Asking for help with a blocklist

There are often questions arising about how to go about getting off a particular blocklist. A few years ago I led the MAAWG effort to document what to if if you were On a Blocklist (pdf link). That document was aimed primarily at MAAWG members and deliverability experts with working knowledge of blocklists. I think, even now, it’s a good background on how to deal with a listing and mail being blocked.
stop_at
There have been discussions on multiple mailing lists over the last week or so about how to deal with listings at different blocklists. Many folks on these lists have extensive experience, so these are good places to ask. With that being said, a lot of the requests lack sufficient details to help.
So, if you’re ever on a blocklist and want some help from a mailing list about the problem, here’s a short guide for how to ask for help.

DO:

  • Keep the request short and concise. We don’t need 14 paragraphs about a business or how long a poster has been doing mail. Focus instead on details that people are going to need to answer the question.
  • Tell them which blocklist. “Listed by Spamhaus” isn’t a useful statement. Spamhaus runs almost half a dozen lists, all with different listing criteria. “A domain blocklist” isn’t helpful, there are dozens of lists, all with different criteria. Getting delisted on the DBL is different from getting delisted by URIBL. State the specific list involved.
  • Include the IP address. Most people people try and hide their IP address, limiting the amount of help anyone, including the blocklist folks, can give. Those folks who finally admit the IP often find very helpful answers from list members. On some lists, folks run spamtraps and are happy to share data from those feeds, even if they’re not involved in the listings.
  • Include full bounce messages, if you have them.  The messages sent during a rejected SMTP transaction are full of information about why a message was rejected. “Blocked with 554 at AOL” doesn’t tell anyone that much. “Blocked with 554 RLY:B1” at AOL tells us a lot more. Including the full message will save a lot of time in tracking down the information.
  • Include how long this has been going on. A listing that’s been up for a few weeks is different than a listing that’s been up for months. Likewise, if the listing goes away and comes back, say that.
  • Include what you’ve done to resolve it. Stating the steps already means new ideas, not the stuff already tried.

DON’T:

  • Challenge the legality of blocklists. IP based blocking using public sources of data is 2 decades old at this point. They are a part of the email ecosystem. What few cases have been brought against blocklists have reinforced their legality.
  • Get personal. This isn’t about a particular individual. All the lists used by the large mail providers are run by teams. Sometimes they are small teams, but they are teams.
  • Argue the mail isn’t spam. It may or may not be, but these arguments can go on and on and only delay actual help in the delisting process. Also, some blocklists don’t list for spam, so the argument becomes even more pointless.

If a blocklist is in wide enough use that a listing is causing delivery problems, there are a couple things this says about the list.

  1. It blocks enough bad mail to be useful
  2. It doesn’t block much good mail.
  3. The policies for listing and delisting are supported by the receivers using the list.
  4. True listing errors are corrected quickly.

There are, maybe, a dozen lists that are used widely enough to significantly affect delivery of email. There are hundreds of other lists that are less widely used. I tell clients to not worry about being on a list unless it’s actively causing delivery problems. Yes, I use some of the online tools that check hundreds of lists. But just being listed doesn’t mean there’s a problem. Likewise, folks who are on no blocklist can still have delivery problems at major providers across the net.
 

Word to the Wise provides delisting assistance as part of our consulting program. If you’re having problems with a blocklist and need advice, feel free to contact us

Related Posts

Spamhaus comments on subscription attack

Steve Linford, CEO of Spamhaus commented on my blog post about the current listings. I’m promoting it here as there is valuable information in it.

Read More

Ongoing subscription attack

Brian Krebs posted a couple days ago about his experience with the subscription bomb over the weekend. He talks about just how bad it was over the weekend.

Read More

How many blocklists do we need?

There’s been a discussion on the mailop list about the number of different blocklists out there. There are discussions about whether we need so many lists, and how difficult the different lists make it to run a small mail system (80K or so users). This discussion wandered around a little bit, but started me thinking about how we got to a place where there are hundreds of different blocklists, and why we need them.
shield
There is a lot of history of blocklists, and it’s long, complicated and involves many strong and passionate personalities. Some of that history is quite personal to me. Not only do I remember email before spam, I was one of MAPS’ first few employees, albeit not handling listings. I’ve talked with folks creating lists, I’ve argued with folks running lists. For a while I was the voice behind a blocklist’s phone number.
The need, desire and demand for different lists has come up over the years. The answer is pretty simple: there are many different types of abuse. One list cannot effectively address all abusive traffic nor have policies that minimize false positives.
Lists need different policies and different delisting criteria. The SBL lists based on volume of email to addresses that are known to have not opted in to receive mail. The PBL lists IPs where the IP owner (usually an ISP) says that the IPs are not supposed to be sending mail by their policy. URIBL and SURBL list domains, not IPs. Some lists have delisting requirements, some let listees remove themselves.
The policies of listing and delisting are not one size fits all, nor should they be.
There are two widely used lists that have significantly different delisting policies: the SBL and the CBL.
The SBL focuses on IP addresses they believe are under the control of or supporting the services of spammers. They measure this by primarily relying on spamtraps, but they also accept forwarded mail from some trusted individuals. Getting delisted from the SBL means explaining to Spamhaus what steps were taken to stop the spam from coming. It’s a manual process with humans in the loop and can require significant business process changes for listees. (We’ve helped dozens of companies resolve SBL listings over the years, contact us if you need help.)
On the other hand, the CBL is a mostly automated list. It lists ources of mail that aren’t real mail servers sending real mail, but are sending a lot of stuff. As they describe it:

Read More