Avoiding your IP address from getting blacklisted


Running and managing an email server is far from simply sending and receiving email messages to and from users' inboxes. Administrators responsible for managing corporate email infrastructure need to have a 360-degree approach to ensure their network is secure from outside attacks on their email system as well as when delivering outbound emails to other domains. Companies often run into situations where other receiving servers reject emails because one or more IP addresses get blacklisted. This article focuses on steps you should take in order to prevent your IP address from getting blacklisted.

This page discusses different scenarios that you need to consider.

Scenario 1: Block outbound TCP/IP port 25
Companies often configure their network firewalls to prevent inbound traffic but do not block/monitor outbound activities. Following image demonstrates how a single computer on your network could send emails without the administrator's knowledge.

It is important to configure your firewall so it only allow outbound traffic on TCP port 25 from your email server. Traffic from any other IP address should be denied. In the above example, Client A is trying to send an outbound email directly to the outside world through your firewall. Such attempts should be denied.

Scenario 2: Keeping an eye on what goes out

Assuming you have blocked outbound traffic on port 25, as suggested in Scenario# 1, every email should go out from your email server. This allow administrators to correctly monitor messages that are going out of your network. Looking at the reports and logs of your email server can give you an in-depth summary of outbound messages. For example, Xeams provides following features that will help you keep an eye on your outbound emails:

Authenticated Messages Report

This report gives you a count of emails sent by a particular user in your system. You could even limit the maximum number of messages sent out in an hour using this mechanism. Click Reports/Authenticated Messages Reports on the main menu to access this screen.

Daily Status Report

This report is sent to the administrators around midnight and contains the number of outbound messages sent. Seeing an unusually high number should trigger further investigation.

Viewing Logs

Several logs, such as OutboundAuditTrailSuccess.log, InvalidPasswordAttempts.log and SuccessfulLogins.log can help you discover unusual activities on your server.
Scenario 3: Do not send unsolicited messages
Ensure outbound messages sent from your network are not treated as spam on the recipient's end. Many email servers report the IP address they see sending junk to public RBL servers, which then add your IP address in their blacklist.
Scenario 4: Contacting your ISP
Server RBL servers, such as UCEPROTECT Level 3 mark entire blocks of IP address as blacklisted. It is very common for companies to rent servers on the cloud. The IP address allocated to such servers come from a pool of IP addresses that are shared by other companies. In such cases, one bad actor could affect everyone else on the same subnet. In such cases, you don't have a choice but to contact your ISP and ask them to contact the individuals who manage the RBL server.
Employ Best Practices:
You should adhere to several best-practices when sending outbound emails, such as:
  • Digitally sign outbound emails with DKIM.
  • Ensure your SPF records are correctly specified in the DNS server.
  • Periodically run Tools/Diagnostic Check - Outbound to ensure Xeams is configured correctly for outbound communication.