Recently, a significant majority of discussions of email delivery problems mention that neither the IPs or domains in use are on any of the public blocklists. I was thinking about this recently and realised that, sometime in the past, I stopped using blocklists as a source of useful information about reputation.
I’m not even sure exactly when it happened. I just stopped checking most of the websites for information about blocks. Part of that is likely due to the change in my client base. Over the years I’ve transitioned away from handling immediate, crisis level blocking issues. These days I’m spending the majority of my time providing strategy advice.
It used to be that the public lists could provide some types of insight into what might be wrong. Even the mix of lists an IP or domain was on could lead to useful activity.
These days, though, I’m finding the vast majority of senders I talk to are not on any lists. Their IPs and domains are totally clean, even when putting them into lists that check over a hundred lists.
One conclusion this leads me to is that modern filtering at the consumer ISPs and many of the major corporate gateways has moved well beyond blocking IPs and domains. The filters look for much more subtle clues about mail than whether or not the sender is hitting spamtraps. Filters are able to make nuanced decisions about what to do with an email.
This is such progress! We’ve gotten to a place where we have nuanced filters that can separate out different mail streams and deliver the mail to the place where they believe the recipient wants it.
Blocklists do still have their place and I do sit up and take notice when a client or potential client mentions they’re on a blocklist. Fundamentally, the widely used lists deal with very ugly, problematic senders. They are still valuable simply because they list the very bad sources of email. This means the filters on the other side don’t need to be quite so strict.
All in all, the nature of filtering is changing. In parallel, deliverability is changing. There are sub-specialisations developing in the industry. it’s an interesting time, one where no on has all the answers. I think it’s important to not these types of milestones when we see them.
This is a milestone. Filtering and blocklists have diverged and are addressing different types of mail.
RSS - Posts
There’s also an interesting trend of the more advanced, often malicious spam campaigns, checking various DNS blocklists before even bothering to send emails; here’s Emotet doing that at the client (i.e. bot) end, but I have a reason to suspect many spammers do something similar at the spam panel level
https://blog.talosintelligence.com/2019/01/return-of-emotet.html