Thread: Mail Server IP -- Blacklisted (I think) Help!
View Single Post
Old 07-10-2007, 10:08 AM   #21 (permalink)
damien_ls
Contributing Member
 
damien_ls's Avatar
 
Join Date: 03-26-07
Location: layershift.com
Posts: 217
iTrader: 0 / 0%
Latest Blog:
None

damien_ls is a jewel in the roughdamien_ls is a jewel in the roughdamien_ls is a jewel in the roughdamien_ls is a jewel in the roughdamien_ls is a jewel in the roughdamien_ls is a jewel in the roughdamien_ls is a jewel in the roughdamien_ls is a jewel in the rough
Quote:
Originally Posted by Dongle View Post
Aahh right, so it should only affect outbound email then.
Yes. To my knowledge the only thing potentially affected by email blacklisting is outbound email deliverability.

Quote:
Originally Posted by Dongle View Post
So what's the best way to ensure that legitimate registered customers get the email they've requested (be it monthy newsletter or order confirmations)?
They are quite different things in terms of the way you should manage them from the point of view of successful ecommerce/emarketing.

In terms of legitimate emails getting through, you should ensure that you have an appropriate SPF record for your domain.

The other major part is obviously ensuring that the outbound mail server that you're using is not included on any spam blacklists; this is a lot harder than it sounds, particularly with respect to shared hosting.

The most common route to blacklisting (assuming a well secured SMTP server) is via insecure webscripts; any piece of code in a web application which sends emails is a potential vulnerability that could cause your application/SMTP server to be used for spamming (hence get your SMTP server blacklisted).

It's not difficult to see that more applications/code means more potential vulnerabilities - this is why SMTP servers used for shared hosting are more likely to be blacklisted than others... they have the most users.

So you can do two things with respect to trying to stop your SMTP server becoming blacklisted:
  • Make sure that your own code/applications use well tested and secured code for sending out emails; there are many common mistakes that people make when writing code to send an email, and they are well documented. The best "solution" is to use a tried-and-tested commercial (or open source) application, but even then obviously vulnerabilities of all kinds are still very possible.
  • Use your own dedicated SMTP server so that nobody else is able to cause you problems (e.g. the shared hosting scenario where other shared hosting customers have insecure scripts - as above - which get the SMTP server blacklisted); you can do this by using a VPS or dedicated server... although obviously these options cost more than most shared hosting.

I should stress that there are ways for a hosting provider to monitor for and correct problems caused by insecure scripts and/or other spam sources which cause their SMTP server to be blacklisted - this is yet another measure of a hosting provider's quality.

Quote:
Originally Posted by Dongle View Post
It was convenient, as I spotted another problem, in that Google wasn't recognising my site as a UK site - so I moved to UK servers!!
Yes, UK IPs are a good way to get you into the UK localised listings - you can also do it via a .uk domain.

Quote:
Originally Posted by Dongle View Post
I'm hoping to send out a monthly promotional email to subscribed customers. There aren't any tricks involved, no buying of lists, no pre-ticked newsletter options - just a big banner saying "Click here to received our monthly special offer email" - so people have to physically click on something of their own accord and enter their email address to subscrube themselves.
For newsletters I would recommend using appropriate software to help monitor how your subscribers are receiving it (i.e. do they read it, do they click links from it etc.) and there are various service providers who offer a specialised service for this very reason. (suppose it's another example of SaaS; Software as a Service)

These providers (or the good ones) have agreements with the major ISPs to whitelist email from their servers, and therefore offer better deliverability than sending bulk email from your hosting provider. It also avoids problems of very large mailing lists since many shared hosting providers have a limit on the number of emails you can send per hour etc. (or even with a VPS, it would use a lot of your resources to send a large number of emails at once).

I'll dig some providers of this nature out if you're interested; and I'm sure others can suggest some too

Quote:
Originally Posted by Dongle View Post
Do people have to manually go and report spam to these spamcop type websites for a server to be blacklisted? So by keeping strictly to people who have registered their interest, everything should be hunky dory?
The reporting mechanism depends partly on the list - some use spam-traps (where they have email addresses which are collected by spammers, and then they analyse emails sent to those email addresses to identify servers involved), others use direct user reporting, and others are much more subtle (e.g. clicking on 'mark as spam' in a webmail program) where the end user may not realise exactly what impact that may have!

Quote:
Originally Posted by Dongle View Post
What if one person decides they don't want to receive a promotional email anymore and decides to report an email as spam instead of just unsubscribing (unlikely - but possible)? Is one report all it takes, or do you need to be reported by 2-3 different people for it to cause a problem.
Most blacklists use ratios (i.e. between number of legit emails and number of 'problem' emails) to help determine whether it's a bad enough problem to add a particular server to their blacklist. This helps prevent the kind of false-positives that you mention - although adding "unsubscribe" links (that work!) clearly to all mailings is a very good idea!

Quote:
Originally Posted by Dongle View Post
Got me thinking - as you say "constantly", does this mean that servers are blacklisted for a period of time, and not forever.
A lot of blacklists will hold an SMTP server in their list for a period of time whilst the problem is ongoing (i.e. they receive a constant flow of reports) and may automatically de-list after they have stopped - usually allowing a period of time after they stop before de-listing.

Other blacklists place the oweness on the provider (or customer?) to request de-listing which is a mixed blessing; these are sometimes more effective in forcing providers to take action (and embarrassing those who don't) to stop the spam source issue, but on the other hand they're obviously annoying from the point of view that they keep a server blacklisted even after the problem is solved.
__________________
Damien Ransome
Layershift :: DDS & Dedicated, UK & USA-based Managed Virtuozzo VPS, Reseller & Shared Hosting
Experienced Parallels Platinum Partners (Plesk since 2001, Virtuozzo since 2004)
damien_ls is offline   Reply With Quote