September 19, 2018

Deliverability 101: Your guide to blacklists.

**Update 9/19: This blog is not a comprehensive collection of blacklists, nor will it absolutely align with your email programs’ view on any particular list. Email is a fickle but beautiful beast, and your personal goals, practices, and audiences will likely impact your view on which lists are meaningful to you. As always, please contact us with questions or if you’d like additional help in understanding blacklists’ impact on your reputation.**

Let’s start with some numbers: Nearly 85% of email sent today is spam. The most effective way for receivers to filter spam was to create lists of unique identifiers within an email. Back in the days of N*SYNC and Internet 1.0, anyone could send email to anyone on the internet without worrying about getting blocked. Around 2003, about 30% of email sent was spam. This prompted many of the receiving servers to create lists of known spamming domains and IPs (the whole of which is generally called the DNSBL, or DNS Blacklist) to combat spam which came to be known as “blacklists.”

What do these lists contain?

There are quite a few blacklists in the wild, but the bigger ones usually contain all or some of these lists—open relays, compromised hosts or zombies and botnets, dial-up IPs (which are not authorized to relay mail), proxy servers, and user-based spam feedback. A few providers also use email signatures and digital fingerprinting technology to create blacklists.

How do I get blacklisted?

Most email clients have a mechanism to provide feedback to their mailbox provider (MBP) by marking mail as spam or junk, which the MBP then uses to create custom lists for their user base. The other common way to collect spamming domains and IPs is via feedback through spam traps. This has been a tried and tested method for blacklist providers to reduce false positives.

Are all blacklists equal?

No. As mentioned earlier, there are quite a few active blacklists, but getting blocked by some may not result in decreased delivery of mail. The bigger MBPs like Gmail, Microsoft, and Oath have custom blacklists they built over the years via user feedback. The other major blacklist most MBPs rely on is Spamhaus.

Spamhaus is a not-for-profit organization run by an international team of spam researchers. Spamhaus developed several different types of block lists, like non-mailing policy blocks, bot traffic, exploited or compromised hosts, commercial spam sources by IP or domain, and the Registry of Known Spam Operations (ROKSO). A block at Spamhaus would result in a substantial drop in email delivery. The other major blacklists you should really be monitoring are Barracuda, Cloudmark, SORBS, and SURBL.

How do I resolve a blacklisting?

All blacklists have different processes to scrub you from the list, but all of them do require you take care of the underlying issue causing the block in the first place. This could usually be the use of a bad mailing list, an old list you inadvertently used, or a compromised server/user sending unsolicited mail at your end. The bigger MBPs have a Feedback Loop (FBL) mechanism in place and would ask you to sign up and monitor the reports before considering a removal. We highly recommend you use FBLs and bounce codes effectively to resolve your blacklisting.

How can I avoid being blacklisted?

Due to the sheer volume of blacklist operators, it is inevitable you’ll be blocked at one of them. However, it would be prudent to ensure you are not blocked at the bigger operators like Spamhaus or Barracuda. Here are a few tips to keep yourself away from blacklists:

  • Send only to an updated and engaged mailing list.
  • Remove inactive users at regular intervals.
  • Have confirmed double opt-in mailing list collection practices.
  • Most of the blacklist operators are expanding their domain-based blacklist, so we recommend you avoid using free, public URL shorteners and fancier new top-level domains like .bid, .men etc.
  • Monitor your spam trap hits. Psst—we’re good at that.

Overall, our best advice is to be a good sender. Stay with us for more tips and explanations, and if you follow those best practices, you’ll need to worry about blacklists much less.

Author: Sridhar Chandran

Sridhar (Sri) is a self-confessed #spambuster, having spent over a decade at AOL part of the Postmaster team. He is a Solutions Architect at 250ok trying to bridge the gap between senders and receivers by building the next generation suite of products.

You may also like...

The Year in Email 2019

It’s hard to believe we are nearing the end of yet another exciting year in email, and 2019 proved to be one of the most momentous and active years to date. Over the past year, the number of new technologies, mergers and acquisitions, mailbox provider (MBP) announcements, news, and highlights is evidence of the versatility […]

[Infographic] Global Privacy Relationship Status: It’s Complicated

I recently gave a presentation on global privacy regulations to a post-graduate marketing class and one of the things I noticed while preparing was that even within a single country, privacy is complicated. On a global scale, it is really complicated. For example, Canada has one federal private sector privacy law, three similar provincial laws, […]

The Year in Email 2018

*Update: This article was featured on email influencer Jordie van Rijn’s emailmonday blog! To see it in action, plus a great round-up of other articles and thought leadership looking forward to the future of email, click here.* The Black Friday emails are deleted, marketers’ email lists are checked twice, we pretty much know which senders […]

Ready to get started?