Tag Archives: blacklists

Are Blacklists still relevant?

Blacklists were developed as a way to mark IP addresses used to send spam, IP addresses at risk of sending spam due to poor configuration or domains used in spam emails.  Blacklists would be consulted by an inbox owner when making email delivery decisions and should not be used to modify web traffic.  

The Arms Race

Early on spammers could set up an email server on any network and send unsolicited email to whatever email addresses they could scrape off the Internet.  Inbox Providers and other Companies then set up lists of IP addresses that were sending spam and shared them with each other – the first blocklist/blacklists came from these casually developed lists.  Eventually, blacklist providers emerged as a profitable business model and even developed traps to harvest the IP addresses of spammers without impacting actual users.  Blacklists became highly useful to block malicious email from a single email-sending IP address or small network.

Spammers could see the inevitable downturn in their scams and quickly changed IP addresses to resume sending spam.  Blacklists detected the new spam IP address, listed it and Inbox Providers blocked email from it.  This cycle continued.  Some Blacklists started listing entire networks and Internet Service Providers to stop them facilitating spam.  The downside is that legitimate senders can get caught in this cycle, but often have trouble changing IP addresses.  Delisting is available but sometimes time-consuming which delays or degrades regular business operations.  

Legitimate Email Marketing Can Be Blocked

Email marketing became a necessity to get a business growing on the Internet.  Setting up a mail server, maintaining it and keeping it off of a blacklist with any sort of email volume was difficult for smaller businesses.  Large companies could easily afford a big pool of IP addresses and several mail servers to shift load around. Entrepreneurs stepped in and created email marketing/email blasting companies to fill the gap. Email marketing firms took on the risk of blacklisting and the responsibility of moving the load around, as well as getting the IP addresses delisted in a timely manner.  But, which emailers were legitimate and which were spammers?   SPF, Sender Policy Framework, allowed businesses to designate an email marketing company as a legitimate partner.

New Technologies Emerge

Inbox Providers then changed the game, scanning for SPF to ensure legitimate outsourcing.  Most companies will not process an email if it does not pass SPF Authentication or SPF Alignment.  The next step was checking digital signatures using DKIM and tying it all together with DMARC.  This created a big bar to jump for many spammers, but also businesses.  An email needs to pass SPF or DKIM checks to be DMARC compliant and a sender needs to actively manage email configurations to get an email delivered.  A comprehensive email delivery tool like MxToolbox Delivery Center has become a necessity for understanding DMARC reports, managing configurations and maintaining good email delivery.

Spammers are beginning to adapt by hacking legitimate business email accounts or adopting SPF, DKIM and DMARC for their look-alike spam domains.  Unfortunately, small businesses are still lagging behind and their email delivery is suffering. SPF, DKIM and DMARC have become the minimum for good email delivery,  

So, are Blacklists Still Relevant?

Blacklists are less important than they were in the past.  You should think of email security as layers on an onion:

  • Blacklists
  • SPF
  • DKIM
  • DMARC
  • Internal Filters
  • Relevance Filters

If being on a blacklist is affecting your business, your email isn’t even making the first layer of security and you’ve failed to take advantage of all the tools you have available to manage your email deliverability.  Being blacklisted is like a heart attack, it’s a sign that you need to rethink everything, change your email practices and adapt to the new technology landscape.

Ultimately, blacklists may only be useful for on-premise email hosts and will lose some relevance, especially for Inbox Providers like Google, Yahoo! and Office365. Blacklists are brute-force and can eliminate legitimate, relevant email when blocking spam. There are many more layers to jump through before you get to the Inbox that are easier for Inbox Providers to maintain and more effective at blocking undesired email and passing legitimate useful communications.  All businesses need to adopt the current email best practices: 3rd party email senders, setting up SPF, DKIM, DMARC, leveraging DMARC Reporting, etc.  

How can MxToolbox help?

Get started with Inbox Placement!  Your goal is to get to the Inbox, so start there.  We’ll analyze your email configuration and content to give you clear reasons why your campaigns aren’t making it and make recommendations to help you get there. MxToolbox Delivery Center also provides deep insight into DMARC, SPF and DKIM configurations and allows you to obtain feedback on recipient complaints, DMARC reports and emerging email threats.  Get comprehensive insight into your email delivery with Delivery Center.

Are blacklists legal, ethical, etc?

Blacklists came about as a response to unethical and illegal spam.  Blacklists have no other purpose but to stop bad or malicious acts, so they typically occupy the ethical high ground. Since they are used by businesses, universities and internet service providers to screen traffic, they are incented to be ethical, list only known bad actors and not list legitimate commercial traffic.  To do otherwise would undermine the value of their service to their own customers.

All that said, MxToolbox carefully curates a list of the most used and best maintained blacklists.  All the blacklists we check provide free delisting services.  We feel that requiring payment for delisting is not ethical.  However, a few blacklists offer expedited delisting services, which is a bit of a grey area.  Other blacklists may ask strange or seemingly random questions.  Think of this as geeks being geeks, rather than anything malicious or unethical.

What does being blacklisted mean?

Being on a blacklist is a sign of trouble for your email deliverability.  Since companies screen out traffic from blacklisted IP addresses, your emails may be dumped into a spam folder or refused completely.  If your email server’s IP address is blacklisted, it could make doing business difficult.  It’s also a sign that your servers may have been used for spreading spam, viruses or malware.  This could indicate a security breach or an employee issue.  

If your website IP address is blacklisted, then you have a bigger problem.  Typically, web servers do not send email.  Since the primary means of collecting bad actor IP addresses is via email, your web servers might be sending email without your knowledge.  This is definitely a sign of a malware or virus infection on those servers, or someone running email inappropriately from a web server.  

Occasionally, small businesses will run email and web on the same servers.  If you do, you run the risk of a blacklist event taking out all your e-commerce channels because companies may deny access to your website and email activity based upon your blacklist status.

Domain blacklisting is a serious issue.  It means that someone is using your domain for malicious activity, either on a server hosting your website, or by breaking into your DNS.  If the activity is coming from a server in your datacenter, then you need to root out the virus or malware on your servers, patch your servers, and upgrade your security systems and firewalls.  If the activity is coming from a server outside your datacenter that is using your domain name or a subdomain, you have another big problem.  In this case, your DNS has been hacked and the attackers have added subdomains that use your brand.  The attackers can utilize the remote server to host malware and viruses all the while using your brand to make their attacks look legitimate.

Regardless of the type of blacklist, being blacklisted could be a serious issue.  MxToolbox Monitoring services can help you by letting you know when you have been blacklisted, giving you notice before it becomes a serious business issue.

How do I get delisted?

Each blacklist has it’s own method for delisting.  Sometimes it’s a webform, sometimes it is an email.  Almost always, you need to include the steps you took to fix whatever problem put you on a blacklist.  Many blacklist operators see themselves as righteous crusaders fighting against spam, malware, viruses, bad email configurations and poor email operations, so remember when dealing with a blacklist operator, you are the bad actor seeking forgiveness.

Tips for delisting:

    • Read the description of the blacklist – Descriptions on MxToolbox Blacklist Info Pages give you everything you need to know about the blacklist and your reasons for being listed.  
    • Ask yourself “Do I need to be delisted?” and “Is this affecting my business?” – If you do not do business in Spanish, chance are you don’t need to be removed from the NoSolicitado blacklist that only serves Spanish language emails.  If you aren’t seeing any emails bouncing back, then this isn’t a huge issue, yet.  Don’t waste time or get frustrated over listings that have no effect on business.  
      MxToolbox provides filters that allow you to ignore alerts on irrelevant blacklists.  We also provide an MxReputation report that tells you what your global reputation is.  If it’s still high, you might be fine ignoring this blacklist.
    • Take care of the problem that caused the blacklisting – Once you know why you were listed, fix those issues.  Patch servers, run anti-malware/anti-virus software, fire the guy in marketing that was CCing all your customers or whatever you need to do. A blacklist will not delist you if you have changed nothing.
    • Have a detailed list of remediation steps you have taken –
      What did you do to clean viruses or malware?
      What did you do to close hacked accounts and prevent future attacks?
      Have you changed outbound email policies to prevent spam?
      Have you patched servers or firewalls?
    • Visit their site and fill out the required forms carefully and completely – MxToolbox has links to all the blacklist websites, including delisting forms.  Their forms are for their protection.  Their users will question a delisting if it results in further spam, so filling them out completely will aid your case.
    • Be polite – Most blacklists have evidence that your servers have acted badly.  Treat this as a respectful request that your servers be delisted because you are technically the bad actor here.
    • Explain the business impact – Let them know that you have a business that is impacted by being listed.
    • Be patient, wait a few days for a response – This is not an instantaneous delisting process.  Some of these blacklists are small shops with a handful of employees.  They also need time to validate that you are no longer spamming, sending malware or other issues.  They will wait to see that your emails are no longer hitting their spam traps or being reported by any new customers.  Be patient.
    • Don’t make multiple requests – It’s okay to make a second request if you have heard nothing in a few days, but refrain from making multiple requests in the first few days of an inquiry.  Blacklists get hundreds or thousands of requests daily and often duplicates drop to the bottom.
    • Don’t pay to delist – All the blacklists checked by MxToolbox provide free delisting services.  A few offer paid expedited delisting services.  MxToolbox does not recommend paying to delist and we do not condone services that require payment.  

After you’ve gone through these steps, you should consider setting up monitoring on your important IP addresses, especially Email and Web servers.  Monitors can alert you to blacklist events as they emerge, rather than waiting for serious business impacts.  MxToolbox offers a wide range of monitoring solutions from Free, single IP solutions, to real-time large network blacklist monitoring.

How are blacklists used?

Organizations use blacklists to limit security threats like spam, malware and viruses. The IP address of a server sending email is pulled from the email’s header and compared to the blacklist.  Anything that originates from an IP address on the blacklist is refused, quarantined or dumped to a spam folder.  Similarly, content of an email is scanned against the domain blacklist.  Any emails from or containing a domain on a blacklist will be dealt with.

Some companies also utilize blacklists to scan inbound or outbound web traffic or to create web or email filtering appliances.  Many companies purchase or utilize multiple blacklists along with their own blacklist information to minimize the potential for spam, malware or viruses passing through their servers.

MxToolbox provides insight into the blacklist reputation of your IPs and Domains.

 

What is a Blacklist?

A blacklist is simply a list of IP addresses or domain names that an organization has decided to block for one reason or another.  Blacklists started as a means to combat email spam.    Early on, it was just a list of IP addresses or domain names that were sending junk email.  These lists were manually managed with IPs added and removed based upon human interactions between a few systems administrators.  As the Internet evolved these individual lists became larger, more centralized and list curators developed unique tools, spam traps and service models to make the lists more widely available, and more accurate.

There are a few different types of Blacklists that you need to be aware of to fully understand the market.

Public/Private

Public Blacklists are shared publicly via the web or, more traditionally, via DNS.  A public blacklist can be referenced by anyone online to check individual IP addresses.  Checking more than one list or more than one IP requires development of tools, like MxToolbox that can programmatically check these lists.  Often a subscription to the full list can be purchased for use internally, or commercially in appliances or software. Examples of public blacklist are SORBS and Spamhaus Zen.

Private Blacklists have been setup by a company for their own security usage and are not made available externally.  Often, these are considered proprietary or trade secrets because proprietary methods of data collection are used in the curation of the list.  Examples of these include your ISP’s blacklist, Microsoft’s blacklist and those used by security companies.

IP/Domain

IP Blacklists contain a list of IP addresses that are suspect.  Typically, each IP blacklist has a different method of generating suspect email or web traffic and therefore different reason for listing the IP address.  Typical reasons for listing are:

  • Spam has been received from this IP in a honey trap, directly by the organization or has been reported by subscribers to the list.
  • Malware or viruses were sent from this IP address.
  • Open relays or other configuration issues allow for bad actors to exploit the server at this IP address for spam or malware distribution.
  • This IP address has been marked as dynamic (DHCP) by the owner and leased out to their customers.  Since it is dynamic, no servers should be on these IPs and you cannot trust the ones that are.

Note: If you are on a dynamic IP address, you will automatically be blacklisted by most blacklists.  This is normal.  If you’re not sure if you are on a static IP, then you’re probably not on a static IP.

Domain Blacklists simply list domains that have been found in spam email or are known to be sources of malware infections.  There are only a handful of domain blacklists or blacklists that list domains alongside IP addresses.  While a Domain Blacklist is a useful tool to alert you to reputation issues, they do not contain comprehensive domain reputation information.  In general, checking your website’s IP address against an IP blacklist is also necessary to protect the reputation of your website and checking the IP addresses of your email servers is necessary for protecting your email reputation.

You can find the full list of blacklists checked by MxToolbox here.

This is the second in our series on making the most of your MxToolbox account.  Today we’ll talk a little about blacklisting. 

Blacklist Lookups

An example of blacklist results.

An example of blacklist results.

Blacklist lookups check our extensive list of blacklists (up to 100 for paid subscribers) and operate in two modes: IP address or Domain blacklists.  This is one of those where checking blacklists for IP addresses produces different results than using a domain.  Read more below.

About Blacklists

For email senders, Blacklists might seem to be a nuisance.  Who are they to prevent you from emailing your customers?  Well, they are legitimately used by nearly every email provider on the internet to reduce spam.  Blacklists setup honeypots that receive spam and use this spam in their algorithms to block illegitimate email.  In fact, Blacklists reduce the amount of email your servers process by as much as 90%.  Think about that for a second…  Your server would need to be 10x more powerful to process all the email you receive without using the email filter capability a blacklist provides.  Blacklists benefit everyone (except the spammers) by reducing the overhead of emailing.

Occasionally, legitimate emailers get caught in a honeypot and added to a blacklists.  That’s how MxToolbox, helping legitimate businesses understand the blacklists they are on and how to get off the list.

IP Blacklists

IP Address blacklists should be checked using the IP address of your mail servers or, in some cases, your web servers.  An IP address on a blacklist indicates that spam or malware has originated from that IP address, or potentially there is an email configuration that promotes spamming or is the source of a botnet attack.  Each blacklist specializes in monitoring different types of bad online behavior (spam, malware, botnets, exploitable email configurations, etc), so check the individual blacklist description for more information.

Domain Blacklists

Domain blacklists are a little different.  A domain blacklist lists domains that have been included in links or content of spam emails or those known to house malicious or exploitative software.  If your domain is on a domain blacklist, chances are your reputation or your website is being used for nefarious purposes and you need to correct it immediately.

Blacklist Detail

If you are blacklisted, MxToolbox is often able to provide information around the blacklist you are on.  This may include your reason for listing.  You will find a DETAIL button for each blacklist upon which you are listed.  For example, CBL is primarily for sending spam, probably resulting from a malware or virus attack.  Now you know what to check your server for before approaching the blacklist for delisting!

Delisting Information

An example of delisting information available on MxToolbox.com

An example of delisting information available on MxToolbox.com

You’re on a blacklist and you want off.  On each blacklist detail page, MxToolbox provides links and steps for delisting your mail servers from the blacklist.  Each blacklist is a little different.  Some may require more information, others may just require you to fill out a request form.  Regardless, you must fix the problem before you request delisting!  If you don’t you will be relisted and most likely have to jump through bigger hoops or experience longer delays the next time you request delisting.

Note:  Some blacklists ask for donations or payments for express delisting.  It is MxToolbox’s belief that delisting should be free.  We only search blacklists that are legitimately used by companies or organizations to reject email and have free delisting.  It is up to you to choose if you would like to pay for an express delisting or donate to the blacklist.  Contact Us is you feel like a blacklist is unfair or unethical.

The next topic is analyzing email server setups and troubleshooting using MxToolbox.

I didn’t do anything, but my domain is on a Blacklist

At MxToolbox, we occasionally see a domain on an IP blacklist as a source of spam or malware when the owner of the domain has done nothing wrong.  This article will discuss the issue and potential solutions.

The first thing we always recommend to customers with a potential spam or malware problem is to review the following things:

  1. Have you violated any CAN-SPAM regulations recently?
  2. Have you had a virus or malware outbreak in the recent past?
  3. Do you run your own mailserver?  Has it been on a blacklist recently?

If you answered “Yes” to any of these questions, you may have earned your spot on the blacklist but we can still help you with some tools and techniques.  Learn more about our blacklist solutions.

If the answer to all of these questions is “No”, you may still be on a blacklist through no fault of your own.  If you are hosting your domain in a shared environment, it is typical that the IP address associated with your domain is the same as the IP address associated with several other domains. These shared environments use the same servers for multiple domains.  In this case, the IP address of the server has been blacklisted.  This may be due to one of the other domains on this server having trouble with spam or malware.  It’s not your fault, you’re tainted by association.

What can you do?

You have a few options that involve talking to your Internet Service Provider (ISP).  First, you must notify your ISP that your shared host has a blacklist issue.  This problem affects all the domains hosted on that server and your ISP needs to notify other customers on the affected server.  Also, they may need to protect other servers, or run anti-virus and anti-malware protection on the server as the blacklisting may have been as a result of an infection.  Second, you can ask your ISP to move your domain and website to another server or have the IP address of your server changed to one that is not blacklisted.  If the domain that caused the blacklisting remains on the same server, however, your blacklist problem will only go away temporarily.  Another option is to move your domain to a dedicated host, where you are not sharing a server.  This may be more expensive but will make you entirely responsible for the blacklist health of your domain.

MxToolbox email experts can help you with everything you need around blacklists, including:

  • Lookup tools for identifying the blacklists you are on
  • Monitoring tools to constantly watch your domains and IP addresses for inclusion on a blacklist (and our paid monitoring solutions come with our top-notch support)
  • Information on blacklist and links to the blacklist, including delisting resources.

We also offer a turn-key Domain Health Monitoring solution that automatically monitors all the important aspects of your domain, from blacklists to email to website health.

Contact us to learn more.

How do I get off the Blacklist?

This is the final article in a multi-part introductory series on blacklists and blacklist activity.

Most of our customers come to us when their business has already been adversely affected by blacklisting.  Email is crippled by low deliverability rates.  The first question our experts are asked is always “How do I get off this $%&! blacklist?”  The process is really simple, but it often takes time.

First, you need to stop spamming, or sending viruses and malware.  The infected systems need to be shutdown or quarantined.  This could mean taking down email servers or infected workstations across the company.

Second, you need to put in place tools that prevent future exploitation of your systems.  MxToolbox, as an expert in email and blacklists, recommends cloud-based email security software and monitoring of your blacklist status.  You can contact our experts to learn about our Monitoring packages.

Third, you must contact the blacklisting agency or agencies to get delisted.  If you are on multiple blacklists, you must contact each one separately as each has their own preferred delisting process.  One thing is universal: before removing you from their list, blacklist operators will require you to explain the steps you took to prevent further spam, malware or botnet attacks from your servers.

MxToolbox email experts can help you with everything you need around blacklists, including:

  • Lookup tools for identifying the blacklists you are on
  • Monitoring tools to constantly watch your domains and IP addresses for inclusion on a blacklist (and our paid monitoring solutions come with our top-notch support)
  • Information on blacklist and links to the blacklist, including delisting resources.

Contact us to learn more.

How can I prevent getting on a Blacklist?

This is the third article in a multi-part introductory series on blacklists and blacklist activity.

The simple answer is don’t spam, or send malware or viruses and you won’t get on a blacklist!  Unfortunately, this is not as simple as it sounds.   As applications and operating systems get more powerful and complex, they open more possibilities for exploitation.  Spammers and hackers are finding new ways everyday to exploit these systems.  Your system administrators keep up with patches, but, often what fails isn’t the configuration, patch or security, it’s human nature.  All it takes is an errant click on the wrong link or downloading something from the wrong site and your systems can be infected with malware.

The best way to prevent blacklisting is to limit the risk of a malware infection through comprehensive email filtering and monitoring.  Now that botnets are also problematic, we also recommend security software that filters website URLs and DNS to offer additional protection.

Regardless of the software you choose, implementing a comprehensive email security solution is necessary to prevent blacklisting and ensure email deliverability.  Contact us for more information.

In the next installment of our series on Blacklists, I will discuss the steps you need to take to get off of blacklists.