Email Blacklists - What they are and how to get removed

Are the email messages you send ending up in the recipients spam filter? Have you received several bounce-back messages informing you that your emails cannot be delivered?

These could be signs that your email server has been listed on one or more email blacklists. Unfortunately due to constant increases in spam network administrators are being forced to find new ways to fight it.

Subscribing to email blacklists is a very common method administrators are using to prevent spam from entering their network. After reading this hub you will have an understanding of how blacklists work and what it takes to get removed from them.

Email blacklists (aka RBL or DNSRBL) are lists maintained by third parties containing IP addresses that have been known to send spam.

Network administrators and internet service providers subscribe to these lists to decrease the amount of spam they receive.

When the email server of a blacklist subscriber receives a message the source IP address is checked against one or more blacklists. If the address is found on the blacklist the message is returned to the sender, sent to a spam filter, or sometimes simply deleted.

There are several organizations that maintain email blacklists. Here are some of the most popular ones.

• Spamhaus
• SORBS (Spam and Open Relay Blocking System)
• SPEWS (Spam Prevention Early Warning System)
• SpamCop

MXToolbox has some great tools on their site to automatically check if your IP address is listed on over a hundred backlists.

1. Run a MX Lookup to find the addresses of your mail servers. To do this type in your domain name (if your email address is jsmith@abc.com you would enter abc.com) and click MX Lookup.
2. Click the link following the mail server IP address that says 'Blacklist Check'. You'll need to repeat this step for each mail server if you have more than one. Alternatively you can go directly to the Blacklist Check and enter an individual IP address.
   

If everything comes up green then your mail server has not been blacklisted. If the address was found on any of the blacklists you will see a red circle with a status of 'LISTED'. The 'Reason' column will sometimes show a useful message but int most cases the message is fairly limited.

If you found that you were not on a blacklist but your're still having email problems you probably have some other issues effecting your email, the mail servers logs are the best place to start. I'll have to save that for another hub though.

If you are listed on a blacklist its important to understand the most common reasons this can happen. If you don't correct the root problem you'll end up getting blacklisted again. Being blacklisted does not necessarily mean someone sent spam from within your organization. Although if you are sending bulk commericial email be sure to know the rules.

Open Relay

The number one reason IP's end up being blacklisted is because they are acting as an open relay. Spammers run scans looking for mail servers that are not properly configured and exploit them by sending thousands of spam email message through them. To find out if your server is an open relay, run the MailRadar Open Relay Test. If one of your mail servers fails the relay test then you have probably found the culprit. Spamlinks has some resources on how to secure an open relay.

Virus Infections and Zombie Computers

If the computers on your network become infected with certain viruses they can become part of a botnet consisting of zombie computers. These botnets are often operated by spammers who utilize these zombie clients to sent huge amounts of spam. Computers often share a single public IP address so the recipients of the spam report your public IP and it ends up on a blacklist. Below are some things you can do to prevent this.

1. Install antivirus software on all computers in your network
2. Setup a spam trap
3. Configure firewalls to block tcp port 25 (SMTP) from all systems except your mail server
4. Secure your wireless network with encryption (WPA2 enterprise if you can)

Guilty by association

If you are using a shared mail server provided by an ISP someone else using that server may have sent spam causing the entire server to be blacklisted. If this happens you'll need to report the incident to your ISP and let them resolve the issue.

Sometimes an entire network range can get added to a blacklist if a large amount of spam is originating from it. If your IP address resided in this network range then you could be blacklisted because of someone sending spam on an nearby IP address. This can be difficult to resolve and requires working with your ISP and the blacklist operators.

Its easy to get on a blacklist but getting removed can take some time. The problem is blacklists are maintained be separate organizations each with their own procedure for removal. Furthermore some blacklists have a policy of not removing an IP from their list until a certain amount of time passes.

Instead of getting angry or upset at the blacklist operators the best thing you can do is be polite and follow their procedures the best you can. Most will be much more willing to work with you if you are respectful.

Here are the steps you'll need to follow

1. Resolve the root cause to prevent getting blacklisted again
2. Submit a request for removal to each blacklist you are on. The MX toolbox blacklist check will provide a link to the websites you need to visit.
3. Run a blacklist check on your IP address every few days to see if it is getting removed from the lists.
4. Follow up on the removal requests if necessary. Most blacklists offer an expected time frame for removal.

Some blacklists have overlapping coverage, for example you may see a message that says something like, "Your IP is listed in our blacklist because it is listed in X" (X could be SpamCop,CBL, etc). If you encounter this situation skip this list and request removal from the list they refer you to.

Note that each blacklist has its own procedure for removal. This process can take some time to complete but stick with it until you have followed the process for each list.

I hope this hub has provided you with a better understanding of how to navigate the world of email blacklists. With this knowledge you can prevent your servers from ever ending up on a blacklist.

Unfortunately I don't think we are going to see spam levels decreasing anytime in the near future. Feel free to comment if you have any thoughts or questions .