Help! We're on Spamhaus' list

H

While trying to figure out what to write today, I checked Facebook. Where I saw a post on the Women of Email group asking for help with a Spamhaus listing. I answered the question. Then realized that was probably useable on the blog. So it’s an impromptu Ask Laura question.

We’re listed on Spamhaus’ list, any advice on how to get off? Our email provider has a plan, just looking for more input. 
If you’re on the SBL, there’s a problem (somewhere) with your data collection process. You’re getting addresses that don’t actually belong to your customers / subscribers / whatever.
The fastest way off it to cut WAY back on who you are mailing to. Mail only to addresses you know, for sure, based on activity in the email, want your mail. Then you can start to go through the other addresses and make decisions about how to verify that those addresses belong to the people you think they do.
If you’re at an ESP, do what they tell you to do. Most ESPs have dealt with this before.
One thing to think about, once you get past the crisis stage, is that if you’re on the SBL, it’s likely your delivery is overall pretty bad. These aren’t folks that dramatically list for a single mistake, there’s a pattern. ISPs look at different patterns, but will often find the same answers and delivery will be bad.
It’s important to realize that Spamhaus has 4 or 5 different lists that have different listing criteria. This is for the SBL, there’s also CSS, CBL, PBL, DBL and XBL. They address different problems and have different listing and delisting criteria.

SBL

The one, the only, the original Spamhaus Block List. This is a manual list driven mostly by spamtrap hits. It lists IP addresses and only IP addresses. A few things you need to be aware of.

  • Listings are created by individuals.
  • The person who created the listing is also the person who is responsible for delisting. You will work with a single volunteer throughout the delisting process.
  • One spamtrap hit isn’t going to cause a listing. Generally it takes hundreds or thousands of trap hits to get listed.
  • Reputation matters. If you’re at an ESP that is trusted by Spamhaus, they’re probably going to list a .0 and let the ESP handle much of it.
  • Many SBL listings have nothing to do with marketing mail. The listings are for botnet command and control, malware servers and things like that.

CBL / XBL

CBL is designed to block malware and infected machines. If you’re on the CBL, it’s likely there is an infection somewhere on your network. The CBL folks often give quite a bit of information about what the infection is and how to resolve it.

  • Listings are automatic
  • Delistings are self service
  • Repeated delistings without fixing the issue will result in automatic delisting no longer working.
  • A long time ago there were a couple buggy MTAs that would trigger listings. To the best of my knowledge they don’t any longer. If you’re listed and are absolutely sure there’s no problem, upgrade your MTA software.

CSS

CSS is a subset of the SBL. It’s intended to address snowshoeing, that is bad behavior spread out over lots of IP addresses to hide. It lists IP addresses and only IP addresses.

  • Listings are automatic.
  • Delistings are self-service.
  • Repeated delistings without fixing the issue will result in automatic delisting no longer working.
  • CSS is tied to the DBL, so you have to address both listings.

DBL

DBL is the Domain Block List. It lists domains and not IP addresses. I’ll be honest, I don’t have as much experience with the DBL as with other lists, but I have had a few clients on the DBL.

  • DBL is tied into the CSS.
  • You can get on the DBL without the sending IP being on CSS.
  • DBL makes no judgement on the source of the mail, only the content of the mail.

PBL

PBL is the Policy Block List. This is a list of IP addresses curated by Spamhaus and some ISPs. It contains IP addresses that, by policy, should not be emitting email. The IPs are things like consumer cable modems where the AUP of the ISP says the customer may not host a mail server. Another list I don’t have much familiarity with. Best advice is to talk to your ISP about the listing.

Zen XBL

This is a combo lists that combines the SBL, CBL and PBL. It’s mostly used for lookups. You’re never listed on Zen, you’re listed on something else, and that’s the listing you need to address. (In my initial post I confused the XBL with Zen. Zen is the composite list; XBL and the CBL are the anti-malware lists. I corrected the post. Thanks to a observant reader for alerting me to the error. That’s what I get for blogging late in the day and relying on memory. )

General advice

  • If you’re at an ESP let the ESP handle the communication with Spamhaus for you. Most delivery folks can tell you about that customer that decided they could communicate better with Spamhaus directly and ended up having a harder road off the list.
  • If you are handling it yourself, check out Help! I’m on a blocklist published by M3AAWG. It has tips and guidelines on communication.
  • Don’t bother trying to explain your business model. Really. Listings happen because there’s no valid permission. Focus on that issue and improve your data communication skills.
  • Deliverability problems – temp fails, bulk foldering almost always precede a SBL listing. Deal with the problems before it gets to the point of the SBL.
  • If you end up completely stuck and can’t get off the SBL, CSS or DBL contact an expert. Word to the Wise provides consultation and help with listings. Many of our clients come to us after other services haven’t helped or their ESP has referred them to us.

SBL listings are sometimes signals that something about data handling is off. The listing is the result of something other than a broken subscription process.
A few years ago an ESP referred a client to me because the situation was complex. The client had all the right subscription processes in place. They did correctly identify addresses to suppress. However, their backend data handling had a problem. When a certain sequence of events occurred, bad addresses were reactivated. We dealt with the listing, then dug into their data handling and changed some things to stop future listings.
Listings aren’t the end of the world. They have discrete causes and defined solutions. The folks at Spamhaus are generally willing to work with senders when there are issues.
 

About the author

5 comments

Leave a Reply to Iss Meftah

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • CSS listings are based on a wide range of inputs and are always the result of multiple events and heuristics.
    Would previous bad history of the sending IP addresses or the neighbors of the sending IP triggers new listing?

  • I purchased IP 167.99.1.12 from digital ocean and vlvemail.com on 3/18/2018. I was blacklisted while setting up my server. Both CSS & DBL; CSS delisted me but I haven’t been able to contact DBL. I get this error message (An error occurred. Please try again. ) when I attempt to submit my removal request.

  • Hi,
    Any inputs on DBL listing? We are DBL listing, we have been sending on recent openers and still the same listing. We have applied for listing few times, it go t removed 2 times but it appeared again. Not sure what may be the issue, we are sending only to recent openers/clickers.

  • Any suggestion for a plain innocent household?
    Spamhaus will not even allow opening communication if you have no domain or paid email. Why would a home have any of that? I can’t even accidentally create spam! The household members play a few lesser games that the current laptops can handle, some discord, youtube. Machines are quite clean. No one torrents or uses downloads. So regardless of how I ping their incompetent volunteer’ overseer, how can I even demand to be set free? My poor kid has no life with non verbal autism, now he can;t even enjoy something as simple and stupid as minecraft because ovh and other host or node servers block us as well (as emails and sites using software which uses Spamhaus like kismet). Far as I am concerned they are an evil agency that should be abolished. I will filter my own spam thanks!

  • Have you tried reaching out to your ISP? From your story I am assuming you are on an assigned IP address from your provider, which for some reason is on one of the lists. If that is the case, it is their IP and they should be able to delist it (or assign another one to you).

By laura

Recent Posts

Archives

Follow Us