Avoiding your IP address from getting blacklisted

Running and managing an email server is far from simply sending and receiving email messages to and from users' inboxes. Administrators responsible for managing corporate email infrastructure need to have a 360-degree approach to ensure their network is secure from outside attacks on their email system as well as when delivering outbound emails to other domains. Companies often run into situations where other receiving servers reject emails because one or more IP addresses get blacklisted. This article focuses on steps you should take in order to prevent your IP address from getting blacklisted.

This page discusses different scenarios that you need to consider.

Scenario 1: Block outbound TCP/IP port 25
Companies often configure their network firewalls to prevent inbound traffic but do not block/monitor outbound activities. Following image demonstrates how a single computer on your network could send emails without the administrator's knowledge.

It is important to configure your firewall so it only allow outbound traffic on TCP port 25 from your email server. Traffic from any other IP address should be denied. In the above example, Client A is trying to send an outbound email directly to the outside world through your firewall. Such attempts should be denied.

Scenario 2: Keeping an eye on what goes out
Scenario 3: Do not send unsolicited messages
Ensure outbound messages sent from your network are not treated as spam on the recipient's end. Many email servers report the IP address they see sending junk to public RBL servers, which then add your IP address in their blacklist.
Scenario 4: Contacting your ISP
Server RBL servers, such as UCEPROTECT Level 3 mark entire blocks of IP address as blacklisted. It is very common for companies to rent servers on the cloud. The IP address allocated to such servers come from a pool of IP addresses that are shared by other companies. In such cases, one bad actor could affect everyone else on the same subnet. In such cases, you don't have a choice but to contact your ISP and ask them to contact the individuals who manage the RBL server.
Employ Best Practices:
You should adhere to several best-practices when sending outbound emails, such as:
  • Digitally sign outbound emails with DKIM.
  • Ensure your SPF records are correctly specified in the DNS server.
  • Periodically run Tools/Diagnostic Check - Outbound to ensure Xeams is configured correctly for outbound communication.