It’s time we had a talk about email blacklisting.

Written by Tyler Jacobson on September 30, 2013

We know that email blacklisting drives you crazy. Let’s get down to brass tacks and clarify this situation as much as possible. It does us no favors if you, as a customer who relies on the functionality of our services, believe that this is happening or continuing due to neglectful behavior on our part. That only causes further frustration for you and takes away from the perceived value of our services.

Alright…. (stretches neck – shakes arms) Let’s do this! (Also, if you have further questions, please feel free to comment on this post and we’ll do our best to leave no questions unanswered.)

Why is the server I’m on blacklisted?

The simple answer is – The blacklist operator believes the server was sending spam. Sometimes they are right. Sometimes they are wrong.

In some cases,….

…The server is actively sending spam through an exploited email account or website.

The thing that most end users miss is that the problem with hacked sites and email accounts (which results in spam being sent through the server) is getting worse. It’s getting worse for every single hosting provider on earth, not just us. Sites are far more complicated these days than they were previously (19 percent of all sites run on WordPress – which is also the biggest target for malicious hackers). This means that they are more susceptible to being used maliciously. This means that any mail server is far more likely to end up on a blacklist. This is not an isolated problem. It’s a problem shared by every email host and their customers. 

There are several measures (1) you can take (2) to do your part and keep your site (and our server) protected from hackers.

The server was sending spam days ago, the problem was resolved, and for some reason, it has just now been blacklisted.

We suspect this is because people check their email (or report spam) infrequently and complain about spam that may have been sent days earlier. The blacklist technology should be smart enough to pick up on this – but that’s not always the case.

The final reason a server may be blacklisted is that….

…There is no good reason that the server is being blacklisted.

Would you believe that there are blacklists out there who misunderstand their own service and mail flow so deeply that even with direct and verifiable proof that spam is not originating from our server, they will still keep a clean server blacklisted? Believe it. It’s true.

Here’s how we attempt to fix the blacklisting problem.

Firstly, it’s important that you know how seriously we take this. The blacklisting issue costs us a lot of money where tech support, prevention and mitigation are concerned. It’s in our best interest for our servers to never end up on blacklists.

When we are alerted of one of our servers landing on a blacklist, the very first step we take is to verify whether or not spam is actively leaving the server. We monitor spam complaints against our servers from a number of service providers (including AOL, Comcast, and RoadRunner), so we are generally already in the loop if malicious spamming is occurring. Nevertheless, we do deep investigation to determine if the blacklisting is justified.

When we do find spam actively leaving the server, we pinpoint the email address (or exploited site) sending the spam and immediately prevent their ability to send messages. We then run a security scan to identify the point of exploit and any malicious content on the site. (If malicious content is found, this is generally very bad news for the owner of the exploited account, as we have to take dramatic action.)

Once we have verified that spam is no longer leaving the server and that any security issues have been eliminated, we then request removal from the blacklist from the company that owns the blacklist.

This is the most we can do. We cannot require any blacklist to remove us. We do not have a way of bypassing a blacklist check. We (you and MacHighway) are stuck having messages to that recipient address bounceback until the blacklist chooses to remove the server from their list. This is true if the listing justified and it’s true if the listing wasn’t justified. We are subject to the technical saavy, cooperation and good faith of the blacklist owner. Most of the time, they are reasonable and communicative – sometimes they are unreasonable and uncooperative – either way, the ball is squarely in their court.

So, the part above where I say that we request removal from the blacklist – that’s not always true. Here’s why: Some blacklists do not provide any instruction for getting removed from their blacklist. It’s irresponsible and destructive on their part and, unfortunately, we have to bear the brunt of their negligent policies. When this is the case, we ask that you please find other means of contacting your recipient and inform them that we have no way of requesting removal from the blacklist they use. The recipient will want to contact their mail admin and inform them of this issue.

Hopefully, I’ve illustrated the shared frustration we all have and I’ve also given you some confidence that this is an issue we work very hard to resolve once it comes up. Blacklists are generally meant to fight the good fight, but it doesn’t make the hiccup in productivity suck any less. We feel it, too. We want your experience with MacHighway to be problem free.