does not exists

Marketing Delivery Success

Marketers only see email delivery as getting the email to the recipient’s Inbox. That makes sense as their mission is only accomplished when the email is Opened, Read and relevant links Clicked.

Obviously, there’s a bit of a disconnect between how IT sees delivery and how Marketing sees delivery. Both are correct for their purposes. They are simply not speaking the same language.

MxToolbox Helps you Reach the Inbox!

MxToolbox has long developed tools and services around Mailbox Delivery. Our early Delivery Center service focused on the primary technologies supporting email delivery: Blacklisting, SPF, DKIM and DMARC. Our newest features of Delivery Center change this focus to help the Marketer reach the Inbox.

Complaints

Inbox Providers often have a list of complaints leveraged by their users against Senders. Some even allow access to these complaints, which often include email reported as spam, dead email inboxes, full inboxes and even unsubscribes done only through the Inbox Provider. Delivery Center now includes a feature to integrate and aggregate complaints and make them visible and actionable for you to improve your sending reputation with Inbox Providers. Lowering your complaints goes a long way toward making your email deliverable to the Inbox. Learn more about Complaints.

Inbox Placement

Ultimately, Marketing looks at metrics like Open Rates, Click-through Rates and Purchases to judge an email campaigns strength. However, these indicators lag something more important: Placement in the Inbox. Delivery Center now contains a tools that enables you to test the inbox placement of an email campaign both before sending it to your customers and simultaneously with the bulk emailing. Inbox Placement works across the large Inbox Providers like Google, Yahoo and Outlook.com. Learn more about Inbox Placement.

Two-Factor Authentication and Security

Security is important for any system you use, but doubly important for communications systems like email. Think about what you store in your inbox:

  • A history of all communications with important clients, friends and family
  • Irreplaceable documents
  • User ID for other accounts
  • Purchase histories at online retailers

There are probably many more things in there that you don’t want anyone else to access. It is therefore important that your email provider take precautions to safe guard your email.

Good Password Technique

Protecting valuable, private data requires good password discipline. MxToolbox has a few suggestions for passwords to improve security:

  • Do not make the password a “word” or derived from a word – The more random characters, the harder it will be for a password dictionary to crack it through guesswork
  • Do not reuse passwords – Unfortunately, site breaches and bad password file controls have exposed millions of passwords. If you reuse a password that was exposed, you are just asking for a hacker to gain access to your account.
  • Use a Random Password Generator – The more random a password, the harder it is to crack. MxToolbox has offered a free, untracked random password generator for several years.
  • Use a Password Vault – A password vault stores all of your passwords in an encrypted state that only requires a single password to access. It’s easier to remember a single, long password so a password vault takes the load of all those lengthy, random passwords for you.
  • Use Two-Factor Authentication where available

What is Two-Factor Authentication (2FA)?

Passwords are simply insufficient to protect important information. A simple password can be guessed, a password file could leak, etc. Many online companies are implementing Two-Factor Authentication to provide an additional layer of protection to sensitive information. Two-Factor Authentication, or 2FA requires a password and a code or token sent to a trusted device.

Two-Factor Authentication is common for Apple, Google and many other major website users. For example, an Apple user would see a warning on their iPhone about a sign-in to their iCloud account on an iPad or Apple computer and require using that code on the account. Google uses a similar approach through a Google Authenticator app on your phone or device. Other websites will send a text message with an authentication code that you input into the site to verify your login attempt. Regardless of the implementation, 2FA helps to ensure that the login attempt is valid by requiring access to a trusted device meaning that a hacker would have to have both the login and the device to gain access to the account.

MxToolbox Offers 2FA

MxToolbox has implemented Two-Factor Authentication across all our services. Email is the life blood of many organizations and we feel that it is important to protect our customers from potential breaches that might expose sensitive information. We highly recommend that every customer turn on 2FA for their account.

How to configure 2FA at MxToolbox

  1. Log in to your account.
  2. Click “username@mxtoolbox.com” in top right corner for dropdown menu.
  3. Click “Settings” option directly below username.
  4. Click “2 Step Verification” tab (fourth tab in header).
  5. After reading the explanation, choose either Software Token (recommended), Test Message, or Disabled and follow the instructions specific to your preference.
  6. If you see Status: Enabled to the far right of the Two-Factor Authentication (2FA) heading, you have completed MxToolbox’s 2FA process.

By utilizing 2FA, a potential compromise of just one of the two factors will not unlock your MxToolbox account. So, even if your password is stolen or your phone is lost, the chances of someone else having your second-factor information is highly unlikely. If you utilize 2FA correctly, websites and apps can be more confident of your identity and allow you secure access to accounts.

Super Bowl LVI and Email Security

Super Bowl LVI in California is almost upon us, and for millions of NFL fans around the world, it’s the most exciting time of the year. Unfortunately, it’s also a great opportunity for online and offline fraud. Every year, there is a new announcement of a ticket scam or a fraudulent merchandise.

While Email Security might not be on the minds of fans or businesses preparing for the big game, it should be. Email is still number one vector for starting a hack, cyber attack or online scam. Email is one of the easiest (and cheapest) ways to distribute a message and reach an audience. For legitimate businesses, email is also one of the easiest ways to make a mistake, caught in spam traps and have you message lost. For scammers, this is the opportunity to strike with intricate phishing and spoofing campaigns.

How do Email Settings affect Security?

Email security settings, specifically SPF and DMARC records, are both key to reaching your customers and preventing your brand from being exploited by fraud and phishing attempts.

SPF allows a domain owner to declare what IP addresses are legitimate senders of email for that domain. Inbox Providers check SPF records as part of delivering email that is sent from your domain. Spoofers can easily fake sending email from your domain, but if there servers are not in your SPF records then it will fail the Inbox Provider’s checks. Correct SPF records are therefore a minimum security precaution.

In addition, your domain’s DMARC record can tell an Inbox Provider like Google, Yahoo! or Outlook.com how to treat a particular email. There are three security levels to DMARC:

  • None, meaning accept all email from my domain even if it fails SPF and DKIM checks. This has the lightest level of security for your domain and allows Spoofing and Phishing attempts to make it to your customers’ inboxes.
  • Quarantine, meaning segregate emails that fail SPF and DKIM checks to a separate folder. This means that some email from fraudsters might end up in Spam or Junk.
  • Reject, meaning straight up reject any email that fails SPF and DKIM checks. This has the highest level of protection from fraud and phishing attempts, but may mean that occasionally legitimate email is blocked.

Reject policies are great, but do require regular review of your rejected email. We highly recommend that everyone adopt a “Reject” policy as soon as possible and allocate some time to reviewing rejected email for legitimate content, as well as outbreaks of fraud and phishing attempts thwarted by DMARC.

More information on DMARC tags can be found in our help tools here.

Top Ticket Vendor Domains

If you want to attend the Super Bowl in Inglewood, your best chance for buying a face-value ticket is to be a season ticket holder of an NFL team. If you’re not a season ticket holder, getting tickets will likely require going through 3rd-party sellers and brokers.

Some of the more popular and respected ticket supplier domains include:

While all of these have a minimum security posture of an SPF record, none have a Reject DMARC policy, setting them up for potential exploitation by scammers. Consumers may need to use extra caution when opening and interacting with emails that claim to be from most online Super Bowl ticket suppliers, especially if there are tell-tales of spam.

Let’s look at a few other related online suppliers…

Top NFL Domains Used to Communicate with Fans

Top Hotel Domains Near Stadium

(source: https://hotelguides.com/california/sofi-stadium-ca-hotels.html)

Top Airline and Travel Agent Domains

Opportunities for Improvement

Unfortunately, it appears that many domains are not fully protected by SPF and DMARC records, meaning that consumer safety is up to the Inbox Provider and the consumer themselves. Email hackers and online scammers are ready to take advantage of any companies that aren’t safeguarded against attacks. The Super Bowl is just a single yearly event to exploit, but smaller businesses are also susceptible and less likely to recover. Adopting SPF, DKIM, and DMARC is both critical and inexpensive.

If you are a business owner, now is the time to improve your outbound email security by adopting SPF, DKIM and DMARC. It will improve your email delivery and safeguard your brand against Fraud and Phishing attempts.

If you are a consumer, businesses are slowly adopting DMARC, so until then, keep vigilant about the email you receive!

Microsoft’s 2022 Bug

This week Microsoft announced a bug with Exchange servers that can cause email queueing delays and potentially loss of email. Read more on the specifics here. While it took Microsoft only a few days to issue a workaround and a patch, the issue is the potential downtime and loss of communications that affects your business.

How does this affect you?

If you are running on-premise Microsoft Exchange servers, until you are patched, your servers will queue email. If you send more email than you have disk space on your servers, that email will be lost. Similarly, if you are using a 3rd-party inbox provider that runs on MS Exchange, email service will be disrupted until patched. Depending on disk space on these servers messages could be lost.

Does your business run on email?

If you are like most businesses, you run on email. You probably even take for granted that your email will be delivered within a reasonable amount of time. Issues like this show that email is not infallible and emphasize the need for an expert in email to maintain top email delivery.

How does MxToolbox help?

MxToolbox is the expert in Email Delivery and Email Deliverability. Our team created a complete suite of tools and monitors email delays or failures like this Exchange issue. Here are a few tools that make your life better:

SuperTool (free)

Use the SuperTool to examine individual email configuration issues:

  • MX records – makes sure senders can find your email servers
  • Blacklist status – check the IP addresses in your MX records for Blacklisting which will impact your ability to send email
  • SMTP Check – Check communications with your email server
  • DMARC Lookup – Check the validity of your DMARC setup
  • Header AnalyzerAnalyze incoming email for threats or out-bound emails for DMARC, SPF and DKIM compatibility.
  • Email Health – Run a comprehensive series of checks on the email configuration of your domain. You can run Email Health here.

Each of these tools will allow you to keep an eye on your email configuration when run regularly. You can create a monitor for one of these for free, or, you can upgrade to a monitoring solution that automatically checks your configuration.

Round-trip email monitoring

A part of our Delivery Center suite of tools, Mailflow Monitoring performs a regular, periodic check of end-to-end email flow through your servers. Run every five minutes, Mailflow Monitoring, gives you quick insight into slowdowns in your email systems. In fact, dozens of MxToolbox Mailflow Monitoring customers realized the MS Exchange issue before Microsoft announced it. Our Mailflow Monitoring detected a slow down in their servers and alerted them to the issue, enabling them to clean queues and expand disk space before suffering an email outage. Learn more about Mailflow here.

Regardless of why your business is running an in-house email server, MxToolbox has a suite of tools and products to help you keep your email running smoothly and alert you to potential issues. Check out MxToolbox Delivery Center for all your email deliverability needs.

Roadrunner Emails are being targeted by Spammers

We have recently seen an uptick in complaints from Roadrunner Email users. It appears that many inbox users are receiving emails that appear to be from MxToolbox.com or use links back to mxtoolbox.com. The issue is appears to be that Spammers are using an Unsubscribe link that points to mxtoolbox.com. We are not sending these emails. We suspect that this is either a failure of DMARC email processing at RoadRunner or, more likely, an Inbox Provider Insider Scam.

How to recognize Spam, Fraud and Phishing attempts

We highly recommend everyone read our post on Recognizing Fraud and Phishing Emails, but here are a few key points:

Spam and Phishing Characteristics

  • There is a financial incentive or free product
  • There is an overwhelming sense of urgency
  • The origin is a company with which you have no connection
  • The subject line is strange or hyperbolic
  • You googled the company and that’s not the business they are in

If you think it’s spam or phishing?

  • Don’t open it unless you must 
  • Don’t click on any links
  • Don’t unsubscribe 
  • Mark it as Junk with your Email Provider

How DMARC affects email acceptance

DMARC policies instruct an Inbox Provider (think gmail.com, yahoo.com or rr.com) how to process email that fails to meet DMARC compliance tests. These tests include:

  • Determining if the sending IP address is designated by the sent from Domain – SPF Compliance
  • Determining if the send included a valid cryptographic signature in the email header – DKIM Compliance

If an email is DMARC compliant, then it may be sent from a legitimate sender. If not, then it could be considered spam. A “Reject” DMARC policy, like the one MxToolbox uses instructs Inbox Providers to reject any email that fails DMARC compliance tests. If an Inbox Provider is passing email from a non-compliant source despite a reject policy, this is a problem for their users.

What Inbox Providers should do

Inbox Providers generally pay attention to the DMARC policies of sent externally. They do this for two reasons:

  • Admitting non-DMARC compliant email increases the risks of spam email making it to their users. Blocking spam before it makes it the user is both a good security measure for users and a good selling point for the provider.
  • Admitting non-DMARC compliant email increases the costs of email storage. Each spam email is small, but take as a whole, they make up more than 50% of email traffic. Doubling storage is expensive if you don’t have to.

However, some Inbox Providers may only be looking at external email, and not email sent from other Inboxes in their network. This is a mistake that we call an Inbox Provider Insider Scam.

What Roadrunner users should do

We encourage any user receiving spam that appears to be from us to let us know! Contact Us on our site and include examples so that we can track down the issue.

You can also report the spam to Roadrunner, with the actual spam email so your admins can block the messages. Demand better inbox protection from your Provider.

Google to Fully Support BIMI

This week, Google finally announced the roll-out of BIMI across all Gmail inboxes. This is great news for email delivery and email security. BIMI will give recipients more confidence in the email they receive and force senders to adopt new technologies to make email more secure.

What is BIMI?

BIMI or Brand Indicators for Message Identification, is a DNS-based email technology that allows a company to post a logo for use by inbox providers. Inbox providers, like, Google, Yahoo! and Outlook/Office365.com, can show this logo to their customers next to certified messages from that company. If the email is not compliant with DMARC, then the logo does not show. Since it’s certified by being DMARC-compliant, your customers will know that the message is really from you and you will get your logo out in front of more customers and prospects!

How do I get BIMI?

BIMI requires DMARC. Before you can get your logo to appear in Google’s inbox, you first need to get your email fully DMARC compliant and then move to strict DMARC policies. Becoming DMARC compliant isn’t easy: you need to understand who is sending email on your behalf, have them properly configured with both SPF and DKIM and regularly monitor DMARC delivery reports to understand your DMARC compliance.

Once you have your verified sources of email fully DMARC compliant, you can start moving toward stricter “Quarantine” or “Reject” policies with your DMARC configuration. Once you set DMARC policy to “100% Reject” for non-compliant email, BIMI-compliant inbox providers will start appending your logo to email from your domain.

MxToolbox is your Expert for DMARC and BIMI

To maintain the highest levels of email deliverability using DMARC, businesses like yours need a proven Email Delivery management system like MxToolbox Delivery Center.  Delivery Center provides you with valuable insight into your email delivery posture and the ongoing maintenance necessary to maintain peak performance:

  • Manage SPF, DKIM, and DMARC (and BIMI) to improve compliance and reduce the threat of fraud and phishing using your domain.
  • Review daily volume and SPF, DKIM, and DMARC compliance rates to ensure the best email deliverability.
  • Implement Feedback Loops to gain unique information on how your recipients view your emails and when they mark you as spam.
  • Gradually move your DMARC policy to Reject to enable better inbox placement opportunities and reduce the risk of Phishing and Fraud using your domain.
  • Manage the on-going requirements of maintaining high levels of email deliverability

The Economics of Blacklists

Blacklists have been around for over two decades, meaning that blacklists (blocklists or deny lists) existed before most humans were on the Internet. The goal of blacklists is to remove Spam email from the Internet, however, the implementations and algorithms vary dramatically. A few of examples:

  • Spamhaus ZEN CBL reports the IP address of sources of email that have been infected with Viruses or Malware. Even if your email was not used for spam, your computer could be.
  • NoSolicitado reports sources of Spanish language spam. There are many other language-based blocklists.
  • CASA CBL reports source of spam received by the China Anti-Spam Alliance.
  • FABELSOURCES reports entire networks that are the source of spam. There are several similar lists, including UCLPROTECTL2 and L3.
  • Open-Relays Verifying Engine Database List (ORVEDB) lists IP numbers of hosts that the Open-Relays Verifying Engine (ORVE) verified that are Open-Relays machines. Open relays are basically a purposeful or accidental email server misconfiguration that promotes spamming.
  • The Abusix Domain Blacklist contains domain names that have been identified being used in spam, phishing, or malware. Note: There are very few actual domain blacklists so the MxToolbox SuperTool also checks the IP address in the A record for the domain to see if the server has been compromised.

The Topic of Coin – How do Blacklists Make Money?

Early on Blocklists were free subscriptions for anyone to use to help reduce spam email to their servers. Since the lists were small, these were setup to be shared via FTP and then as the lists grew bigger via Realtime DNS. Many smaller blacklists are still free to query.

Eventually, security companies started to develop their own proprietary Blocklists or Deny Lists and integrate these into network appliances like firewalls, routers or email gateways. The primary economic model for blacklists is to sell their data to security-focused companies and automatically maintain the lists through remote syncing data feeds. Security services then update their hardware and software email filtering to include these lists. Often, weighing each blacklist differently but sometimes using them as a binary filter – if the sending IP is listed, deny the email.

Do blacklists charge for delisting?

MxToolbox recommends that you should never, ever pay to be delisted. All legitimate blocklists have a free method of delisting, that while sometimes slow, is still free. Fix the problem that caused you to be listed and wait it out. Delisting usually takes a week or so depending on the blocklist.

There are both for-profit and non-profit blacklists. For-profit blacklists make money by selling their lists to security companies or security minded companies for use in their products. For example, MxToolbox purchases subscriptions to some blacklists to enable our customers to lookup their blacklist status in the SuperTool.

Non-profit blacklists offer the option to donate to support them. This should never be conditional on the delisting of the IP address.

Some blacklists may offer an expedited delisting option for a fee. Sometimes this might seem like an enticing option, but, remember, MxToolbox does not recommend paying for delisting. It is your decision to pay, however, we have a few considerations:

  • Have you fixed the issue causing you to be classed as spam? If you have not fixed the issue causing you to be listed, you will be re-listed almost immediately. Paying doesn’t fix your systems or cause you to be whitelisted.
  • Do you do own the network? If you don’t own the entire network, in the case of a network or ASN listing, then you can’t stop your network or ASN neighbors from getting the entire network re-listed. It’s best to contact the network owner, ISP, datacenter provider, etc.
  • Has being blacklisted affected your email deliverability? If not, then you can wait it out. If so, then how many emails were affected? Is a small email delivery problem worth the expense?
  • Are you ready to be treated like a spammer? Blocklists with expedited pay setups sometimes assume that anyone willing to pay is a spammer. Spammers make all their money from email, so a block is potentially fatal. Legitimate businesses have other methods of customer communication. Paying could get you additional scrutiny in the future.
  • Is your IP address on multiple blacklists? If you are listed on multiple blacklists, do you want to pay multiple times or wait it out? Can you even pay to delist from all of the blocklists? Multiple listings means a serious problem, so we recommend taking care of the issue and waiting for delisting.

How do you prevent being blacklisted?

There is no one simple way to prevent blacklisting. Owning your own email servers requires constant adjustment and maintenance to prevent your systems from being used for spam or perceived as spam. Outbound email filters can help, but many companies, large and small are abandoning the idea of hosting their own email and adopting 3rd party email senders to improve email delivery. Google Workspace, Microsoft Office365, Yahoo!, Mailgun, Constant Contact, MailChimps, etc. all offer reduced risk of blacklisting by spreading email out over a large network of sending IP addresses and providing outbound email filtering.

New Technologies – DMARC, DKIM, SPF

Email delivery technologies are rapidly changing and the key to good email deliverability is actively managing your online reputation. Blacklisting is just one piece of the puzzle. SPF, DKIM and DMARC are now the most important factors at getting your email to the inbox. These technologies help identify you as the owner of the email and enable you to elicit feedback from Inbox Providers about problems with your email.

To maintain the highest levels of email deliverability using DMARC, businesses like yours need a proven Email Delivery management system like MxToolbox Delivery Center.  Delivery Center provides you with valuable insight into your email delivery posture and the ongoing maintenance necessary to maintain peak performance:

  • Manage SPF, DKIM, and DMARC (and BIMI) to improve compliance and reduce the threat of fraud and phishing using your domain.
  • Review daily volume and SPF, DKIM, and DMARC compliance rates to ensure the best email deliverability.
  • Implement Feedback Loops to gain unique information on how your recipients view your emails and when they mark you as spam.
  • Gradually move your DMARC policy to Reject to enable better inbox placement opportunities and reduce the risk of Phishing and Fraud using your domain.
  • Manage the on-going requirements of maintaining high levels of email deliverability

Recent Spikes on UCEPROTECT Level 3

Recently, we noticed an increase of in the number of ASNs (full blocks of IP addresses owned by individual Internet Providers) listed by UCEPROTECT on their Level 3, aka Draconic, blacklist. The purpose of this particular UCEPROTECT blacklist is to block ASNs that allow spam to be sent from a large number of IP addresses in the network, often these are ASNs setup for spam or providers that do not adequately police their customers. However, this includes many popular services so many legitimate businesses have also been affected.

MxToolbox Stance

  1. We provide Blacklist lookups for information purposes only. DO NOT make decisions exclusively based upon a listing on the Blacklists we check. MxToolbox is not blocking you, the Inbox Provider is blocking your email because your IP address or domain is listed on a blacklist that they are using to make email delivery decisions. We give you the opportunity to see who is listing your IP address and do not endorse any blacklist. Feel free to ignore a blacklist if you think it is not relevant.
  2. NEVER PAY to be delisted. Legitimate blacklists, including UCEPROTECT, have free ways to be delisted. In this case, the entire ASN should be automatically delisted when the UCEPROTECT SPAMSCORE for that ASN drops below a certain level in a 7 day moving average. You can learn more about how UCEPROTECT lists ASNs here.
  3. MxToolbox regularly reevaluates the list of blacklists we check. Our criteria requires the blacklist to be used to make email delivery decisions. We have noted that some companies are dropping UCEPROTECT from their decision criteria due to the recent activity. We will watch this issue but will also continue to show UCEPROTECT listings as long as they are being used for email delivery decisions.

What you can do if you are blacklisted

We know that being on a blacklist is affecting your business. Be patient! Blacklists are not out there to attack your legitimate email, they are there to protect everyone from spam and phishing attempts. They make money by being relevant to email delivery decisions and sometimes they get over zealous.

Take the opportunity to evaluate your email sending configuration, blacklists are not the only reason your email is failing to make the inbox.

  • Are you still hosting your own email? This could be an opportunity to investigate Inbox Providers that have improved spam filtering and email sending capabilities. It is easier to have all of your email blocked by a blacklisting event if you are sending from a single IP address or small block.
  • Are you using multiple 3rd party email providers? You should evaluate their performance and make sure each of them is in your SPF record and no one else.
  • Adopt DMARC. DMARC compliant email is now a requirement to get into the inbox at Google, Yahoo! and Outlook.com/Office365. If much of your email is non-compliant, you may be blocked entirely. Adopt DMARC to get information on your outbound email to become DMARC compliant or be left behind by your competitors who are.
  • Use a DMARC delivery tool. Inbox Providers give you information on your email senders, including spammers pretending to be you. You need a tool that can aggregate and analyze your email delivery posture using DMARC to improve your email configuration and block the spammers. MxToolbox Delivery Center was designed to make email delivery simpler by highlighting improvements to your email deliverability.