Category Archives: Blacklists

Email on the Cloud: Does it solve your deliveryability issues?

What is “the Cloud”?

“The Cloud” is simply a term for using data storage, email, infrastructure, or applications as a service without the need for installing software and maintaining servers in your own data centers.  Cloud-based services were made possible by cheap RAM, multi-cored processors and the easy availability of network bandwidth.

What is Cloud-based email?

Cloud-based email has been around since the early days of the Internet, where individual users could sign up for a Yahoo!, Hotmail or Gmail email account.  Now, cloud-based email is associated with the same providers: Google G Suite Business and Office365/Outlook.com.  The difference is that businesses, not consumers, migrate email processing for their domains from traditional on-premise email servers to these online service providers.  This improves accessibility to email since employees only need an Internet connection to retrieve email (not a VPN to firewall-protected corporate servers) and reduces overhead costs for the company, while also improving email security, because a large team is now dedicated to the topic.  One of the many selling points of cloud-based email is that it automatically improves your domain’s email deliverability.  However, this is not entirely true.  With cloud-based email set to double in size in the next few years1, managing email deliverability is now even more important.

Email Deliverability with the Cloud

While inbox providers, like Google and Microsoft, dominate cloud-based email, many other cloud services send email from their own servers, for example: CRMs, Marketing Automation, Email Campaign Management, Support systems, ERPs and Order Management/Fulfillment systems.  Managing all of these different vendors requires careful thought, information and leveraging email deliverability standards like SPF, DKIM and DMARC.  Email deliverability does not automatically improve by migrating to the cloud, but the cloud can help.

DMARC Is Essential

Regardless of what email services you use, adopting DMARC is the single most important step you can take to improving email deliverability.  DMARC leverages two important standards, SPF and DKIM, to enable you to delegate legitimate sources of email and cryptographically sign your messages so that recipients know the email is from your domain.  When properly implemented and monitored, DMARC helps businesses by:

  • Improving Email Delivery – Sending email that is DMARC compliant can improve email delivery to your customers because inbox providers prioritize properly compliant emails.
  • Increasing Email Visibility – Imagine getting feedback on the compliance of your email from recipients?  DMARC enables email inbox provider to report on ALL outbound messages sent “from” your company and any third-party providers utilized (Sendgrid, Marketo, etc.)
  • Identifying Delivery Problems – Gives your business insight into providers and email sources that have email authentication issues with SPF and DKIM that affect email delivery.
  • Preventing Spoofing/Phishing Attacks – Once properly implemented, DMARC can prevent fraudsters from targeting your customers using your domain reputation.

Even with DMARC, SPF and DKIM implemented you need to continuously monitor the feedback you receive from your email recipients’ inbox providers and act on the data.  DMARC reports can be confusing to interpret and they also do not contain information about blacklisting, the most fundamental email hygiene issue.

Adaptive Blacklist: A New Ally

Email delivery is still dependent upon the blacklist status of the sending IP address.  Email from an IP address that is blacklisted will typically be blocked even before DMARC compliance checks are made.  After you have outsourced email distribution to 3rd parties, how do you keep track of their blacklist status?  How do you know these providers are performing?

You need blacklist monitoring for your senders.  MxToolbox has developed a revolutionary approach to check blacklist status of 3rd party vendors – Adaptive Blacklist Monitoring.  MxToolbox’s Adaptive Blacklist Monitoring leverages DMARC reports to understand what IP addresses your 3rd party vendors are using to send your email and then constantly analyzes the blacklist status of your sending IPs.  Adaptive Blacklist monitoring even adapts to the addition of new providers and reports on email threats. With MxToolbox, you get expert insight into your DMARC compliance combined with unique Adaptive Blacklist Monitoring.  No other DMARC delivery solution does the same.

What is Whale Phishing?

The number and type of malicious online attacks seems to be increasing daily.  Whaling/Whale Phishing is another in a long line of scams, this time leveraging and targeting senior executives.  The term “whaling” was coined because of the magnitude of the targets and attacks relative to those of typical phishing ploys.

What Is Whaling Phishing?

A whaling attack, also referred to as whaling phishing, is a specific form of phishing attack that explicitly targets high-profile employees—CEOs, CFOs, or other executives (known as whales)—in order to steal sensitive information from a company.  Executives/Whales can be either the target recipient or the spoofed origin of the phishing emails.  Whales are carefully chosen due to their overall authority and access to secure company information. The goal of a whaling attack is to con the executive or employee into exposing corporate credentials, customer information or sending money via wire transfer.

How Do Whaling Attacks Work?

Whaling attacks work on the trust of executives and employees.  When spammers impersonate an executive, an employee is unlikely to look deeper into the origin of the email and simply comply with the request.  When spammers target an executive as the victim, the goal is to get access to the power of that executive: credentials, authorization of funds, even confidential information that only the executive can access.

Whaling attack emails and websites are highly customized and personalized, and they often incorporate the target’s name, job title, or other relevant information collected from a variety of sources.  Due to this level of personalization and their highly targeted nature, whaling attacks are usually more difficult to detect than standard phishing attacks. Whaling phishing attacks rely on the same social engineering methods that traditional phishing uses, but in this highly targeted approach.  Attackers will send hyperlinks or attachments to infect their victims with malware or to solicit sensitive information. By targeting high-value victims, fraudsters might also persuade them to approve fraudulent wire transfers using business email compromise techniques. In some cases, the attacker impersonates the CEO or other corporate officers to convince employees to carry out damaging financial transfers.

Examples of Whaling Attacks

Perhaps the most notable whaling phishing attack occurred in 2016 when a high-ranking Snapchat employee received an email from a fraudster impersonating the company’s CEO. The employee was duped into giving the attacker confidential employee payroll information. The FBI subsequently investigated the attack.1

Another newsworthy whaling scam from 2016 involved a Seagate employee who unknowingly emailed the income tax data of several current and former company employees to an unauthorized third party. After reporting the phishing scam to the IRS and FBI, it was announced that thousands of peoples’ personal data was exposed in that whaling attack.2

How do you protect yourself?

Whaling phishing uses the same entry methods as traditional phishing methods: email, malware infected links and attachments, believable email addresses and well-replicated branding and logos.  To protect yourself from whaling, you need to be vigilant with every email and mindful of the financial or privacy implications of any response, even to your CEO.  We recommend improving both your information security awareness training and internal policies regarding financial and privacy data handling.  For example, add a corporate policy to require verbal authorizations in addition to the original email for financial or privacy transactions.   Many companies operate at break-neck speed, to protect your business, you often need to slow down and think through the implications of acting upon every emails.

As a corporate inbox provider, keeping up your incoming spam and malware filtering will help reduce the flow of potentially dangerous email, but it cannot prevent it.  Setting up your inbound email services so that they provide DMARC reports on email received to the original senders.  This information is invaluable to combating incoming spam and phishing attempts.  Also, ensure your that your inbound email services support senders restrictive DMARC policies (Quarantine or Reject) and process non-DMARC compliant email appropriately.  Rejecting email that is not DMARC compliant will greatly reduce the amount of spam and phishing attempts that arrive in your inboxes.

How do you protect your brand from being used in Whaling?

The trust your partners, vendors, and customers place in your email is directly related to the value of your email and the amount of spam, malware and phishing attacks that appear to come from your domain.  You cannot prevent fraudsters from creating spam and impersonating your domain, but, you can stop the spam and phishing from affecting your reputation.  To shutdown phishing that appears to come from your domain, you need to adopt DMARC for your outbound email and manage your DMARC compliance rate for outbound email.  Once your legitimate email is compatible, you can start instructing inbox providers to quarantine or reject non-compliant email.  At that point, the majority of non-compliant email should be spam and phishing attempts using your brand.  Managing your email is not a set it and forget it strategy, but an on-going process that requires regular monitoring and update.

MxToolbox’s Delivery Center

MxToolbox Delivery Center provides you with everything you need to setup, monitor and manage your DMARC compliance.  Email deliverability requires constant monitoring and tuning and MxToolbox has over 10 years experience working with companies large and small to improve email delivery.  Delivery Center gives you insight into Who is sending email on behalf of your domain, How Much of your email is DMARC compliant, Where email threats are coming from, How to improve your email configuration and When to make your DMARC policies more restrictive to prevent phishing using your domain.

https://www.scmagazineuk.com/snapchat-whaled-employee-payroll-released/article/1478171

2 https://krebsonsecurity.com/2016/03/seagate-phish-exposes-all-employee-w-2s/

Why DMARC is Not Set It and Forget It

Email DNS (Domain Name Service) records have become the linchpin for improved email delivery. Without the four major components (discussed below), your company’s outbound messages are at high risk of being rejected by inbox providers.  Worse, without proper Email DNS configurations, your brand is at risk of falling victim to phishing or spoofing scams.

To get email delivery to it’s highest levels, you need:

  • MX (Mail Exchanger): Resource record specifying mail server responsible for accepting email on behalf of a domain.  Without an MX record, no email is coming to your domain and most, if not all, recipients will check for an MX record before accepting email from a domain.
  • SPF (Sender Policy Framework): Email authentication method designed to detect spoofing via authorized domain list.  With SPF, you designate what IP addresses and domains can and cannot send on behalf of your domain.  Recipient systems check this list and may reject email from unlisted sources.
  • DMARC (Domain-based Message Authentication, Reporting, and Conformance): Email validation system designed to enable inbox providers to provide feedback on email that is sent from your domain.  DMARC enables senders to detect and prevent email spoofing (forged sender addresses used in phishing and spam efforts).
  • DKIM (DomainKeys Identified Mail): Email authentication method designed to enable senders to sign their emails so that inbox providers can easily detect spoofing via digital signature.

DMARC works best when senders have adopted both SPF and DKIM and achieving DMARC compliance using SPF and DKIM is a vital step in ensuring your emails are delivered.

How do you become DMARC Compliant?

The importance of reaching DMARC compliance can’t be overstated.  Essentially, your company’s email reputation, and email deliverability, relies on this protocol.

Once DMARC has been implemented, it allows you to:

  • Monitor, detect, and fix real-world problems with your email delivery
  • See the email volumes you’re delivering to inbox providers (including which providers)
  • Identify threat emails purporting to come from your domain (i.e., spoofing/phishing using your domain)
  • Defend your reputation against spoofing attacks using your domain.

Essentially, DMARC gives you the information and tools necessary to improve your email deliverability, defend your brand from spoofing, and even reduce the amount of spam on the Internet.  Without DMARC, inbox providers will begin to see your email as riskier than your DMARC-compliant competitors and more of your email will end up being classified as Bulk, Junk or even denied.  What you need is a way to decipher all of the information that DMARC reports provide.  Tools like MxToolbox Delivery Center give you that.

Set It and Forget It?

It is fair to assume that once you configure DMARC correctly, you’re done with the process and email will flow freely and without incident.   Unfortunately, this is not the case.  Your business will change and so will your email configuration.  If you want your company’s email delivery rates to stay consistently high, then you must routinely monitor and adjust your DNS records as your business evolves. There are several routine scenarios that can cause issues if you ignore your settings.

Adding a Sender

Your company’s Marketing Department adds a new email vendor, Sales adopts a new CRM or Support trials a new online support tool.  Now, you must add each of these providers to your SPF records, verify them, and setup DKIM with them otherwise emails from these systems will be rejected.  Next comes a breaking in period where you need to monitor delivery rates of email sent from these platforms.  You might have to temporarily lower your DMARC policy to Quarantine or None to ensure that email from these sources is accepted.  You need a tool to continually monitor your DMARC compliance and email deliverability to ensure that your email is reaching your customers and business partners.

A Trusted Sender is Blacklisted

The primary safe guard for email delivery is still blacklisting IP addresses and domains that are frequently used in spam, phishing and malware attacks.  An inbox provider doesn’t even process email from a blacklisted IP.  Blacklisted email is typically not delivered, even to junk.  If you or one of your email providers is sending from a blacklisted IP address, your email delivery is in jeopardy.  Inbox providers that utilize DMARC for feedback will only report on SPF, DKIM and DMARC compliance of emails sent, they do not report on blacklisted IPs!  You need to monitor your sending IP addresses for blacklisting to ensure your email deliverability.

Providers get Compromised

Hacks are a regular problem for every business and your email service providers could be a target as a legitimate source of email.  In fact, MxToolbox has seen individual inboxes compromised at major inbox providers several times in the last years.  If a provider is hacked, then any email sent via that provider will automatically pass SPF, DKIM and DMARC checks.  How would you know if this happens?  Only by monitoring your email deliverability and examining the forensic reports sent back by the recipients via DMARC reporting.

Fraudulent Email Volumes Dwarf Legitimate Email

With low outbound email volumes or with valuable brands, the fraudulent email volume could greatly exceed the legitimate volume of email.  In cases like this, monitoring DMARC reporting is invaluable so that your team can see the spike in message volume and change your email posture.  Even when using a Reject policy, some providers might report your domain to blacklists because of the overwhelming spam signal.  You need to monitor your domain as well as sending IP addresses for blacklisting.

Exceeding SPF Includes

As your organization grows, you will add new providers: CRMs. Market Automation, Support, Inbox, etc.  Each provider you add will need to be entered into you SPF record and each of these providers will have a range or ranges of IP addresses in their own SPF records.  The RFC on SPF allows for at maximum 10 includes in the tree, after which no other includes are read.  You might add a provider and exceed the limit of SPF includes or a provider might add a new range to their SPF and exceed the limit.  Without monitoring your email delivery and email configuration, you would never know until email fails to reach your customers.

How do I monitor email deliverability?

To monitor and manage email deliverability, you need a tool that constantly analyzes and reports upon:

  • SPF, DKIM and DMARC Compliance
  • Blacklisted Sending IP addresses and Domains
  • SPF, DKIM and DMARC Configuration
  • Known Senders, Forwarders and Email Threats like Fraud and Phishing
  • DMARC Forensic Information*

Only MxToolbox Delivery Center provides you with all the information you need to properly manage your email deliverability, from setting up email best practices to managing email delivery for the longterm.  Delivery Center Plus* even includes Foresnic information for detailed threat research.

MxToolbox has everything you need to improve email delivery with DMARC and only MxToolbox provides the Experts capable of managing your email delivery posture.  MxToolbox Managed Services can get you up and running quickly and manage your email delivery in the longterm.

Why do blacklisting and DMARC work together?

Your email might have been blacklisted at one time.  You probably found that out when customers or suppliers told you that they weren’t receiving email they were expecting from you.  It’s painful and can shutdown your business.  Staying off blacklists is just one of the ways to guard your email deliverability.  The other is DMARC.  DMARC enables you to proactively obtain feedback about your email so that you know about how your recipients’ email systems perceive your email quality.  From that information, you can determine how to improve your email quality before it becomes a blacklisting issue.

Learn More

Your Email Delivery Checklist

Email delivery can be complicated.  New technologies have emerged to help inbox providers protect themselves and their customers from spam and fraud emails, but these can also stop legitimate emails from being delivered.  How do you protect your email delivery?

Our MxToolbox Email Experts have created a checklist to help you improve your email delivery.  Learn more

Why Blacklisting isn’t really the problem..

If you are on a blacklist, then you’re feeling the urgency and pain of getting off the blacklist and restoring your ability to send email to customers, prospects and vendors – you’re ready to get back to business.  But, wait a second, what caused you to be blacklisted in the first place?

Causes of Blacklisting

  • Malware or Virus infection
  • Errant bulk email campaign
  • Random mail to spam traps or honeypots

You can control these issues with software that filters inbound and outbound email, but really, these are just symptoms of a greater problem – poor Email Delivery Management, meaning methodically developing best practices to ensure email gets to the inbox.

What is going on with email delivery?

Long gone are the days when you could fire off an email and assume it went directly into your customers’ inboxes.  Between spam filters, anti-virus programs, and blacklist-based email filters your email delivery is controlled by several layers of security.  But, do you know anything about how that security works?  Do you know if your email is getting through?  Do you get any feedback from users?  Blacklists are just part of the equation.  By the time you know you are on a blacklist, it’s already too late, your email is already being denied.

In addition, you are probably using several 3rd party companies to email for you.  These could include a bulk email service, marketing automation, forwarders or even rogue email systems sitting in your network.  Do you know if you or partners emailing on your behalf have good reputations with your customers, their inbox providers and those security tools I mentioned?  Do you get any feedback until you’re blacklisted?

In recent years, Google and Outlook.com have been rapidly gaining market share as inbox providers.  They and many other companies are prioritizing email that has passed SPF verification and is signed by a valid DKIM signature.  Are you ready for SPF and DKIM?  Do you know if all your 3rd party emailers are covered in your SPF record?

Finally, email spoofing is becoming one of the biggest methods for exploiting a company’s brand to obtain private information and user credentials.  Do you know who is leveraging your brand to spoof your customers?

How do you manage email delivery?

The short answer is to adopt three important technologies:

  • SPF – Enables you to tell the world who is legitimately allowed to send email on your behalf
  • DKIM – Enables you to sign email and take ownership of the quality of the email you send
  • DMARC – Enables you to publish an email address where you can receive feedback from inbox providers about the quality of the email coming from your domain and control how a provider processes email that fails SPF or DKIM.

With all three technologies, you take ownership for the email you send, designate additional senders for your domain and get feedback on email sent by you, your senders and potentially malicious senders.  This is the start of email delivery management.

Our Experts

MxToolbox is the expert in email delivery.  Our team of highly skilled specialists can help you setup SPF, DKIM and DMARC and begin to manage your email delivery.

After talking with dozens of clients, we realized that our customers needed help decoding DMARC reports and understanding:

  • Who is sending email purporting to be from your domain
  • What is the reputation of your domains and delegated IPs
  • Where other senders are and What their reputations are
  • How your SPF, DKIM and DMARC setup is performing
  • What senders are failing DKIM
  • What senders are failing SPF verification
  • When to setup more restrictive policies for DMARC

Check out MxToolbox Delivery Center and how our experts can help you better reach your customers.

What blacklist monitors do I need?

Blacklisting can be a pretty complex issue.  There are several different catgories of blacklists and each finds bad actors in it’s own unique way: honeypots, customer reports, protocol scans, etc.  This can leave many users confused.

What blacklists matter?

Which ones should I monitor?

What servers should I monitor?

First, MxToolbox monitors the most comprehensive, best curated list of blacklists.  Our experts understand blacklists and the causes of blacklisting better than anyone out there.  You can trust that our list of 100+ blacklists is the list you need to know about for your online reputation.  In fact, new blacklists are often asking us to add them to our checks!

Second, you need to understand the causes of blacklisting.  Even if you are using a legitimate server on a legitimate IP address, you could legitimately get caught in a blacklist honeypot, attacked by malware, accidentally spam someone and flagged for malicious activity.  Monitoring your servers for blacklisting is like an insurance policy – you need it whether or not you’re planning to have an accident.

Our experts recommend the following monitors to ensure your email delivery and online operations by monitoring your blacklist reputation:

  • IP Blacklist monitor for each mail server IP
    At minimum, you should have an IP monitor for the IP referenced in your MX record
  • IP Blacklist monitor for each web server IP
    At minimum, you should have an IP monitor for the IP referenced by your website’s A record so that traffic is not interrupted to your e-commerce site.
  • Domain Blacklist monitor for your domain
    This is optional, few companies are referenced enough in spam to be blacklisted unless they really are a major source of spam, malware or botnets.

There are other monitors that will help your overall system reputation, stability and reliability:

  • An MX monitor for your mail server in case it should ever be changed or DNS go down
  • An A record monitor for webserver
  • A SMTP monitor for your mail server to ensure uptime and report downtime and issues with availability
  • A Mailflow monitor to check your end-to-end mail system performance

 

Still listed?

Every so often a customer contacts us because they feel it is taking too long to be de-listed from a blacklist or they were almost immediately re-listed on a blacklist.  We have a few recommendations for you:

First, be patient!  Some blacklists are operated by a small team that must field hundreds or thousands of requests every day.  They need time to get to your issue.  Some blacklists require a minimum delay before they will delist an IP address or domain.  This is for everyone’s protection.  They have no credibility as an anti-spam service if they delist a regular spammer or if they delist someone with a malware infestation before it has been remedied.  Blacklist administrators need time to trust your servers again.  Give them time.  It’s painful for you, but it’s temporary.

Second, research your issue!  You may not think you have an issue, but it is very rare that your email randomly dropped into a honeypot or other spamtrap that blacklist administrators use to create their lists.  You have an issue, somewhere.  It might be a malware infection, it might be an accidental   inclusion in an email campaign, it could be an internal user sending malicious email by accident.  Regardless, you need to do some research into your systems to make sure it doesn’t happen again!  And, you may need to look into your internal email controls and policies.  You should be doing this anyway, but now is the time to make a special effort!

Finally, fix your issue!  Put new policies in place.  Invest in new email controls.  Talk with Marketing about how they do campaigns.  Setup user controls.  Sweep your systems for malware.  Clean your house.  This will save you time and money down the road.  And, you can mention all this in your next request to delist.  The blacklist provider will appreciate the work.

Why do all this work if it was an accident?  How do you know it was really an accident you were listed?  You don’t unless you look into it and there’s tremendous risk in assuming that you’re “okay”.  The downside of being listed a second or third time is severe:  you will be listed for a much longer time and it will be much more difficult to be delisted.  In fact, most blacklist administrators have a three-strikes policy.  A third listing and you’ll likely be blacklisted for the better part of a year.  Continued listing could get you on their permanent blacklist.

Yes, I am trying to scare you.  Yes, this is serious.  Yes, this requires you to work to fix the issue.  Get started!  The downside is much more severe than the minor inconvenience you are experiencing with your first blacklisting or even with your delisting request being delayed.  And, remember, paid MxToolbox users don’t have to go it alone: we provide delisting support services to help you get off these lists.  But, we can’t magically delist you:  you still have to do the work.

Blacklist, No-List, Delist, Whitelist

Everyday we get requests to “Whitelist” an IP.  To quote the great Inigo Montoya, “I do not think it means what you think it means.”  When talking about Blacklisting, Delisting, Whitelisting and not being on a list at all, you need to need to understand exactly what it is you are requesting. So, here are a few definitions to help you talk about what is actually going on.

Blacklist

When an IP or domain is blacklisted, traffic from or to that location is cutoff.  Typically, blacklisting is due to some bad action on the part of the IP address or domain owner, like sending spam, being infected with malware or viruses or facilitating spam through a bad mail configuration.

Short-term blacklisting is a wake up call to fix problems and harden your email or web server security.  Long-term blacklisting will cripple the business run from that IP address or web server.  We provide much more information on blacklisting throughout our blacklist-specific blog articles.

For more information on the blacklists we curate, check out our blacklist information page.

No-List

No-list simply means that you are not listed on a blacklist, whitelist or greylist.  This is good.  It means no one out there is concerned about your IP address or domain.  Basically, no-list is business as usual.

Delist

When you are on a blacklist, you can ask to be removed from the blacklist.  This is called delisting.  A delisting request should be made to the blacklist agency that has you listed.  MxToolbox aggregates and curates our list of blacklists and provides delisting support to our paid customers.  We don’t run the lists and we cannot help you if you haven’t already performed the necessary minimum steps for delisting:

  • Remedy the problem with your servers.  Stop the spam, fix the configuration, purge the malware or viruses, rebuild if you have to.
  • Contact the blacklist and request delisting.  Some blacklist will not have a contact for and will automatically delist you after a period of time wherein no new spam issues arise.
  • Wait.  Delisting takes time.  We understand the pain of being blacklisted and how that can affect your business and revenue, but delisting does not happen overnight.  Blacklists need to wait to make sure they are delisting legitimate businesses while still catching spammers.  If they delist you too early, they lower their reputation as a valuable mechanism to combat spam.

Greylist

Many blacklist operators have a second, less severe category for activity that isn’t considered overtly malicious, but is considered to be problematic.  These operators may choose to classify an IP address or domain name in this state as greylisted.  Greylisted simply means that the servers have done something bad, but not enough to have traffic completely banned.  Greylisted IP addresses and domain names could eventually be promoted to full blacklisting or unlisted entirely.

At MxToolbox, we are primarily concerned with Blacklisting.  Greylists are less common and the coding for greylists is inconsistent across blacklist providers.  If this is something you would like us to add, send email to our feedback address.

Whitelist

Many of our customers ask us to whitelist their IP address or domain names.  First, let me be 100%, we will never whitelist you.  I will explain.

Whitelisting an IP address or domain name means that we will always accept traffic from that server.  Whitelisting implies that the server is 100% clean, trusted and traffic from there is always valid.  Most companies will only whitelist highly trusted, internal, highly secured servers.  While we love our customers, we don’t know you that well!

If you are blacklisted, asking a company to whitelist you is like toilet papering a house and then asking for keys to the front door.  Fix your mistakes, build up your reputation, make amends, then maybe you will be trusted at some point down the road.  Not today.  What you really want when you are blacklisted is delisting.  

Note:  MxToolbox maintains a list of servers that we use to monitor our customers’ systems and setups.  These should be whitelisted so that we can accurately monitor your servers.

For more information on our monitoring solutions, check out our feature comparison page.

Blacklist Curation

To start, let me welcome you to the new blog.  Same content, better format!

Today’s topic is about curating the blacklists we search and how our experts decide to select a blacklist to be included on our site.

First, our experts in email deliverability look at what blacklists are being used by actual mail service providers, internet service providers and medium and large companies as part of their anti-spam filters.  Chances are good that if we list it, someone is using it to block spam somewhere.

Second, we require that there is some form of free delisting.  While the blacklist may have an express delisting fee or some other fee or donation associated with it, all our blacklists have a method of freely delisting your IP address or domain.  This may be a painfully long automatic delisting, but it’s still free.

Note:  Automated delisting is becoming more popular as delisting requests require significant oversight.  The idea behind automated delisting is that repeated issues are a sign of a repeated problem.  Delisting occurs typically when the issue for which the IP or domain was listed has not occurred in a certain amount of time, often proportional to the time the issue did occur.  Protected Sky is an example of a blacklist with an automated delisting.  Patience is required with these.

Finally, we look at relevance to our customers.  There are many blacklists out there, but are they in use?  Are they active?  Do they overlap other blacklists?  Are they limited to regional email traffic?

While we look at relevance to our customers, and where are customers are, the biggest test of relevance for your email is this:  Are you experiencing bounced email and on a blacklist? If you are experiencing bounces and on a blacklist we don’t support, let us know.  We will work to get add the blacklist if it is publicly available.  If you are on a blacklist we curate and not experiencing bounces, congratulations!  That means none of your customers or partners are using that blacklist as a spam filter.

At any time, if you have questions or comments about our blacklist curation, please email feedback@mxtoolbox.com