Preventing our outgoing email from being blacklisted because of our ISP?
May 16, 2018 7:41 AM   Subscribe

The outgoing email we are sending to a particular client is getting blocked by their IT department - their IT people shared a log showing the messages has not been delivered. The stated reason for the blockage is that the outgoing SMTP server used by our ISP (1&1 in our case) is being blacklisted by one of the filters used by our client. It seems to be this is a generic problem affecting all users of this particular SMTP server; 1&1 have been useless at responding to our requests they address the issue (their advice is to us to request that our client organisation whitelist their server - which the client IT people are reluctant to do).

Can people recommend a way for avoiding being blacklisted by this type of mechanism? Our outgoing email is modest volume and is targetted to named addresses rather than being bulk. We're happy to try configuring our own SMTP server - if that would be effective - or to pay for an alternative service which we would have a reasonable idea to be reliable. Suggestions welcome.
posted by rongorongo to Computers & Internet (8 answers total)
 
This is the downside to having your mail hosted by a 'shared' server. Sure, it's cheaper, but if enough people think your server's IP is sending spam, they blacklist the IP. This affects every domain that sends mail from that IP (which could be dozens to hundreds of domains.)

Things you can do: See if 1&1 will offer you a dedicated IP for your mail. Alternatively, switch providers (I moved clients to GSuite for this exact reason). Make sure you have an SPF record in your DNS that describes which server to expect mail from your domain name to come from.
posted by Wild_Eep at 7:51 AM on May 16 [2 favorites]


If it's blocked because of your sending smart host, the best option is 1) complain to your ISP - they'll work to get off the blacklist. I usually manage to keep our systems off of blacklists, and most will be able to be fixed in under an hour - maybe give another for outside DNS to clear (rbl lookups are done via dns). I.E. then you can resend in a few hours.

Alternately, their IT department should be able to whitelist an IP. However, I think that 1&1 has more than just one /24 that your emails might come from so they might be understandably reluctant (however if they're IT and their job is to recieve business emails, they should make exceptions).

If they absolutely need the email, and you don't trust your ISP nor their IT department, then send it via gmail. In cases where a 3rd party setup their email server in a way that gets their messages blocked (no PTR records, advertised name not matching, blacklists, etc), this often gets reported to me after someone used a gmail account to mail the originally intended recipient that their messages were blocked.

If you're looking to just avoid this in the future, then you need to either 1) get a more reputable mail server. You will likely have to pay for this. There's many options (most popular appear to be google or office365). Or 2) run your own mail server.

Don't do 2) . I get stuck dealing with people who are trying to do 2) all the time, think they can do 5 minutes of setup and everythning will work perfectly forever. Usually they have a first week of finding out their blacklisted, and their ISP won't give them a PTR record unless they buy a business static. Then they get reported by some "well targeted" emails that weren't, and suddenly all of the small companies that pay to host on exchange/office365 won't receive any of your emails because too many were reported as spam. Pay a 3rd party to handle your email domain, and make sure that you setup all email clients to use them for outbound smtp as well.
posted by nobeagle at 7:54 AM on May 16 [3 favorites]


If the SMTP server got blacklisted by this client, it will likely get blacklisted by other people as well. Your client isn't creating their own blacklist, they're using a spam filtering tool that subscribes to blacklists put together by others. So getting your client to whitelist the site isn't a reliable solution for getting your e-mail working.

1&1 needs to address this for you, and if they can't you'll need to find another way to send e-mail. That could be something like using Gmail, or it could moving your e-mail over to another commercial service like Fastmail. (Fastmail does a very thorough job of helping their clients configure their e-mail systems to avoid things like blacklists and spam filters. They're not free. You pay, but you get value and good customer care for that money.)
posted by Winnie the Proust at 8:06 AM on May 16 [3 favorites]


Just move your email over to Google mail - it's what every business I know does. We work with a company that runs multiple UK data centres, and even they use Google mail rather than host it themselves. It'll cost about £3 per user per month, I think.
posted by pipeski at 8:06 AM on May 16 [2 favorites]


It's still possible to wrangle filtering/smarthost service (basically what Postini did before they were borged) out of Google for about half what actual Gsuite costs. Set up properly, they deal with 99% of the hassle of having your own mail server and you get the benefit of not having to deal with their size limits or whatever. It's still per-user priced, though.
posted by wierdo at 8:14 AM on May 16 [1 favorite]


Just move your email over to Google mail - it's what every business I know does. We work with a company that runs multiple UK data centres, and even they use Google mail rather than host it themselves. It'll cost about £3 per user per month, I think.
Seconded. Doesn't have to be Google although they're a good option. Microsoft, Rackspace, Fastmail and others also offer reputable email services for businesses and it's much more efficient to pay someone else to deal with this stuff than run your own mail server. Running a mail server is a massive pain even for experienced sysadmins.

Dump 1&1 - they are well known in Europe for a questionable level of service and sharp financial practices.
posted by winterhill at 10:13 AM on May 16 [2 favorites]


Came in to say the same thing as Winnie the Proust - black lists are automated, if your email is getting blocked by your client, it is certainly getting blocked for lots of other recipients and you just aren't aware. Staying off of blacklists is just tables stakes for running email in 2018; if your ISP hasn't already gotten you cleared off the blacklist, then my assumption is that you are buying some lower tier of service where they haven't priced that in. You could do a quick check by going out to mxtoolbox.com, putting in your domain, and choosing "blacklist check" from the pulldown button. You'll see your domain checked against a hundred blacklists, with either a green checkmark or a red x next to each one. What you want to see is 100 green checkmarks. If there is just one or maybe two red x's, then this is probably something easily fixed. If you see more than that, then it is probably an indication that your ISP doesn't even worry about keeping that server off of the lists. Getting cleared from a list can be as simple as filling out an online form explaining what you did to resolve the problem, but if one of the other users of this shared service has a malware infection that is sending spam or is otherwise a bad actor, you'll just be right back on the list again.
posted by kovacs at 5:45 PM on May 16 [1 favorite]


Many thanks for your responses. There seems to be clear consensus that running our own email server is not a good idea - and that there are several alternative providers who would give us a better solution (and - fairly painless migration - I would hope). I have previously tried using mxtoolbox.com to monitor the blacklist status of our outgoing service. It seems to be good at identifying a server is blacklisted - but not so great at showing how long historic blacklisting lasted for or how often it has happened. For our part, it comes down to the practical question "Can we send email to client X using our current ISP and be confident that it will get there?" The current answer is "No" - because whether the blacklist blocking is short term or long term - it disrupts email sufficiently often.
posted by rongorongo at 2:13 AM on May 17


« Older Chance the Rapper '3' font?   |   save and close yahoo Newer »

You are not logged in, either login or create an account to post comments