There have been times where clients have come to me wondering why emails have been bounced back to the people sending them. The information in the bounced back emails can be of great use in finding out the reason for the failed delivery. Sometimes it is due to the content resembling spam or an incorrectly configured SPF record but most of the time, it has something to do with Real-time Blackhole Lists (RBLs).
A Real-time Blackhole List (RBL) is a service that an email provider can sign up for. This gives the email server access to a collection of IP addresses that are known for sending out spam. People report spam emails to these services, and if enough emails from one server are reported as spam, the service will mark that IP address as a sender of spam and recommend email servers to mark the incoming email accordingly. The email server then either deletes the email or puts it into a spam quarantine area.
Unfortunately, there are times that innocent domains can get caught up in this kind of thing. If you are on a shared hosting server and a domain from that servers gets flagged, you can get caught up in the ensuing disaster. Unfortunately the only thing you can do, if it is another persons fault, is request for your ip address to be delisted or contact your hosting company so they can go through the delisting process.
There are times where the culprit could be you or your site. In the event that your site becomes compromised, a hacker would then be able to install a script onto your site that they use to send out mass amounts of emails out. This is why it’s important to make sure your site’s software is up to date, as security holes are being found and fixed all the time. Another good idea is to make sure your ftp password is not something that is easily guessed, like a word or just numbers, as hackers can gain access to your site that way as well. General rule of thumb for passwords is to use a combination of lowercase and uppercase letters, numbers, and even symbols if they are allowed.
Your password to your email account can also become compromised, which means that hackers could send out emails, disguised as you, so it’s a good idea to make sure this password is also harder to guess. Another potential entryway for hackers is your local email program; if malware gets installed, it might then send out emails from your computer to all your contacts, in an attempt to either infect them with the malware or send them spam.
Another way you can get caught in a blacklist is if you send out mass emails to a lot of people from your mail account. If even just a handful of people report this as spam, then you can start to be listed in the RBL’s. This is why we recommend such services as Constant Contact, which allows you to send out mass emails that look like they are from your own email address, but as an authorized sender. Constant Contact’s system gives people the option to remove themselves from your mailing list, using the proper procedures and rules to ensure you do not get blacklisted.
One domain that I have seen on an RBL that probably shouldn’t be there is state.ma.us. They do not have Sender Policy Framework (SPF) in their DNS, so there isn’t anything stating who is an authorized sender. They send out a lot of emails and some probably get sent to people who do not request this. So at one time this domain’s emails were being rejected and not being delivered to a client.