Why did my server get spam blacklisted?

One of the biggest recurring topics we cover on our blog is spam, so much so you’d think we love the stuff. To be clear: we really don’t. The reality is that as it affects so many of our clients, it’s a constant battle to deliver smooth and seamless email services. And sometimes, things don’t go as planned. Sometimes one of the servers within our email cluster is blacklisted, and a client will get in touch with us, asking “How did this happen, why didn’t you catch this?” It’s a fair question.

What is a spam blacklist?

At their most basic, blacklists are collections of servers known to send spam. Email providers can hook into these databases of known ne’er do wells to make their own user’s email experience better. More often than not that means an email provider will simply drop email if it’s seen to come from a blacklisted server. If the server you are using to send email out into the world is on a blacklist, chances are your email won’t be received by the sender. It will be gobbled up by the spam systems at the recipient’s side of things. You probably won’t even be informed of this.

How do servers end up on blacklists?

It’s exceptionally rare for the legitimate activities of one of our clients to result in them ending up on a blacklist. In virtually all cases spam is sent out as a result of a website being hacked. This might be a weak password on an SMTP service, or an insecure WordPress plugin. Either way the goal of the hacker is simple: to gain access to an SMTP server with a good reputation to send out their spam. And as that previously trusted server starts to send spam, its reputation tanks.

How we react to blacklisting

Clients often ask why we didn’t know about a server ending up on a blacklist. The fact is we do generally know about these items. We monitor two major blacklists (Spamcop and UCEProtect) in almost real time. If either of these blacklists include a 34SP.com server, we automatically start to respond. The most immediate response is to lower the priority of that server in our cluster of sending servers. It immediately drops to the bottom of the list of outgoing servers in order to mitigate how much more legitimate client email goes out through the affected server.

Your next question is likely, “Why don’t we fully disable servers as soon as we see them on a blacklist?”. It’s a smart question, and one with two main answers:

1) There’s a very small chance that every server in the cluster becomes listed. It’s exceptionally rare for this to happen, but automated disabling of servers could mean no available servers to send email out into the world.

2) More important is the concept of IP reputation. If a server is blocked and not sending any email for a certain amount of time its IP reputation could be completely erased. This is even worse than being on a blacklist. Many email providers check IP reputation as an additional spam check and will drop any email from a non ranked IP address.

Typically it takes up to three days to work with a blacklist to remove a server – which we do as soon as we see a server listed. In contrast, ranking up a new IP addresses reputation can take a week or more.

How we deliver outbound email

We operate a cluster of many SMTP servers. When you send email out onto the Internet, we make a quick calculation on what we feel would be quickest server in our cluster to deliver your email. This is based on the server queue length (how many emails are pending delivery on each server) and the IP reputation; there’s also some additional weighting applied to the calculation based on possible blacklists, too.

The chances of being listed on a blacklist are very small of course, and mostly, our clients are not affected by these events. If you’d like more info or support on this item though, just drop us a line to support@34sp.com.

Comments