How much should I be concerned about this e-mail domain blacklist
September 24, 2021 4:59 AM   Subscribe

Hoping to make sure that my business e-mails do not go into clients' spam, I have become obsessed with my score on Mail Genius. It claims my domain appears on one of several blacklists. How seriously should I take all of this?

Is this something I should spend time worrying about fixing, or is this a racket like the Internet reputation industry?

This service is the one that has supposedly flagged my custom .co.uk domain as a bad actor. My setup is that I manage my e-mail in Gmail, but not in a GSuite -- I send it through a Dreamhost SMTP hosted under that custom domain. MailGenius is also claiming I am missing a DMARC record, which as I understand involves setting up something called a DKIM. It is making me wonder if I am better off just using vanilla Gmail, which scores much higher on MailGenius.

Any advice or experiences with these things?
posted by johngoren to Technology (7 answers total) 2 users marked this as a favorite
 
Response by poster: p.s. After a bit more research it looks like the ban is not directed at my domain specifically but huge chunks of Dreamhost.
posted by johngoren at 5:11 AM on September 24, 2021


It is unsurprising to me that Dreamhost’s IPs would have a poor email reputation. If you are serious about getting your email delivered, I don’t recommend sending through a random web hosting provider’s smtp server. Use something that focuses on and specializes in email.
posted by primethyme at 6:26 AM on September 24, 2021 [2 favorites]


Best answer: If you're missing DMARC and/or DKIM, there's literally nothing stopping people from spoofing your domain and perfectly sending spam in your name. I imagine that's happening to most DIY people, dragging down the reputation.

I use Dreamhost for domains, myself, redirected to an email provider elsewhere. When I switched from using my domain with Google suite to another provider, all my pwned addresses lit up and started sending extortion emails to themselves (and others?) from foreign IPs.

My new, new provider had a little check/wizard that gave me the correct domain settings for Dreamhost. That closed the gate again. Thanks to DKIM, only someone actually using a web client, and therefore the right IP, is allowed to send. I still get DMARC status emails of people trying and getting rejected (and confirmation of me trying and succeeding.)
posted by Snijglau at 7:18 AM on September 24, 2021


Best answer: From a quick reading, DMARC is a superset of DKIM and SPF protocols that authenticates email, by adding a feedback mechanism, so the email senders are aware of they are being spoofed, as well as specify "if you see someone spoofing us, just /dev/null it" or some other action as specified.

Authenticate here means "did this email really came from the domain it claims to have come from?" by adding a public key cryptography signature to email sent from that domain. Recipient can then query the alleged sender "did you send this?" (by checking the signature with the sender's public key).

All this happen in the background before any human actually sees the email in question.

The actual details are explained at DMARC.org's Wiki.

I find many "checklists" or "tools" for these includes extraneous details that few servers ever check, just so they can claim to be "the most comprehensive".

I say just implement DMARC should be good enough.
posted by kschang at 10:21 AM on September 24, 2021


Best answer: In my experience UCEProtect is the most prone to false positives, it is quite fond of flagging entire IP blocks. if it's the only blacklist you are on, you are likely doing pretty well.

I would not do vanilla Gmail but I do find that Google Apps emails tend to do decently out of the box. Since you're not doing large scale mass-emailing, moving to Google Apps and ensuring your SPF/DKIM configuration are correct should be sufficient.
posted by Hollywood Upstairs Medical College at 10:57 PM on September 24, 2021


Response by poster: Following the advice here, I switched my MX over to Google Workplace -- and my MailGenius score got worse! I assumed Google would have a better DMARC/DKIM setup than Dreamhost, but so far it's still eliciting complaints. Of course, part of the problem is that the domain is still a Dreamhost domain, blacklisted by this one singular, weird blacklist -- which charges money for whitelisting.

FWIW, I tried having a friend who works at a prestigious British institution send mail from their work inbox. MailGenius continued to complain about that entity's DMARC being set up poorly.
posted by johngoren at 4:42 AM on September 25, 2021


Response by poster: I think i'll just try and smooth out my DMARC/DKIM over at my old webhost...
posted by johngoren at 4:57 AM on September 25, 2021


« Older Vax * 2 + COPD + COVID + 76 =   |   How can someone get both negative and positive PCR... Newer »
This thread is closed to new comments.