Category Archives: Knowledgebase

Understanding Email Delivery

Email delivery is more than simply having an email service or configuring an email server.  Today, with outsourced email providers, 3rd party emailers, bulk emailers and spoofers, email delivery requires a multi-faceted approach that might seem daunting to many.  MxToolbox, your expert on email delivery, helps companies like yours navigate the complexity.

  1. Managing Blacklist Reputation
  2. Managing 3rd Party Emailers
  3. Taking Ownership of your Email
  4. Requesting Feedback on your Email
  5. Iterative Management of your Feedback

Managing Blacklist Reputation

The first line of defense against bad emailers is the blacklist.  An IP address or Domain on a blacklist typically means that the IP address has sent spam or the Domain on the list has been included in the body of spam email messages.  A receiver will reject email from that IP or any message that includes that Domain.  Because your email may be rejected outright, monitoring the IP addresses of your outgoing mail servers for blacklisting is a necessity.  (Monitoring your domain for blacklisting is somewhat less valuable as domain blacklists only report if a domain is in the body of controversial email, rather than being the sender of the email.)

MxToolbox has email delivery plans that include blacklist monitoring to get you started on the path to managing your email deliverability.

Managing 3rd Party Emailers

As your company grows, you will probably move more of your outbound email to email services from a third party provider in some form or fashion:

  • Bulk Emailers – Marketing will outsource the delivery of newsletters or advertisements, or signups emails.
  • CRMs and Marketing Automation – Sales/Marketing adds a CRM system or Marketing Automation system, either online or locally, that sends important email to customers.
  • Order Entry/Fulfillment – Online businesses especially rely on 3rd parties for order entry or fulfillment which may send email on behalf of the original seller.

Regardless of the application, tool or service, there are multiple IP addresses or Domains that could be legitimately sending email on your behalf.  Declaring this relationship publicly through SPF makes it more likely that your 3rd party email will get through to your customers, partners and vendors.

MxToolbox can help you setup your SPF records and check your existing SPF records for compliance.  Once SPF is setup, you will need to maintain the list of IP addresses or domains of 3rd party emailer and regularly check your record for compliance.

Taking Ownership of your Email

Anyone can say that they are sending email on your behalf, but how do you ensure that recipients trust that the email is from you?  If it were a letter, you’d sign it, right? SPF allows you to designate who can send on your behalf but that’s only one part of it.  DKIM allows you to actually sign an email and take responsibility for the email’s content just like a signature on a letter.  As such, implementing DKIM gives your recipients a level of confidence that you take responsibility for the content of emails coming from your domain, including spam, viruses and malware.

MxToolbox experts can help you with your DKIM setup.  Our team has a deep understanding of the problems businesses face implementing new technologies and experience helping small, medium and large businesses with DKIM.

Requesting Feedback on your Email

Wouldn’t it be nice to know what a recipient organization thought of your email?

Wouldn’t it be nice to know if they classified it as spam or passed it through to their inboxes?

Wouldn’t it be nice to know who (IP addresses and Domains) are using your good name to spoof email?

Wouldn’t it be nice to know if your 3rd party emailers are passing SPF and DKIM checks and being delivered?

DMARC is a standard that uses DNS to set how a sender obtains feedback from recipient organizations on email purportedly sent from the sender’s domain.  Any recipient can bundle up statistics on emails received from your domain and send them back in a digest format.  They can also send forensic data that includes individual troublesome email.  DMARC, in short, gives you insight into your email deliverability across your own servers, 3rd party emails, and potential fraud and phishing schemes.

Setting up a DMARC record and analyzing the feedback is the next step you must take to manage your email deliverability.  MxToolbox experts know DMARC and our newest product, Delivery Center, makes it easy to process the feedback you are receiving via DMARC, get insight into issues with 3rd party senders and make early detection of potential fraud and phishing schemes.

Iterative Management of your Feedback

Once you start receiving DMARC digests and forensic reports, you will begin to see patterns in email sent on your behalf:

  • Legitimate Senders not in your SPF
  • Legitimate Senders/Forwarders without proper DKIM signatures
  • Legitimate Senders that you may not have known about
  • Illegitimate Senders looking to leverage your brand

All of this feedback gives you the opportunity to manage how recipients process your email. By updating the policy on your DMARC record and the level of filtering recommended, you can tell your recipients to quarantine or outright reject email that doesn’t pass SPF and DKIM checks.  This should be an iterative process, one that requires slowly increasing restrictions on how email is processed.  Never go straight to reject, you are likely to have legitimate email rejected.

Why would you want to set more restrictive policies?  Third parties with bad sending reputations can affect your email reputation, potentially even causing your legitimate email to be dumped to the spam folder or rejected entirely.  The more you manage the reputation of your senders, the better your reputation and the more likely your email is to be accepted.

MxToolbox is the expert in email delivery, SPF, DKIM and DMARC.  Our team will help you improve your email delivery, give you insight into your legitimate and illegitimate senders, help you set DMARC to improve your email reputation and help you get your message delivered.  Our Delivery Center product gives you everything you need, including access to our expert support team.

What blacklist monitors do I need?

Blacklisting can be a pretty complex issue.  There are several different catgories of blacklists and each finds bad actors in it’s own unique way: honeypots, customer reports, protocol scans, etc.  This can leave many users confused.

What blacklists matter?

Which ones should I monitor?

What servers should I monitor?

First, MxToolbox monitors the most comprehensive, best curated list of blacklists.  Our experts understand blacklists and the causes of blacklisting better than anyone out there.  You can trust that our list of 100+ blacklists is the list you need to know about for your online reputation.  In fact, new blacklists are often asking us to add them to our checks!

Second, you need to understand the causes of blacklisting.  Even if you are using a legitimate server on a legitimate IP address, you could legitimately get caught in a blacklist honeypot, attacked by malware, accidentally spam someone and flagged for malicious activity.  Monitoring your servers for blacklisting is like an insurance policy – you need it whether or not you’re planning to have an accident.

Our experts recommend the following monitors to ensure your email delivery and online operations by monitoring your blacklist reputation:

  • IP Blacklist monitor for each mail server IP
    At minimum, you should have an IP monitor for the IP referenced in your MX record
  • IP Blacklist monitor for each web server IP
    At minimum, you should have an IP monitor for the IP referenced by your website’s A record so that traffic is not interrupted to your e-commerce site.
  • Domain Blacklist monitor for your domain
    This is optional, few companies are referenced enough in spam to be blacklisted unless they really are a major source of spam, malware or botnets.

There are other monitors that will help your overall system reputation, stability and reliability:

  • An MX monitor for your mail server in case it should ever be changed or DNS go down
  • An A record monitor for webserver
  • A SMTP monitor for your mail server to ensure uptime and report downtime and issues with availability
  • A Mailflow monitor to check your end-to-end mail system performance

 

Still listed?

Every so often a customer contacts us because they feel it is taking too long to be de-listed from a blacklist or they were almost immediately re-listed on a blacklist.  We have a few recommendations for you:

First, be patient!  Some blacklists are operated by a small team that must field hundreds or thousands of requests every day.  They need time to get to your issue.  Some blacklists require a minimum delay before they will delist an IP address or domain.  This is for everyone’s protection.  They have no credibility as an anti-spam service if they delist a regular spammer or if they delist someone with a malware infestation before it has been remedied.  Blacklist administrators need time to trust your servers again.  Give them time.  It’s painful for you, but it’s temporary.

Second, research your issue!  You may not think you have an issue, but it is very rare that your email randomly dropped into a honeypot or other spamtrap that blacklist administrators use to create their lists.  You have an issue, somewhere.  It might be a malware infection, it might be an accidental   inclusion in an email campaign, it could be an internal user sending malicious email by accident.  Regardless, you need to do some research into your systems to make sure it doesn’t happen again!  And, you may need to look into your internal email controls and policies.  You should be doing this anyway, but now is the time to make a special effort!

Finally, fix your issue!  Put new policies in place.  Invest in new email controls.  Talk with Marketing about how they do campaigns.  Setup user controls.  Sweep your systems for malware.  Clean your house.  This will save you time and money down the road.  And, you can mention all this in your next request to delist.  The blacklist provider will appreciate the work.

Why do all this work if it was an accident?  How do you know it was really an accident you were listed?  You don’t unless you look into it and there’s tremendous risk in assuming that you’re “okay”.  The downside of being listed a second or third time is severe:  you will be listed for a much longer time and it will be much more difficult to be delisted.  In fact, most blacklist administrators have a three-strikes policy.  A third listing and you’ll likely be blacklisted for the better part of a year.  Continued listing could get you on their permanent blacklist.

Yes, I am trying to scare you.  Yes, this is serious.  Yes, this requires you to work to fix the issue.  Get started!  The downside is much more severe than the minor inconvenience you are experiencing with your first blacklisting or even with your delisting request being delayed.  And, remember, paid MxToolbox users don’t have to go it alone: we provide delisting support services to help you get off these lists.  But, we can’t magically delist you:  you still have to do the work.

Blacklist Curation

To start, let me welcome you to the new blog.  Same content, better format!

Today’s topic is about curating the blacklists we search and how our experts decide to select a blacklist to be included on our site.

First, our experts in email deliverability look at what blacklists are being used by actual mail service providers, internet service providers and medium and large companies as part of their anti-spam filters.  Chances are good that if we list it, someone is using it to block spam somewhere.

Second, we require that there is some form of free delisting.  While the blacklist may have an express delisting fee or some other fee or donation associated with it, all our blacklists have a method of freely delisting your IP address or domain.  This may be a painfully long automatic delisting, but it’s still free.

Note:  Automated delisting is becoming more popular as delisting requests require significant oversight.  The idea behind automated delisting is that repeated issues are a sign of a repeated problem.  Delisting occurs typically when the issue for which the IP or domain was listed has not occurred in a certain amount of time, often proportional to the time the issue did occur.  Protected Sky is an example of a blacklist with an automated delisting.  Patience is required with these.

Finally, we look at relevance to our customers.  There are many blacklists out there, but are they in use?  Are they active?  Do they overlap other blacklists?  Are they limited to regional email traffic?

While we look at relevance to our customers, and where are customers are, the biggest test of relevance for your email is this:  Are you experiencing bounced email and on a blacklist? If you are experiencing bounces and on a blacklist we don’t support, let us know.  We will work to get add the blacklist if it is publicly available.  If you are on a blacklist we curate and not experiencing bounces, congratulations!  That means none of your customers or partners are using that blacklist as a spam filter.

At any time, if you have questions or comments about our blacklist curation, please email feedback@mxtoolbox.com

Are blacklists legal, ethical, etc?

Blacklists came about as a response to unethical and illegal spam.  Blacklists have no other purpose but to stop bad or malicious acts, so they typically occupy the ethical high ground. Since they are used by businesses, universities and internet service providers to screen traffic, they are incented to be ethical, list only known bad actors and not list legitimate commercial traffic.  To do otherwise would undermine the value of their service to their own customers.

All that said, MxToolbox carefully curates a list of the most used and best maintained blacklists.  All the blacklists we check provide free delisting services.  We feel that requiring payment for delisting is not ethical.  However, a few blacklists offer expedited delisting services, which is a bit of a grey area.  Other blacklists may ask strange or seemingly random questions.  Think of this as geeks being geeks, rather than anything malicious or unethical.

What does being blacklisted mean?

Being on a blacklist is a sign of trouble for your email deliverability.  Since companies screen out traffic from blacklisted IP addresses, your emails may be dumped into a spam folder or refused completely.  If your email server’s IP address is blacklisted, it could make doing business difficult.  It’s also a sign that your servers may have been used for spreading spam, viruses or malware.  This could indicate a security breach or an employee issue.  

If your website IP address is blacklisted, then you have a bigger problem.  Typically, web servers do not send email.  Since the primary means of collecting bad actor IP addresses is via email, your web servers might be sending email without your knowledge.  This is definitely a sign of a malware or virus infection on those servers, or someone running email inappropriately from a web server.  

Occasionally, small businesses will run email and web on the same servers.  If you do, you run the risk of a blacklist event taking out all your e-commerce channels because companies may deny access to your website and email activity based upon your blacklist status.

Domain blacklisting is a serious issue.  It means that someone is using your domain for malicious activity, either on a server hosting your website, or by breaking into your DNS.  If the activity is coming from a server in your datacenter, then you need to root out the virus or malware on your servers, patch your servers, and upgrade your security systems and firewalls.  If the activity is coming from a server outside your datacenter that is using your domain name or a subdomain, you have another big problem.  In this case, your DNS has been hacked and the attackers have added subdomains that use your brand.  The attackers can utilize the remote server to host malware and viruses all the while using your brand to make their attacks look legitimate.

Regardless of the type of blacklist, being blacklisted could be a serious issue.  MxToolbox Monitoring services can help you by letting you know when you have been blacklisted, giving you notice before it becomes a serious business issue.

How do I get delisted?

Each blacklist has it’s own method for delisting.  Sometimes it’s a webform, sometimes it is an email.  Almost always, you need to include the steps you took to fix whatever problem put you on a blacklist.  Many blacklist operators see themselves as righteous crusaders fighting against spam, malware, viruses, bad email configurations and poor email operations, so remember when dealing with a blacklist operator, you are the bad actor seeking forgiveness.

Tips for delisting:

    • Read the description of the blacklist – Descriptions on MxToolbox Blacklist Info Pages give you everything you need to know about the blacklist and your reasons for being listed.  
    • Ask yourself “Do I need to be delisted?” and “Is this affecting my business?” – If you do not do business in Spanish, chance are you don’t need to be removed from the NoSolicitado blacklist that only serves Spanish language emails.  If you aren’t seeing any emails bouncing back, then this isn’t a huge issue, yet.  Don’t waste time or get frustrated over listings that have no effect on business.  
      MxToolbox provides filters that allow you to ignore alerts on irrelevant blacklists.  We also provide an MxReputation report that tells you what your global reputation is.  If it’s still high, you might be fine ignoring this blacklist.
    • Take care of the problem that caused the blacklisting – Once you know why you were listed, fix those issues.  Patch servers, run anti-malware/anti-virus software, fire the guy in marketing that was CCing all your customers or whatever you need to do. A blacklist will not delist you if you have changed nothing.
    • Have a detailed list of remediation steps you have taken –
      What did you do to clean viruses or malware?
      What did you do to close hacked accounts and prevent future attacks?
      Have you changed outbound email policies to prevent spam?
      Have you patched servers or firewalls?
    • Visit their site and fill out the required forms carefully and completely – MxToolbox has links to all the blacklist websites, including delisting forms.  Their forms are for their protection.  Their users will question a delisting if it results in further spam, so filling them out completely will aid your case.
    • Be polite – Most blacklists have evidence that your servers have acted badly.  Treat this as a respectful request that your servers be delisted because you are technically the bad actor here.
    • Explain the business impact – Let them know that you have a business that is impacted by being listed.
    • Be patient, wait a few days for a response – This is not an instantaneous delisting process.  Some of these blacklists are small shops with a handful of employees.  They also need time to validate that you are no longer spamming, sending malware or other issues.  They will wait to see that your emails are no longer hitting their spam traps or being reported by any new customers.  Be patient.
    • Don’t make multiple requests – It’s okay to make a second request if you have heard nothing in a few days, but refrain from making multiple requests in the first few days of an inquiry.  Blacklists get hundreds or thousands of requests daily and often duplicates drop to the bottom.
    • Don’t pay to delist – All the blacklists checked by MxToolbox provide free delisting services.  A few offer paid expedited delisting services.  MxToolbox does not recommend paying to delist and we do not condone services that require payment.  

After you’ve gone through these steps, you should consider setting up monitoring on your important IP addresses, especially Email and Web servers.  Monitors can alert you to blacklist events as they emerge, rather than waiting for serious business impacts.  MxToolbox offers a wide range of monitoring solutions from Free, single IP solutions, to real-time large network blacklist monitoring.