Blacklists were developed as a way to mark IP addresses used to send spam, IP addresses at risk of sending spam due to poor configuration or domains used in spam emails. Blacklists would be consulted by an inbox owner when making email delivery decisions and should not be used to modify web traffic.
The Arms Race
Early on spammers could set up an email server on any network and send unsolicited email to whatever email addresses they could scrape off the Internet. Inbox Providers and other Companies then set up lists of IP addresses that were sending spam and shared them with each other – the first blocklist/blacklists came from these casually developed lists. Eventually, blacklist providers emerged as a profitable business model and even developed traps to harvest the IP addresses of spammers without impacting actual users. Blacklists became highly useful to block malicious email from a single email-sending IP address or small network.
Spammers could see the inevitable downturn in their scams and quickly changed IP addresses to resume sending spam. Blacklists detected the new spam IP address, listed it and Inbox Providers blocked email from it. This cycle continued. Some Blacklists started listing entire networks and Internet Service Providers to stop them facilitating spam. The downside is that legitimate senders can get caught in this cycle, but often have trouble changing IP addresses. Delisting is available but sometimes time-consuming which delays or degrades regular business operations.
Legitimate Email Marketing Can Be Blocked
Email marketing became a necessity to get a business growing on the Internet. Setting up a mail server, maintaining it and keeping it off of a blacklist with any sort of email volume was difficult for smaller businesses. Large companies could easily afford a big pool of IP addresses and several mail servers to shift load around. Entrepreneurs stepped in and created email marketing/email blasting companies to fill the gap. Email marketing firms took on the risk of blacklisting and the responsibility of moving the load around, as well as getting the IP addresses delisted in a timely manner. But, which emailers were legitimate and which were spammers? SPF, Sender Policy Framework, allowed businesses to designate an email marketing company as a legitimate partner.
New Technologies Emerge
Inbox Providers then changed the game, scanning for SPF to ensure legitimate outsourcing. Most companies will not process an email if it does not pass SPF Authentication or SPF Alignment. The next step was checking digital signatures using DKIM and tying it all together with DMARC. This created a big bar to jump for many spammers, but also businesses. An email needs to pass SPF or DKIM checks to be DMARC compliant and a sender needs to actively manage email configurations to get an email delivered. A comprehensive email delivery tool like MxToolbox Delivery Center has become a necessity for understanding DMARC reports, managing configurations and maintaining good email delivery.
Spammers are beginning to adapt by hacking legitimate business email accounts or adopting SPF, DKIM and DMARC for their look-alike spam domains. Unfortunately, small businesses are still lagging behind and their email delivery is suffering. SPF, DKIM and DMARC have become the minimum for good email delivery,
So, are Blacklists Still Relevant?
Blacklists are less important than they were in the past. You should think of email security as layers on an onion:
- Blacklists
- SPF
- DKIM
- DMARC
- Internal Filters
- Relevance Filters
If being on a blacklist is affecting your business, your email isn’t even making the first layer of security and you’ve failed to take advantage of all the tools you have available to manage your email deliverability. Being blacklisted is like a heart attack, it’s a sign that you need to rethink everything, change your email practices and adapt to the new technology landscape.
Ultimately, blacklists may only be useful for on-premise email hosts and will lose some relevance, especially for Inbox Providers like Google, Yahoo! and Office365. Blacklists are brute-force and can eliminate legitimate, relevant email when blocking spam. There are many more layers to jump through before you get to the Inbox that are easier for Inbox Providers to maintain and more effective at blocking undesired email and passing legitimate useful communications. All businesses need to adopt the current email best practices: 3rd party email senders, setting up SPF, DKIM, DMARC, leveraging DMARC Reporting, etc.
How can MxToolbox help?
Get started with Inbox Placement! Your goal is to get to the Inbox, so start there. We’ll analyze your email configuration and content to give you clear reasons why your campaigns aren’t making it and make recommendations to help you get there. MxToolbox Delivery Center also provides deep insight into DMARC, SPF and DKIM configurations and allows you to obtain feedback on recipient complaints, DMARC reports and emerging email threats. Get comprehensive insight into your email delivery with Delivery Center.