BLOG

Blocking specific domains

Multiple times in the last few days people have asked me the question “What do you think about blocking domains owned by anti-spam companies as a way to prevent blocklisting?” The question is not necessarily a bad one, and there are cases where blocking mail to specific domains is a good decision. Often, though, if a spam prevention program consists solely of avoiding sending email to people that may be able to cause delivery pain, there are deeper problems that should be addressed.
When I am asked about doing so, my first question is always “Why do you want to do this? What are you trying to accomplish?” Typically, the person asking the question will tell me they are attempting to prevent employees of anti-spam companies from getting mail that they will then report to the operations team as spam.
First, employees don’t always have the ability to get a specific sender blocked just because the sender spammed them. It’s not necessarily something senders should rely on, but often there are policies in place to prevent an employee from using the company to punish a “personal” spammer. And even when someone who can add a sender to their global blocking list receives spam, the listing still must comply with the corporate policies. In other words, just mailing someone “powerful” isn’t enough to result in a block. It may bring the sender to the attention of the company, but unless over all stats and show that the sender is a problem, a listing won’t happen.
Second, employees at companies do sometimes opt in to mail from commercial senders. In fact, I had one discussion with a anti-spam company about a client who was seeing intermittent delivery problems. I sent in the information about the client and the employee handling the case said “Oh, them! I signed up for mail from them. Yeah, they’re a good bunch and their stats are reasonable, they shouldn’t have any more problems.” And they didn’t.
Third, many of us who work in email, particularly those of us who have been around for a long time on the anti-spam side, have our own domains and use multiple email addresses. Just removing clearly identifiable anti-spam domains does not mean that a sender will never spam someone powerful or important. It is impossible to clean off all those email addresses from lists. We have many, many addresses, including ones at ISPs.
One extreme example is AOL.com. Every AOL employee has an AOL.com address and they are indistinguishable from the addresses used by AOL.com customers. But, if a sender spams an employee with access to the anti-spam system, and the stats are bad enough to justify a block, then that sender may see poor AOL delivery. But senders aren’t really going to block mail to all AOL.com addresses, just to avoid that scenario.
When is blocking emails to domains or a set of email addresses a good idea?

  • When a domain is on the FCC wireless list
  • When the domain owner has asked you to stop mailing all addresses at their domain
  • When the domain is owned by a serial litigant
  • When a domain is owned by someone who consumes more customer support / abuse desk time than their domain is worth
  • When the address is one that is frequently forged into webform (me@everyone.net, none@none.com, etc)

In the first four cases, blocking the mail to the domain is a reasonable solution. In the final case, these addresses should not be mailed BUT should act as sentinel addresses to trigger a deeper investigation into address sources. Specifically, what is happening during the signup process that is enabling or encouraging people to put in addresses that do not belong to them? What can be done to improve the signup process to discourage or prevent forged signups?

1 comment

  1. Richard King says

    Laura,
    Great article and I just wanted to add that we do block known-anti-spammer domains that we know 1) shouldn’t be sent to or 2) create problems for us such as honey pot domains. However, anti-spammer sites or RBL domains are not always blocked but flagged if sent to. This way we are not stopping an RBL admin or an anti domain just for the sake of it but instead flag the client that is sending to them. Once it is flagged our abuse department takes a look and see’s if the client is an issue or if they should be sending to them at all.
    So I 100% agree with you about not always blocking the domain but I must see we should monitor them just encase. Being proactive as an abuse department for an ESP always helps with delisting or being notified before a listing so it’s just good practice. Be aware and preemptive on your strikes. It’s the Abuse way… Great article Laura.

Comment:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.