Beware the E-mail Blacklist
You’ve sent an important business e-mail to a contact, but it never arrives. The person on the other end complains. Eventually, your message is found, trapped in the recipient’s spam filter. If this scenario sounds familiar, there’s a good chance your email server has been blacklisted.
E-mail software routinely uses blacklists as a first line of defense against the relentless onslaught of spam. Blacklists work by keeping track of the Internet protocol (IP) numbers of servers that have sent spam. Once your e-mail server’s IP number is on a list, any spam filter using that list will automatically block message from your server.
Server owners generally are not notified that they’ve been added to a blacklist. In fact, most small businesses only find out they’ve been blacklisted when they hear from their contacts that an expected e-mail either vanished or was stopped as spam, according to Peter Firstbrook, research director at Gartner. By that time, you’ve already got a serious problem.
An anti-blacklist strategy
You don’t have to wait until messages go missing before dealing with blacklist issues. What follows is a six-part strategy for staying off e-mail blacklists. Please note that this strategy assumes you host your own e-mail. If you use hosted e-mail, and the server gets blacklisted, there’s little you can do but complain to your provider and immediately start looking for a replacement. Assuming you do host your own e-mail, though, these steps should help you stay in the clear:
- Test your blacklist status. Begin by making sure your IP address isn’t already blacklisted. Sites like MXToolbox allow you to input your mail server’s IP number and will check it against the most commonly used blacklists.
- Don’t send unsolicited mass e-mails. Needless to say, the easiest way to ensure that your server will wind up blacklisted is to use it to send unwanted e-mails recipients may view as spam. A few such complaints can get your server blocked in a hurry -- so don’t do it. (For additional tips on keeping marketing e-mail out of spam filters, see this IncTechnology article.)
- Check your company for bot computers. The most common way a company’s server winds up blacklisted is because one or more of its computers has become part of a “botnet.” A botnet is a group of computers infected by malware that allows outsiders to use them for tasks such as sending out spam, usually without their owners’ knowledge. Botnets are a preferred method for spam distribution for the obvious reason that they prevent spam from being traced to its source. With increasing demand from a growing spam industry, botnets are becoming alarmingly widespread. “Most companies already have bots in their organizations,” Firstbrook says. “You’re best off if you assume you have a bot, and then go find it, rather than starting from the assumption that you don’t.”
- Observe strict security protocols. If you’ve managed to stay clear of botnets so far, your best chance of remaining that way is to keep your company as secure from malware as you can. That means not only running the standard suite of security applications -- anti-virus, intrusion prevention, anti-spyware, and anti-spam -- but also making sure patches and updates are deployed as quickly as possible. “The Microsoft Tuesday patch needs to be on all computers by Wednesday,” Firstbrook says. “And if the only browser you’re keeping up to date is Internet Explorer, then that should be the only one employees can use.” He also recommends preventing employees from surfing to certain dangerous sites.
- Block port 25 on every machine except your e-mail server. Port 25 is a generally agreed standard for most computers and servers use when sending e-mail to the Internet. A legitimate user within your company would not send out e-mail directly from his or her computer, but would use your e-mail software to route it through your company’s e-mail server. A bot, on the other hand, would send spam directly -- through port 25 -- to avoid detection. Blocking this port on all but your e-mail server won’t prevent you from having bot computers, but it will prevent those computers from sending out spam and landing your company on a blacklist.
- Be aware of your neighbors. Another way to get blacklisted through no fault of your own is if a server adjacent to yours on a network sends out spam. Many blacklists block not only the specific server that sent the spam, but also other servers with numbers with mostly matching digits. “Even as a security company, we got blacklisted once because we’d installed our servers in a data center, and one of the other servers there sent out spam,” notes Dirk Morris, founder and CTO of Untangle, an open-source gateway provider. The offender happened to be another server with a number near to Untangle’s. “Any time you rent Internet space, you have a neighbor, and you can be affected by what that neighbor does,” he says.
If you get blacklisted
What do you do if you find out you’re already on one or more blacklists? “If you are, it’s bad news,” Firstbrook says. “It’s not an easy problem to solve.” Each blacklist has a different procedure for requesting removal, so you’ll have to follow a different set of instructions for each list you’re on.
Or, you could just wait. “They usually expire after five days or so,” Morris says. “On the other hand, you can’t send anyone e-mail during those days.
Whatever you do, make sure you’ve actually identified and solved the problem that caused you to be blacklisted in the first place before you ask to be taken off the list. “You’d be surprised how many people skip this step,” Morris says. “When someone tells you you’re sending spam, the common reaction is ‘No, I’m not,’ instead of trying to find out if there’s a bot or other problem.”
That kind of thing can sour your relationship with the blacklist providers, and make it harder to get off the list in case of any future incidents, Firstbrook says. “Don’t say that you’ve cleaned things up and then let something happen that will put you back on the blacklist,” he says. “You don’t want to try their patience.”
SIDEBAR: Blacklist Testing Sites
Want to find out if you’re on any blacklists? These sites can tell you.
MXToolbox checks your IP address against 147 blacklists, and offers the option of sending a ping e-mail to its server -- a super-easy way to lean whether you’re on a blacklist or not.
Blacklistedip not only lets people know when they’re blacklisted, but helps track the issue that caused the blacklisting and assists with getting off the blacklist.
Repcheck constantly monitors some 200 blacklists and alerts you if you get blacklisted.
Need to get off blacklists? Here are three of the most popular, but there are many more.
MAPS, now part of Trend Micro, offers both information on whether you’re blacklisted, and also threat analysis.
SpamCop provides anti-spam software as well as its blacklist of spamming server IP addresses.
The Spamhaus Project is an international, non-profit effort to combat spam.