Email Blacklisting
Email blacklisting is a necessary evil in the world of today’s computers. Without blacklisting organizations, no email account would be safe from the onslaught of spam emails floating around the internet.
While in practice, this is normally great, but unfortunately it is possible to have legitimate email servers added because of other users on the server. This is why you may see our shared servers sometimes become blacklisted.
In this article, we will discuss how it happens, how to help prevent it, and how we handle each situation.
How does this happen?
This normally only happens shared servers where you have more than one account on a server and one of these accounts have become compromised (e.g. the hosting account password was cracked, the email password was cracked, scripts are out of date, etc.).
For more information about what a compromised account is, please click here.
When this happens, spammers use this as an outlet to send massive amounts of unsolicited emails to people. When people that receive this spam report it, blacklists are made aware of the spam and the source, and in turn block the server.
From that point, any email provider that respects the organization’s blacklist will automatically stop allowing any emails sent from the blacklisted server to make it to intended recipient, and in most situations, will bounce the email back to the original sender.
What can we do as users to help prevent it?
While it may not be your account causing the issue, it is a good idea to take preventative measures to help ensure that your account is never the cause of a blacklist. You can do this by making sure that your email accounts have strong, secure passwords. For information on how to create secure passwords, please click here.
You can also help by making sure that if you have any scripts, that you keep them up to date so that they can’t be used as spam email sources. For information on how to upgrade some of the more popular web applications, please click here.
In addition, you can help prevent breaches by ensuring you have secure passwords on any FTP accounts that you have. Again, for information on how to create a secure password, please click here.
By doing all the above, you help prevent your account from being used to send bulk emails and in turn helps the server remain in good grasses with the black lists organizations.
What does Site5 do to help prevent it?
There are many organizations that work with us directly by informing us of emails that have been reported as spam before they blacklist the server. This gives us the opportunity to look into the spam messages and track down the account they are being sent from. From there, we work with that client to help prevent any more spam messages from being sent. This process is known as a Feedback Loop, or FBL. For more information about how the FBL system works, please click here.
You can see the organizations that work with us via this method below.
What happens if the server gets blacklisted? What does Site5 do?
If an organization adds our server to a blacklist, we start immediate action to have the blacklist removed and to prevent future spam messages being sent from the source that triggered the listing. This process varies from organization to organization. Some organizations allow us to simply submit a form, while others require us to email them directly.
Unfortunately, there are some organizations that we simply can’t request a removal from. In situations like this, we have to do the best we can to clean up the account that sent the messages and simply wait for them to remove us on their own. There is no way to tell how long this process can take as it varies from case to case.
No matter the organization, any delisting request can take time for the request to be approved and processed.
Black List Organizations
- Works with us via FBL
- American Online (AOL)
- TrendMicro
- Microsoft
- Work With Us
- Sorbs
- Microsoft Exchange
- Symantec
- URIBL
- Yahoo
- AT&T
- Symantec
- SenderBase
- SpamHaus
- SpamCop
- Barracuda
- CBL
- MX Logic
- Surriel
- Abuseat
- Njabl
- Surbl
- Cloudmark RBL
- Doesn’t Work With Us
- Backscatterer
- ASPEWS
- APEWS
- ivmSIP
- UCEPROTECTL1
- BBQ
- DRBL
- gremlin.ru
- JustSpam.org
- V4BL
- Chile DNSBL
- Lashback
Ana Arias January 21, 2014 at 5:34 pm
Please do alert me with any updates. I’m in Costa Rica for a week, and it is absolutely imperative that I can send out (and receive, which thus far hasn’t been a problem) emails for both business and personal reasons. It’s my only way of being able to communicate with colleagues and friends in the States while I’m here.
James Davey January 22, 2014 at 8:28 am
Hi Ana,
This knowledgebase is not an ‘active’ support forum – we do post updates regularly on blacklists to our official forums, at http://forums.site5.com/forumdisplay.php?f=109
Ana Arias January 21, 2014 at 5:35 pm
Please notify me asap when the blacklist to my various emails are removed. It’s imperative that I be able to communicate with colleagues in the States (I’m in Costa Rica on business and personal reasons for a week).
Marion Gropen February 6, 2014 at 8:10 am
I’m on s9-chicago, and the server is blacklisted with monotonous regularity. It’s impacting my business as well as my family’s personal communications (my husband’s company won’t allow my emails through!)
What can be done to reduce the frequency with which this happens?
James Davey February 6, 2014 at 10:36 am
Hi Marion,
I am very sorry for that. We take every possible precaution to prevent this from happening, and s9-chicago is no worse or better than any other of our servers. It is simply an unfortunate coincidence that it is happening to this server more often of late. We have a team of people working 24/7 to monitor all of our servers, and step in before compromised accounts get to the point where we get blocked like this, but it does occasionally happen too quickly for us to stop. When that happens, the same team goes into action to solve the issue, then delist the server from all known RBLs. This process can take some time, as it is largely up to the RBL provider’s schedule.
Lola May 9, 2014 at 10:03 pm
My email has just been blacklisted and I only send out a handful of emails a week if that.
I am quite angry about this as I pay my hosting fee and get this poor service in return. I haven’t even been a client of Site 5 for very long either so this is not a good start. You would think that with all the money made and the technology we have today, shared hosting providers could source exactly who is sending spam and act quickly. Instead clients just get excuses.
After being on that chat service for hours tonight and then after that getting a ticket I have a feeling that this won’t be resolved anytime soon. Can’t run a serious business this way. I will look into a dedicated server as this is ridiculous.
James Davey May 12, 2014 at 7:47 am
Hello Lola,
I am very sorry for the trouble this has caused you. While we can source exactly who is sending spam, and disable that ability, this does occasionally happen. An automated script gets uploaded, or an innocuous one gets compromised, and 35000 spam messages are sent in a few seconds. We catch these, and disable the scripts, but the damage is already done at that point. We then step in to work with the RBL providers to delist the server IP as quickly as possible, minimizing the impact to all of our customers.
We catch the vast majority of these before any blacklisting happens – I want to make that clear. Our Server Health team is monitoring the servers 24/7, and catch 99% of these incidents before any real amount of spam gets out. We also have tools in place to make spamming from our servers more difficult anyway. But it does occasionally happen that too much spam gets sent out too quickly, and we have to contact the RBL providers to delist.
James May 12, 2014 at 8:52 pm
Our shared server had been blacklisted for over 2 days and it is seriously damaging our business. Site5 seems to be doing little about it and cares even less. We get updates about once a day and their attitude is is “too bad”. I’ve never heard of this happening to other companies, this service is a joke.
James Davey May 13, 2014 at 7:24 am
Hello James,
I assure you, we do take blacklistings very seriously, and we work as quickly as possible to get these issues repaired. Our Server Health team, as described, works to resolve the issue that led to the listing, then begins contacting the RBL providers to get the IP address delisted. This is the process that takes time, I am afraid – we have to work on the RBL provider’s schedule. We do pressure them as much as possible, but ultimately they are in control of their database, and we have to wait for them to manually lift the block.
Kur B. May 13, 2014 at 9:39 am
In another life I hosted a an SMTP server which was blacklisted in 1999 a few times so I have a little understanding of the difficulties Site5 Admins. are experiencing.
I really do not have the time to investigate- Is there some general rule/threshold the Blacklisting services have like 10,000 messages during x number of minutes/hours?
If so, any chance we might be able to have some hosts which are limited to x number of messages per minutes/hours? I believe in the past we used an e-mail provider which limited each account to 250 smtp message per 24 hours. I am not sure if this is feasible in the Site5 environment.
Curious, is there any chance Site5 might consider some sort of SMTP quota option for end-users/businesses which are not using any type of scripting e-mail daemon or who do not require many SMTP e-mails during a certain period. For example we generally do not send to more than 50-75 recipients in a 24 hour period.
Thank you for your service. It is a thankless job.
Regards,
Kur B.
James Davey May 13, 2014 at 10:26 am
Hello!
Each RBL provider sets their own threshold, and their own flags for what they consider spam or too many messages. There really is no standard definition of this, I am afraid.
For our part, we do place limits on accounts on shared servers, but finding the right limit is a balancing act – we want to keep it low enough that the chances of overrunning a recipient mail server are low, but high enough that most people sending large amounts of mail legitimately are not affected too much. We have the various limits detailed at http://kb.site5.com/email/email-limits/ if you would like to take a look :)
Kur B May 14, 2014 at 7:37 am
Thank you for the prompt response. I was hoping the issue would have cleared up by now.
Could you provide any type of workarounds until there is a resolution? This isn’t really a workaround, “We are still working with AT&T Real-time Blackhole List (RBL). Please accept our apologies for any inconvenience caused”. I am pretty much up the creek without a paddle.
We are only provided this host as our Mail Exchanger with no fail over for incoming mail and have begun experiencing the inability to send messages.
I was able to setup other Mail Exchangers using another e-mail provider and alias but have not been able to come up with a workaround for this issue.
Is it possible for Site5 to setup hosts with more restrictive limits than these http://kb.site5.com/email/email-limits/ for those of us who do not require massive e-mailing? So if there is a breach an automated process would simply shut it down? A plan or choice of hosts where we would be less likely to be blacklisted.
I would imagine there are a relatively high percentage of users who do not require anything close to:
Mailing list size is limited to 1,500 members
Outbound SMTP connections limited to 500 per hour
All messages sent over 1000 per hour are rejected with a too many messages bounceback.
I understand the scale of your hosting environments makes it tedious to accommodate a variety of scenarios. However, it appears this has been an issue with Site5 for a few years. Perhaps the investment in time to provide the average e-mail users would provide a more pleasant experience for us/them.
Thank you very much for your service.
Regards,
Kur B.
James Davey May 14, 2014 at 8:57 am
Hello Kur,
That is certainly an interesting idea, and one that I would encourage you to suggest at http://www.site5.com/blog/suggest-an-idea-to-site5/ to get it to our management team. It certainly would be something that could potentially solve some of these issues.
However, we do have a few workarounds already in place. The first option is to simply move to a VPS plan. Yes, these are more expensive, but they come with dedicated resources and the knowledge that the only mail coming from the server IP is YOUR mail. You do not have to worry about another user getting compromised and the server IP getting blocked.
Another option is to use a mail service like Google Apps – this moves the mail off our servers, and it is something that we can set up for you at no cost (beyond the Google Apps account itself, which you get through Google). Many of our customers use this, and it is a great solution.
Some hosts will look at this and simply switch the IP address on the server. While that is certainly possible, and will temporarily get around the block, we will not make this change to our shared servers. This sort of change can cause issues with many sites that rely on the existing IP address, but most importantly it does not solve the issue. This is a treatment of the symptom – the RBL – rather than the disease – the spam leaving the server. It is only a matter of time before the new IP gets blocked as well.
Marc Fuller July 20, 2014 at 12:17 pm
I think Kur’s suggestion is excellent!
In fact rather than use the blacklisting issues as an opportunity to upsell to a VPS or suggest another email provider/service like Google, why not have email lists and 500 outgoing per hour and what-not as a separate add-on package of a few dollars and segrgate those accounts choosing the email list option to a select email-list optimized servers?
I think your blacklist issues would be reduced along with related support/admin expenses (not to mention the frustration/headaches to the majority of your users who find their server blacklisted) and revenue and income increased.
James Davey July 21, 2014 at 7:00 am
Hello Marc,
Looking over your suggestion, it would work in theory, but it is not really feasible. Separating mail functionality like this is not really an option, because we like to provide as many tools as possible to everyone. Charging extra for the ability to send more than a few messages at a time is not something we feel is fair to you. What if you only needed to do it once? Or your mailing list only needed to be sent twice a year? Do you pay extra for that, for the whole year? Or do you ask us to migrate you to a server for this so you can send this mail, then migrate you back to the “non-premium” server when you’re done?
This is just one example of a fairly common situation that would make this impractical.
I realise that blacklisting is frustrating – we get as annoyed by it as you do, and we take every reasonable precaution to prevent it. Unfortunately, moving to a VPS is the best, most effective way to prevent this from happening to you, which is why we offer it as a suggestion.
Again, I would suggest you mention this to our management team, using the suggestion tool at http://www.site5.com/blog/suggest-an-idea-to-site5/. With just the one example I provided here I believe it is unlikely, but we are always looking for ways to improve our service.
Jeremy July 15, 2014 at 9:12 am
This is the third time this has happened in the last few months alone, how can I explain this poor service to my clients (one of which has just left, costing me £’s).
How long will this take to fix, the ‘instant_chat’ with site 5 is excellent and 9/10 helps me fix what ever problem I have, but this email issue is really effecting my business, surely there must be something that can be done to prevent from happening so frequently.
I think I am going to have to invest in a VPS, presume this would irradicate or at least stop this from happening so often.
Please get this back on track ASAP.
James Davey July 15, 2014 at 9:43 am
Hi Jeremy,
I am very sorry for the troubles you are having. We do everything we possibly can to prevent blacklists from happening, but the only way to absolutely guarantee a server will never get blacklisted is to not allow mail to go out.
If you allow mail traffic (which we obviously do, and will continue to do), there will always be a chance that a script will get compromised, or someone will use an insecure password, or a virus will attack a customer workstation and start sending massive amounts of mail. We have a team in place that monitors this activity at all times, but a bad script can easily send enough messages to warrant a blacklisting in a matter of seconds. As well, if legitimate mail is sent to a recipient who decides they no longer want to receive it, if they mark it as spam often enough, rather than request the mail no longer be sent (to be removed from a mailing list, for example), a blacklist can get triggered.
Moving to a VPS is one solution, yes. Indeed, it is one of the best solutions. On a VPS the only mail that is sent from the server IP is your own, drastically reducing the chances of the IP getting flagged by an RBL. On a VPS, if you practice good security with your scripts and passwords, you know that you’re not going to get blocked somewhere because somebody else on your server is not so cautious.
As mentioned here, any time a blacklist happens, we work as quickly as possible to repair the cause, and get the block lifted. This can take as little as a few hours, to as long as a few days. The delays are almost invariably at the RBL provider’s end – each one responds in their own time, and while we work with them as closely as possible, and apply pressure when needed, we have to work on their schedule.
steve July 24, 2014 at 11:30 am
mentioned above it states that moving to a VPS
”The first option is to simply move to a VPS plan. Yes, these are more expensive, but they come with dedicated resources and the knowledge that the only mail coming from the server IP is YOUR mail””
“””I think I am going to have to invest in a VPS, presume this would irradicate or at least stop this from happening so often.””””
We are on a VPS and have the exact same problem…..blacklisted by GMAIL…this has been over a week now …and still have gmail bouncing back at us.
VPS doesnt fix all…we are on a server in Vancouver……please fix this ASAP.
James Davey July 24, 2014 at 11:55 am
Hi Steve,
As I mentioned in my response to Jeremy, above, moving to a VPS drastically reduces the chances of the IP getting flagged by an RBL, because it severely reduces the amount of mail being sent by the IP address. It does not guarantee that your IP will never be blocked.
I am very sorry to hear that your VPS IP is bloacklisted – have you contacted our support team about this? You would need to do so in order to get us to work on delisting this for you.
Randy August 20, 2014 at 2:48 pm
This happens so frequently it is unbelievable. We were on a Dallas based Site5 server and after many days, if not a week, of ZERO ability to send emails that wouldn’t get blocked we switched to a Chicago server of Site5’s.
Then it happens, we are blacklisted again. Please don’t use these “opportunities” to upsell your dedicated server plans or anything else. Just figure out to reduce the frequency of this happening.
Frustrated Customer of Site 5
James Davey August 21, 2014 at 7:30 am
Hi Randy,
I am very sorry for the troubles. We are aware how frustrating this is for you, and we take this very seriously. When a server is blacklisted we work as quickly as possible to delist, but I realise this can take longer than anyone would like. To that end we are exploring other options to speed up your ability to send mail again, when this sort of thing happens. We do not have a firm date for this, but we expect it to be available soon.
In the meantime, we do not see this as an opportunity to upsell you just for the sake of upselling. Often, when a customer contacts us for a blacklisting issue one of the main questions is ‘what can we do to avoid this?’. As the easiest solution is to move to a VPS, where the only mail being sent is your own, this is always mentioned as an option.