Recently a client asked us about a problem they were having with email that was being run on the same server that we had setup their website on. In this case the problem was pretty severe as they had been blacklisted from sending emails to any Gmail.com email address. After contacting the hosting company we were able to identify that one of their email accounts had been compromised and was being used to send out SPAM emails. It was an unfortunate situation that could have been avoided. In this post we cover what blacklisting means, what to do, and how to avoid it from happening again.
What does ‘blacklisted for email’ mean?
According to google.com a blacklist is ‘a list of people or products viewed with suspicion or disapproval.’ In regards to email to be blacklisted means a provider such as Google has determined that your domain is abusing its system by sending too many emails to addresses on its network. Once you have been added to a blacklist all emails you attempt to send to the provider will be denied and you will see a message similar to this one:
SMTP error from remote mail server after end of data:
host aspmx.l.google.com [126.96.36.199]:
550-5.7.1 [YOUR IP ADDRESS HERE 1] Our system has detected an unusual rate of
550-5.7.1 unsolicited mail originating from your IP address. To protect
550-5.7.1 users from spam, mail sent from your IP address has been
550-5.7.1 Please visit http://www.google.com/mail/help/bulk_mail.html to
550 5.7.1 our Bulk Email Senders Guidelines. ck6si8779257igc.40 - gsmtp
How did you get blacklisted for email?
You will be blacklisted for email because your domain has attempted to send too many emails to an email provider like gmail.com. The exact number of emails is unclear but it is also measured by how many have been sent in a certain amount of time.
If you are knowingly sending a lot of emails to a lot of people then you may be blacklisted for appearing to be or actually being SPAM. If you want to send a lot of emails to various email addresses you may want to sign up as a bulk email sender with the various email services. Googles Bulk Mail Guidelines are here.
You may be blacklisted for sending too many emails to a provider if your email address or server gets cracked into by malicious users who then use your account to send SPAM. Unfortunately this is a very common occurrence as most people are not using strong passwords and are also using the same password for multiple accounts.
Who can help you?
If you are intentionally sending out a lot of emails then you need to point the finger at yourself and learn how to send bulk email. If you don’t want to become a bulk email provider then you need to check out the various ones on the market. We like MailChimp as discussed below and here.
If you are not intentionally sending out a lot of emails then your system has been compromised and you need to read on below.
If you are using the email services that your hosting company provides then you will want to contact them immediately to see what the problem is. If you are hosting your own server then you or your network admin needs to check the logs to see what email account is sending out a lot of emails. The first thing you need to do is identify if it is just an email account that has been cracked or your entire server. Then you need to update all passwords on the system.
If you are using a dedicated email service or hosting your own email server then you need to contact whoever is operating that for you and identify which account is sending out a lot of emails. As with the hosting company solution you need to update all passwords on your system.
If you have been blacklisted by Google you can reach out to them and fill out a form that lets them know you have identified a problem and taken steps to correct it. The form is fairly technical and your hosting or email provider will need to help you get a lot of the answers. The Google blacklist removal form is here.
When will you be removed from the blacklist?
Timeframes are unclear
Google does not explicitly tell us how long it may take to get removed from their blacklist. I have seen things clear up in 5 days and others take 30 days. The most important thing you can do is update your passwords and ensure your system is no longer sending out massive amounts of email.
What can you do to prevent this from happening again?
There are a number of things you can do to prevent this from happening in the future whether you were intentionally or unintentionally sending emails. Below we have listed a few things to consider when moving forward.
Email best practices
When it comes to email no one does it better than Google. Their free service is gmail.com but if you are a business you need to have your own domain name to look professional. In that case you need to look at Google Apps which gives you email, documents, chat, hangouts, and whatever Google adds to it next. The cost is $5 per user per month or $50 per user per year and can serve to replace much more than email.
The main benefit to this is that now you are using Google’s system which means the likelihood of them blacklisting you should drop considerably. Another benefit is that you can implement 2 step verification which takes security one step further to prevent unauthorized use of your system.
We can help you get setup on Google Apps and make sure everything is integrated with your organization.
If you need to send a lot of emails to various users then you should use a company that specializes in bulk email not only to prevent blacklisting but also to avoid fines and jail time. We use and recommend MailChimp for sending out bulk emails for news and sales needs. They offer a free service for a list of up to 2000 emails and 12,000 emails sent per month. They also provide excellent templates and guides for creating an monitoring your email campaigns to see what is and isn’t making you more money.
We can also help you setup and manage your MailChimp account to help drive sales for your organization.
Security best practices
When it comes to passwords you cannot be too paranoid. Using the same password for everything is as bad as writing them on a post-it note and then sticking it on your computer monitor. If you are going to be truly secure you need to be using strong passwords which are more than 10 characters long and you need to have a different one for every account you have. With more and more websites popping up daily asking for you to create a new account you need to have a system for creating and managing them. We have been using 1Password for over 3 years now and cannot recommend this software more. Before you do anything else online you need to go and purchase 1Password for your Mac or Windows computer and start updating all of your accounts, just do it.
1Password is super easy to setup and use but we are happy to talk about how we implement it as well.
This a list of the links from this post: