Email Blocklists (individual host)

Created On
Last Updated On
byLightmeter
You are here:
< All Topics

Email blocklists (also known as email blacklists) are private lists maintained individually by organisations for blocking unwanted and abusive mail.

Mail hosts large and small use these to provide fine-grained control over what mail they block and why. This contrasts to RBLs which are remotely accessible services, typically shared among many different organisations and centrally controlled.

Email Blocklist Categories

An email blocklist is divided into two categories depending upon what identifier is used for source of the abuse:

  • IP Blocklist – the public IP address of the mailservers that are known to send unwanted emails
  • Domain Blocklist – the email domain used to send unwanted mail, found in the From address, Return address, and also in the DKIM signing domain.

Criteria for listing

There are three primary categories:

Technical

This includes anything from server misconfiguration, DNS record errors, missing records and banners, and more.
Technical errors may prevent adequate verification of the sender’s identity (e.g. to rule out phishing), or may be seen as an indication of low value mail, the presence of malware, or poor technical administration, all of which are correlated with abusive mail.

Evidence-based

This occurs when the blocklist operator has direct or indirect evidence that a host is abusing their network.

Policy-based

MSPs and ISPs also have their own filters to update their version of blocklists. Services like Google, Microsoft, or Yahoo, will use their own proprietary algorithms on how they want to deal with network abuse and being the largest MSPs providing inboxing to most of the number of people in the world, so you want to be on the good side of these services.

Controversy

Over the last decade email verification systems such as DMARC, DKIM, and SPF have increased delivery complexity, while more elaborate content filtering and categorisation systems reject an increasing amount of valid mail. We could argue that the industry is now in more control of the email blocklist than you can ever think but after half a century of resilient, decentralised, censorship-resistant communication over email, 28% of all western email opens are controlled by one company.

With the power concentrated in a handful of companies, email delivery has become much harder for legitimate mailops admins.

Recommendations

It’s important to act on incoming bounce notifications in real-time. Different bounce reasons require a different level of efforts at your end. If the bounce is caused by:

  • Host-level blocklisting, then you might have to suspend your email programs and relook into the email list and what you were sending.
  • Inbound throttling, then you might be slowing down your email sending speed.
  • A hard bounce, then in such a scenario you should remove the associated email address immediately from any mailing lists used by users on your network, and consider blocking the address across your mail network.

Solutions

  • Lightmeter Control Center checks your mailserver Logs and triggers Insights where blocks are detected. Read more about detecting blocks from large mail hosts like Google and Microsoft.
  • Lightmeter Control Center will recommend steps for blocklist removal where these steps are known and documented in the Mailops Knowledgebase (add your own recommendations if they’re missing here).
Next Email greylisting problems and how to monitor them
Table of Contents