Understanding Mail Server Blacklists

One of the most common support issues we see is a client complaining that they have sent an email message to someone only to have it bounce back with a message saying "your mail server is on a Blacklist."

Typically this happens with large ISP's such as AOL and Comcast, but also with smaller ISP's that subscribe to "remote blacklist" (RBL) services, such as spamcop.net and others.

Naturally, since the "blacklisted" mail server belongs to us as the web host, the finger is pointed our way to correct the problem. However, that is not always something that is within our control for many reasons as outlined below.

How Mail Servers Become "Blacklisted"

The first thing to understand is that, unless you have a dedicated server, you are sharing a mail server with hundreds of other customers who are all sending out email. Although we do not allow spammers on our system and have strict policies prohibiting it, spam can still be sent out on occasion under either of the following scenarios:

1. A legitimate customer who has paid for the service sends out email and someone on the recipient list complains to their ISP or a service such as Spamcop that they have been spammed. Whether or not it was actually unsolicited email or not, the complaint alone is often enough for the mail server IP to wind up on a blacklist.
   
2. A customer uploads a php or perl script to the server that is outdated or simply not secure. The script gets exploited from the outside by a spammer who uses the security hole in the user's script to send out spam using remotely executed scripts. Recipients then complain about getting spammed and the mail server IP winds up on a blacklist.
   
3. Someone signs up for an online newsletter or mailing list from a legitimate business (hosted on our servers) and then a few weeks later they forget they did that. The business sends out the newsletter as requested but the recipient reports it as spam to their ISP.

Although there is no way for us to prevent the above 3 scenarios (short of shutting off SMTP service altogether), it is usually possible to track these types of issues down and stop them if they happen. Fortunately, most IP blacklistings are temporary and usually lifted within 72 hours as long as there are no other incidents. But the problem is these scenarios can be repeated over and over due to having so many different customers on a shared server.

A fourth scenario is also something that is out of our control and does not involve spam coming from the server whatsoever, but nevertheless, it can result in repeated blacklisting. This scenario is called "self-reporting" and is caused by people using mail forwards:

4. In a "self reporting" situation, a customer that has a pop mailbox under a given domain sets a mail forward in the mail manager to forward all mail to from that pop box to an outside address (usually their  ISP account such as Comcast, AOL, etc). Spam messages then come in to the pop mailbox and get forwarded to the customer's local ISP account. The customer complains to Comcast or AOL about their spam. The ISP sees the mail was forwarded by our mail server (because the customer set it up that way), and our mail server gets unjustly blamed for sending spam. This is called "self reporting," and believe it or not, this happens all the time

It should be obvious from the above that the reason our mail servers (or those of any host) can wind up on "blacklists" is due to end user customer issues that are outside of our control, and not because we have open relays, security holes, or any lack of filtering on our systems whatsoever.

What You Can Do About It

If you have had repeated difficulty sending mail to certain ISP's due to this issue, there are 3 ways to solve it:

1. Simply change your outgoing mail server in Outlook (or whatever email software you use) to your local ISP's smtp server instead of your domain's. You do not need to change your "reply to" address, only the outgoing mail server (usually found under the "Tools" option of your email client). Making this change will make no difference to the people you correspond with whatsoever and it does not require any change to your email address. Please contact your ISP if you are unsure of this setting.
   
2. You can get a dedicated server for your business. If you have your own server then you never run the risk of your mail being blacklisted due to "self reporting" or the activities of other people like with a shared mail server. If you would like a quote on a dedicated server please contact us.
   
3. Signup for our Reflexion managed anti-spam service. When you have this service, you can use the Reflexion gateway server as your SMTP server rather than the shared mail servers. Although it's possible this server could also become blacklisted, the likelihood is far lower because there are far fewer users on these special gateway servers.

Finally, keep in mind that as a web host, the services we are providing you are primarily web, email, and application hosting, not SMTP service. Using your domain name for SMTP is by no means required. In fact, some ISP's prevent you from using an outside SMTP service altogether.

If blacklisting has been a recurring problem for you, the simplest solution is item #1 above -- simply change your outgoing mail server in your Email software to your local ISP's SMTP server.

Please feel free to contact us for further assistance or advice on this issue.