(Links) How do I know if I’m on a SPAM Blacklist?

Discussion in 'Mail Chat' started by MF-Newsbot, Apr 15, 2013.

  1. MF-Newsbot

    MF-Newsbot VIP

    Apr 15, 2013
    Likes Received:
    Trophy Points:
    How do I know if I’m on a SPAM Blacklist?

    We often get the question: "How do I know if my company is on a SPAM Blacklist?" Followed by "If my company is on a SPAM blacklist, how the heck do we get unlisted?

    There are over a hundred SPAM blacklists – private corporate spam firewall and private blacklists, but luckily there are a few tools that can help you check most of them quickly. We've included here a handy reference with the sites that you can use to check your blacklist status. We've also highlighted several of the more prominent SPAM blacklists.

    First and foremost – we'll stress that our series on checking and removing your email servers from a blacklist assumes that you're not spamming or at a minimum – you've first taken appropriate corrective steps to clean up your email list and sending practices.

    What you need to know to check Blacklist status

    Most SPAM blacklists track the reputation of the email servers that are being used to send outgoing email for your domain. So to get started – if your company uses its own servers to send email campaigns, you'll need to know the IP address(es) of the email servers sending emails for your company. If you use an SMTP email service like Sendgrid, or if you use a shared email server form a hosting provider like GoDaddy, then you'll need to know the IP addresses of their servers or specifically – what IP addresses are being used for your company's email. Finally – if you are sending through a top Email Service Provider like Pinpointe, you can probably rest assured that the IP address are likely to be 'clean' – but nontheless the tips here all still apply with respect to checking if your email server is blacklisted.

    How Blacklists Monitor Reputation

    Several SPAM blacklists monitor the sending reputation of more than just the email server IP address. They also track senders reputation by sending domain, and /or by DKIM identity, and virtually all blacklists now share reputation information among themselves in near real-time.

    If you'd like to learn the inner details about how a SPAM firewall works including what spam filters actually check in order to determine yoru sender's reputation (and whether you're email will get to the inbox), check our webinar – "How a SPAM Firewall Works".

    Different Types of Blacklists

    I'll break these down into 3 general types of blacklists:

    Public Blacklists. These are blacklists that are publicly available and can be directly checked. Several blacklist checking tools are available to quickly scan the top 100 or so publicly visible blacklists

    Enterprise SPAM Firewalls. These are really a subset of the above – the real-time, network-distributed blacklists that ar maintained by SPAM firewalls used primaily by Corporate IT departments. These include Barracuda, Cisco's Ironport, McAffee and more. We've included a table below with a list of Enterprise SPAM firewalls with the links you to their sites so you can check if your IP (or domain) is on their blacklist.

    Private / ISP Blacklists. Most major ISPs maintain their own internal blacklists. In some cases you can query them; in others, you can't. For example, Gmail Hotmail (now Outlook.com) and Yahoo maintain their own internal blacklists within their spam filtering technology. You can't directly querry either of these lists (they both have feedback loops for high volume senders and ESP's – but that's a different topic). In order to determine if you're blocked – you'll have to monitor your email server logs.

    Checking Public Blacklists

    There are over 120 notable public blacklists. A handful are serious and can cause a dramatic fall off in your delivery. Most of the rest will impact delivery over a much smaller scope. Here are 3 sites where you can check the important (and some not so important) public blacklists if you know your servers IP address(es). NOTE: – these are blacklist check aggregators – don't send removal requests to them directly:

    multi.valli.org/lookup. This is one of our favorites because it's pretty comprehensive and checks 120+ blacklists.

    www.mxtoolbox.com/blacklists.aspx. MXToolbox is free. Enter the email service IP addresses and mxtoolbox checks about 46 blacklists.

    www.dnsstuff.com/tools. You can check your IP address and your domain here for free. DNSStuff also offers some pretty cool domain tools. You can check 97 blacklists. Includes other free DNS and network tools too.

    www.dnsbl.info. (Domain Name System Blacklist). Free service. Checks about 88 blacklists quickly.

    A Few blacklists deserve "special mention"

    Spamhaus.org.( www.spamhaus.org

    The big dog. Probably the most widely used non proprietary blacklist, SPAMHaus.org's mission is to rid the world of unsolicited commercial email ("UCE") by creating and monitoring a network of millions of 'spam honeypot' email addresses. These are email addresses that are expired, or that never were 'real' recipients that Spamhaus acquires from ISP's. They re-purpose expired domains and rumor has it - also plant addresses on various websites around Etherspace. Since these are not 'real people' – the addresses should never end up on an opt-in list, so if you send an email campaign and it ends up in one of Spamhaus' inboxes – clearly your list development practices are not cool. [Note: Some list vendors develop emails lists - albeit illegally - by scraping websites for email addresses. This is why you should never us these lists].

    Spamhaus then adds the sending email servers to their blacklists. Overall it's a pretty good system but not flawless in our experience. For example, if you are capturing registrant information from your website or from online events, an ill-willed smart-alec can enter a handful of bogus / honeypot address into your list. Your well intentioned campaign gets caught and viola – you are on Spamahaus' hit list. Solution: Always use double opt-in (most email services providers like Pinpointe provide mechanisms to enforce double opt-in when using their forms to collect subscribers).

    UCEProtect (http://www.uceprotect.net/en/rblcheck.php)

    UCE Protect deserves mention because its one of the few major SPAM blacklists where you can blacklisted because of something someone else did. UCEProtect monitors and tracks the SPAM reputation of individual email server IP addresses, and factors in the reputation of other servers in the same network as well as servers hosted by the same ISP. UCEProtect's 'guilt by association' approach means your servers can be blacklisted if your ISP hosts other systems that are caught for SPAMMing.

    Here's an example. Your company's servers are hosted with 'hosting-company.com' (we made that up just on case you weren't sure). Now, assume 'hosting-company.com' hosts hundreds of thousands of companies and has 30,000 IP's under management, including your one, lonely email server. One day, a SPAMMER who is a customer of 'hosting-company.com' sends a few email campaigns that are UCEPRotect flags as SPAM. UCEProtect flags the offending IP, but it also flags the adjacent IPs within the same network. If there are enough SPAM complaints from adjacent IPs, the complaints 'escalate' and can cause an entire network block or even an entire ISP's address block to be blacklisted.

    UCEProtect's logic (along with some very valid and convincing data) is that – ISPs who host one or two SPAMMERS probably host dozens or hundreds of spammers.

    SORBS. (http://www.sorbs.net.)

    Thankfully (in our opinion) SORBs is no longer as critical as it once was since they were acqured by Proofpoint. SORBs creates SPAMtraps or honeypots by recycling expired domains – just like Spamhaus. If you're maintaining good list hygeine and using proper optin practices – then SORBs does a great job catching spammers that buy lists or scrape addresses off of websites. In the past however – we caught them converting dead domains into spamtraps in a time window of less than 4 weeks. SORBs is checked by the sites mentioned in the first section.

    Uribl.com (www.uribl.com)

    URIBL uses 'SPAM honeypots' – just like Spamhaus.org and SORBs do. In most cases URIBL will age your domain off of their list if SPAM stops. If you're a repeat offender – don't expect them to be too cooperative until all (offending) traffic stops and you clear your domain with URIBL by confirming that the offending problem has been fixed.

    Microsoft Frontbridge (88.blacklist.zap – not a website)

    If you find your emails are getting blocked by recipients who are using Outlook, then you may want to review your MTA logs (email server logs) for references to 88.blacklist.zap. That's Microsoft's older generation internal Frontbridge SPAM filter service that is used to protect aanyone using Outlook, and who has their email configured to use Microsoft's spam filtering service (which is free). If you have stumbled onto Microsoft's blacklist Your email server log will include an entry such as "550 Service Unavailable; host [xx.xx.xx.xx] blocked using 88.blacklist.zap. Please forward this message to delist -at- messaging.microsoft.com. Response time is within 24 hours. Update – Although this is still used by some customers Microsoft's filters have been substantially updated. Here's how to get removed from Microsoft Exchange's blacklist.

    Corporate / Enterprise SPAM Firewalls and Blacklists

    Companies that make SPAM firewalls each maintain their own network of systems that share SPAM information. All of them track results based on IP address; several also track history based on URLS within emails, the sending domain and sending email addresses. The most common Enterprise SPAM firewall companies and their respective SPAM databases are summarized here:

    Vendor SPAM Database / Repository IP Links Domain

    Proofpoint: https://support.proofpoint.com/rbl-lookup.cgi YES NO NO
    Cisco / Ironport: http://www.senderbase.org YES NO YES
    Fortinet: http://www.fortiguardcenter.com/antispam/antispam.html YES YES YES
    Barracuda: http://www.barracudacentral.org/lookups/ip-reputation YES NO YES
    McAfee: http://www.trustedsource.org YES YES YES
    Symantec: http://www.symantec.com/business/security_response/landing/spam/index.jsp YES NO NO
    Trend Micro: http://www.mail-abuse.com/cgi-bin/lookup YES NO YES
    Watchguard : http://www.reputationauthority.org/lookup.php YES NO YES
    Sophos : http://www.sophos.com/en-us/threat-center/ip-lookup.aspx YES NO NO

  2. devlin

    devlin Banned

    May 21, 2014
    Likes Received:
    Trophy Points:
    It is a good post to check HOW DO I KNOW IF I***8217;M ON A SPAM BLACKLIST? These all are great tools to use for this purpose.

Share This Page