Spam Blacklists: Information & Best Practices

If your custom tracking domains have been placed on a spam blacklist or spam-control service, you can take steps to get them removed. This article goes over how blacklists work and provides suggestions for how to regain your domain reputation.

What’s a Blacklist?

When unsolicited emails are received and reported, governing entities create alerts for internet users based on the content of those emails. Some examples are “This information may be harmful to your computer”, “The sender may be trying to steal your data”, or they may just tag your custom domain as a source of spam. These governing entities host blacklists to keep track of offending domains.

How Does a Blacklist Work?

There are many different types of blacklists. Some block email servers from sending messages to users, and others block the domain or IP address of a website that traffic redirects to. This article focuses on best practices to request blacklist removal.

This is how a typical blacklisting process occurs:

  1. Some kind of unsolicited email is received by a(n):
    • End-user
    • Spam trap: Special email address that exists on a server but is not published anywhere. Because the address is never used to request information, any messages that go to that email address are automatically marked as spam. Spammers often use email harvesting tools to extract email addresses from a mail server, including unpublished spam trap addresses.
  2. Email is marked as spam.
  3. Some form of blacklist software analyzes the message on multiple levels:
    • Email headers are examined to see where the message came from and to see if any data is spoofed.
    • Links and redirects are checked to determine domain ownership of each URL in redirect chains.
    • Image URLs are checked to determine domain ownership.
    • All other content is analyzed for content and categorized appropriately as phishing, virus, or other form of dangerous information.
  4. Most (if not all) of the IP addresses and domains involved are placed on a blacklist or blacklists depending on the vendor. Most blacklists are hooked into other blacklists, creating a big problem where being on one blacklist can cause you to be on multiple.

Getting on a whitelist is difficult since there’s typically no way to assure blacklist providers that you can regulate your partners or sub-partners to where they will maintain proper behavior and stay CAN-SPAM compliant with all laws (national and international).

Blacklist Entry Search & Removal

Below is a good procedure that allows you to verify if your custom domains are on a blacklist:

  1. Search a few different blacklist search engines for your domain. Some reliable ones are:
    1. http://multirbl.valli.org/
    2. http://mxtoolbox.com/blacklists.aspx
  2. Some search engines may require you to do multiple searches against a domain since the IP address may change and the domain search is tied to a specific IP sometimes.
  3. If a match is found and your domain is on a blacklist, investigate further as to why. Every blacklist page should state the reason and what you need to do to request to remove yourself. Some are easy to make your request, but others can require a great deal of information.

In the case where you need to reach out to a blacklist provider to have the entry removed, follow these guidelines:

  • Be brief, but provide them with all necessary information.
  • Break apart your domain name so it doesn’t get caught in their own spam filters. For example, if the domain “demo.com” is caught, insert a space somewhere before or after the period and send the domain to them as “demo .com”
  • Ask them for the details on why the domain ended up on the blacklist and indicate that you wish to resolve the issue and do whatever you can to fix it (e.g. disabling the links) so the domain can be removed from the blacklist. Be sure to get as much data as possible (offer IDs, partner IDs, partner sub IDs, the URL in question, etc)
  • Ask if there is a chance your domain could be whitelisted or if there is anything you can do to improve upon our chances of not being flagged again. Sometimes there’s no way you can avoid it, but this is a great way to establish good rapport with these groups so the next time a blacklisting happens, they are more inclined to help.

Some blacklist providers are very helpful, while others are more cautious and restrictive. In most cases, you’ll be given enough data to at least investigate with. Do your best to keep open, friendly communication and be as helpful as possible. Regularly scan your domains so you can keep track of your domain reputation.

After you disable the link with the information provided from the blacklist’s support, notify your partners who were affected of what you did so they’re not sending traffic to a dead tracking link.

Example Blacklist Removal Request

Here is an example message for contacting blacklist providers (either by direct email or via form):

From: John Smith
To: [email protected]

Hello,

I work for the company Demo Partner Network.

We noticed that your website is showing our domain demo. com as being blacklisted and we would like to be removed from that blacklist or to get on your whitelist.

Please provide us with all the details regarding with how we ended up on your blacklist so we can work to remedy them. Typically, our domain gets flagged due to our links ending up in some spam email. We usually disable those URLs to stay in compliance with other blacklist providers.

Thank you,

John Smith
Support Tech
Demo Partner Network