Foundations of Email Deliverability III – Blacklists

Third of four posts in the email deliverability series.

Is your email server, IP address, or domain on a blacklist?

There are several sites on the internet where you can check to see if your domain or IP address is on a blacklist. However, the first thing you need to know is that there are three types of blacklists:

  1. Public:
    • Can be directly checked (see below).
  2. Enterprise SPAM Firewalls:
    • Subset of Public blacklists that are used by corporate IT departments.
    • Include Microsoft, Barracuda, McAfee, etc.
  3. Private/ISP blacklists
    • Internal, from services like Gmail, Outlook, Yahoo.
    • Monitor email tracking reports to see if you’re receiving blocked bounces.
    • If you’re not on a public blacklist but you’re seeing blocked bounces, chances are that you’re on an organization’s private blacklist.

To check if your domain or IP address is on a public blacklist, here is a list of sites I’ve found most useful over the years:

    • This site allows you to set up a free monitor for several domains and IP addresses and it will alert you to status changes. Currently the free plan requires you to log in at least once every thirty days but you have the option to pay a nominal fee to remove that requirement. Either way it’s been a great tool.
    • This site does far more than just blacklist checking. I use it to validate all kinds of DNS entries for my domains and subdomains as well. Super Tool, indeed.

Getting removed from a blacklist can be a challenge. Often, you’ll be removed automatically after a period of time considering the original behavior that got you blacklisted has been resolved. Other times you’ll be required to contact the blacklist provider and each will have a process for removal. Sometimes there are fees to expedite the removal process, but not always.

The single best thing that helped prevent our domain from getting blacklisted in recent years is the implementation of multi-factor authentication on all our user email accounts and marketing ESP. Previously, our users were getting phished and then their accounts would be used to send loads of spam.

Since implementing MFA and launching an education program that raised awareness among our users about phishing, we’ve successfully reduced compromised accounts and the resulting blacklisting to nearly zero. As the saying goes, “An ounce of prevention is worth a pound of cure.”

Setting up a transactional IP address for email sends is also a recommended best practice. That way, even if you find your primary marketing/commercial IP address on a list, you can still get your important transactional messages through.

The governing body M3AAWG has some key details and recommendations for email deliverability that they published in October 2019. It’s definitely worth a read.

Next up: checking the deliverability of your messages, collecting the information, and resolving issues.

%d bloggers like this: