E-mail Blacklists

From Jeremy Bryan Smith
Jump to navigation Jump to search

Testing

Check your IPs and DNS names here: Toolbox - Blacklist Checker

Check your mail server logs for entries mentioning blocking. Not all mail servers will indicate the reason for the error. And some email servers will accept the email normally and reject it later. For example, using sendmail on Linux, to get a list of unique non-successful responses: 

grep   'dsn=[^2]' /var/log/mail.log | grep -o 'to=.*' | sed 's/delay=[^ ]\+/DELAY/g;s/pri=[^ ]\+/PRI/g' | sort | uniq

to=root, ctladdr=root (0/0), DELAY xDELAY mailer=relay, PRI relay=[127.0.0.1] [127.0.0.1], dsn=4.1.8, stat=Deferred: 451 4.1.8 Domain of sender address root@web3.sub.domain.com does not resolve
to=<username13@hostone.com>, DELAY xDELAY mailer=esmtp, PRI relay=mailstore1.secureserver.net., dsn=4.0.0, stat=Deferred: Name server: mailstore1.secureserver.net.: host name lookup failure
to=<username13@hostone.com>, DELAY xDELAY mailer=esmtp, PRI relay=mailstore1.secureserver.net. [72.167.238.32], dsn=4.0.0, stat=Deferred: 421 p3plibsmtp01-12.prod.phx3.secureserver.net CMGW Temporarily rejected. Reverse DNS for 1.2.3.4 failed. IB108  <http://x.co/srbounce>
to=<user234@verizon.net>, DELAY xDELAY mailer=esmtp, PRI relay=mx-aol.mail.gm0.yahoodns.net. [67.195.204.80], dsn=4.0.0, stat=Deferred: 421 4.7.0 [TSS04] Messages from 1.2.3.4 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html
to=<johnsmith@server.net>, DELAY xDELAY mailer=esmtp, PRI relay=server.net, dsn=5.1.2, stat=Host unknown (Name server: server.net: host not found)
to=<usr678@server.net>, DELAY xDELAY mailer=esmtp, PRI relay=server-net....ction.outlook.com. [104.47.56.138], dsn=5.4.1, stat=User unknown
to=<stucker@website.com>, DELAY xDELAY mailer=esmtp, PRI relay=mx.idealadvertising.com. [70.169.213.196], dsn=4.2.0, stat=Deferred: 450 4.2.0 <stucker@website.com>: Recipient address rejected: Greylisted, see http://postgrey.schweikert.ch/help/faginfirm.com.html

In the above example, 1.2.3.4 is the IP if our network's router, behind which is our mail server web3.sub.domain.com. We've got a few issues here, including:

  • Grey listed
  • Black listed
  • Reverse DNS not set up for 1.2.3.4
  • No such mailbox

See the givien URLs for details:


Configurations

To avoid being blocked, use the following

Open Relay

Make sure your email server(s) aren't open relays -- allowing anyone to connect and send email. Generally, just close off all email ports (SMTP, etc).

DKIM

DomainKeys Identified Mail (DKIM) is an email authentication method designed to detect forged sender addresses in emails (email spoofing), a technique often used in phishing and email spam. See http://dkim.org/.

SPF

Sender Policy Framework (SPF) is an email authentication method designed to detect forging sender addresses during the delivery of the email. See https://www.dmarcanalyzer.com/spf/how-to-create-an-spf-txt-record/

DMARC

DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication protocol. It is designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. DMARC extends two existing mechanisms, Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). It allows the administrative owner of a domain to publish a policy in their DNS records to specify which mechanism (DKIM, SPF or both) is employed when sending email from that domain; how to check the From: field presented to end users; how the receiver should deal with failures - and a reporting mechanism for actions performed under those policies.

Reverse DNS

Many email servers require reverse DNS to be configured for any of your IP addresses from which you will be sending emails from your domain. You'll have to contact the provider of your IP address(es) to have them set up reverse DNS. Basically, have them point your IP 1.2.3.4 -> mail.mydomain.com

Before setting up reverse DNS: 

$ host 1.2.3.4
Host 4.3.2.1.in-addr.arpa. not found: 3(NXDOMAIN)

After setting up reverse DNS: 

$ host 1.2.3.4 
4.3.2.1.in-addr.arpa. domain name pointer mail.mydomain.com.

Submit request for removal

After having set up the above, request that your IPs be unblocked by whatever blacklist maintainer or specific email providers that are blocking you.

Retrieved from "https://wiki.jeremybryansmith.com/index.php?title=E-mail_Blacklists&oldid=161"