Deliverabilty Blog Post 10: All about blocklisting

Think once, none of your mail is going through to a major mailbox provider (MBP). Instead of the bounce rates, open rates, click-throughs you’re used to, you see a steep decline in performance. Worse, you might see the MBP comprising the majority of your list returning a big, fat goose egg. Chances are you’ve been blocklisted. A complicated journey awaits you. Here’s what you’ll need to know to understand what a blocklist is and does, how you landed on it in the first place, whether you need to quickly remedy the situation, and how you avoid this happening in the future.

What is a blocklist?

A blocklist is a compilation of IP addresses and/or domains behaving in a manner suggesting malicious intent. This could mean an IP address has lots of spam coming from it, its emails hold viruses, and so on. It’s a list of bad actors getting caught in the act. A blocklist can be internal, or maintained and used by the mailbox provider themselves (i.e., Gmail’s proprietary list), or external, which is maintained by a third party and is referenced by mailboxes around the world (i.e., Spamhaus). What happens when your IP or domain is on a blocklist, either internal or external? Simply put, the mailboxes referencing the listing will stop accepting inbound mail from you. This is to protect their users from spam or malware, and to disincentivize you from continuing whatever bad behavior you’ve participated in to get you on the list. Here’s an important note: If you are using a shared IP, you could be blocklisted because of the behavior of other senders on the IP. This is why you should seriously weigh the pros and cons of using a shared IP versus a dedicated IP, when planning your email marketing strategy.

Am I blocklisted?

The good news regarding blocklists is it’s not hard to tell when it happens. If you haven’t made any major changes to your email program in the recent past,
there will be major warning signs of a blocklisting. But, if you’ve changed domains or IP addresses, you haven’t properly warmed them up, or you’re trying to use new addresses without any validation or hygiene process, you should expect some severe fluctuations in your metrics. This can vary in impact based on the blocklist you’re on. If you notice one mailbox provider is suddenly no longer accepting your mail, you have a good indicator you’re on their internal blocklist. However, if you notice your mail hitting a black hole at various providers, you might be on an influential external blocklist. The remediation paths will vary between the two, so use this signal as a clue where to start your investigation. To confirm your suspicions, many external list operators provide a tool or site on
which you can check your status using IP or domain information. You can also use SenderScore.org to confirm whether you’ve been blocklisted.

Notable lists (definitely not exhaustive!):

Why am I blocklisted?

Be honest with yourself and your email marketing practices. If you truly don’t know why you could be blocklisted, here are some things frequently cited as reasons for a listing:

Sending Spam

Objectively, is your email spam? Are you emailing folks who consented to receiving your mail? Have you removed anyone who’s unsubscribed or complained about your messages? Are your messages accurate, legal, and sent in good faith? If you don’t have solid, positive answers to these questions, you likely have your biggestbissue identified.

Bad Data

If you’re using an old or sloppy email address list, you could be hitting spam traps inadvertently. What is a spam trap? It’s an address no longer used by a real person and is instead possessed by a mailbox provider to aid in catching people emailing addresses who have showed zero interest or engagement with their mail.

A Shared IP

This is tricky. If you’re on a shared IP, your behavior is not separated from the rest of the pack. You could be a stellar sender but be unlucky enough to be on an IP with prolific spammers, notorious bad actors, malware enthusiasts, and more.

Poor Security

If your website is compromised, the hacker can use a number of tactics to wreak havoc. In fact, your domain and sending IP could be untouched, yet using an A record IP, they could send tons of spam from your organization. Then, your domain is a no-brainer for lots of influential blocklists. To actively prevent an attack of this kind, senders should protect their key email (DNS) and web (hosting platform) infrastructures to require two-factor authorization. It’s also a good idea to use a Captcha on all web forms to prohibit bots from flooding your forms with bogus or unwilling recipients.

STEP 1

Sloppy Decisions

These sound like fighting words, but they’re really not. As long as your email marketing decisions are driven by solid metrics and sound best practices, you should be in good shape. However, if you’re not using engagement data to inform your programs, you’re running the risk of being considered spam, even if you’re truly not.Spam can be a wide net, and if you’re sending people email without understanding their preferences or their interests, you can honestly be categorized as “unwanted mail”.

I’m blocklisted. What do I do now?

Determine your plan of action
Your first question to answer is, “Does this blocklisting matter to me?” You might think all blocklisting are important, but there are several factors to consider:


⬤ Is this an internal blocklist for a mailbox provider at which the majority, or at least meaningful portion, of my lists reside? If your answer is no, it’s a provider
with an insignificant footprint in your overall email marketing strategy, you don’t have an emergency.


⬤ Is this an external blocklist? If yes, you have one more important question. Do major providers reference this list? This is the key factor. If you’re on
a list being referenced by Gmail, Microsoft, Yahoo, and so on, you have a big issue to solve. However, if it’s a third-party list but you’re not seeing a big impact on your performance, it’s likely not big or influential enough to be referenced.
With this answer, you make your next choice. Do you work to become delisted, or do you skip to step three?

STEP 2
Get delisted

This step begins with a word of warning. Blocklist delisting processes vary widely based on the operator and the reason for your listing.
Try to find out what got you listed. This can be ascertained from error messages, but sometimes, those messages don’t give you enough to use. When you need more info, you can contact the
blocklist operator for more information. If you do have enough info, you need to either comply with the remedy to the issue, or you need to accept the negative impact and continue to do whatever it is that got you listed in the first place. Let’s say you’ve fixed the issue. Then, you can create a message
indicating what you’ve done to resolve the issue and how to avoid a repeat in the future, then provide this message in a delisting request to the blocklist operator. This process can take a long time and sometimes it’s difficult to get in contact with the right resource, but the main thing is to fix the problem to avoid having additional blocklistings due to the same activity.

STEP 3

Avoid blocklists
The best way to not be blocklisted is to follow email marketing best practices and closely monitor your sender reputation. If you’re not sure what that means, we’ve got a short guide to the basics of your reputation with some ideas and tactics you should use to protect it. Plus, this is where a tool like Everest helps you be proactive in managing your sender reputation, rather than purely reactive in
mitigating damage. You need to be aware of the metrics of your campaigns. Adjust and optimize on
an ongoing basis. Test all your emails to make sure they’re rendering properly or using messaging that resonates with the audience to better ensure positive engagement. Be proactive in removing bad or risky addresses from your lists by using a tool like Everest or BriteVerify. Comply with all regional and global privacy legislation. Use strong email authentication tools like SPF, DKIM, and DMARC to
protect your users and your own domains from malware, phishing schemes, and other malicious behavior damaging to your sender reputation.

Conclusion

This is certainly a scrape on the tip of the iceberg of blocklists. M3AAWG has an incredible resource with detailed tips and advice for those looking to truly understand how blocklists work and why, with technical explanations and deep-dives into nuance. I strongly suggest their e-Book if this primer has piqued your interest for more. Overall, though, it will be relatively hard to miss a blocklisting at an important mailbox provider, whether it is an internal or external list. Once you see the impact, it will become imperative to get delisted, but since the causes of listing can be so detailed and sometimes take a long time to improve (like repairing a decimated sender reputation), you could be on a long road. Hopefully this gives you enough information to feel prepared in the event of a blocklisting, and empowered to start making progress toward the fix, whatever it may be.