MPmail Blacklisting and Hotmail - Why, What and How?

Description

This article will cover how it is possible to be listed on an outbound blacklist, and how we deal with it.

Requirements

  • Interest in blacklisting
  • MPmail outbound IP that has been blacklisted

The Process

MPmail Blacklisting & Hotmail

Over the last few weeks we have had two incidents where one of our outbound sending IP’s have been blacklisted by Microsoft. This results in some MPmail customers having outbound emails bounced, with a message from Microsoft. We have applied rules to mitigate this, and we have resolved this for our partners, however we have had a number of enquiries so I thought I would write this article explaining why it happens, what we can do, and how we handle this process.

Why do MPmail IP’s get listed on Blacklists?

MPmail’s IP ranges are known by Microsoft, and by many IP blacklist providers to be an “Email Service Provider”, so generally we have a fairly good relationship with these organisations. However, occasionally an end customer’s server, or machine on their network, may become compromised by a virus or bot that generates spams/Phishing emails that are sent through our outbound relays. These emails that are sent through our IP ranges may be received by monitoring solutions/honey pots that result of Microsoft/other Blacklist providers listing our IP as “block” to ensure that these emails are not received by their customers.

While most spam filtering services do not resort to blocking all emails based on a single “blacklist provider”, organization such as Microsoft are particularly aggressive with this method of blocking emails for their consumer services.

What does Manage Protect do avoid being on Blacklists? 

MPmail does perform checks of email that that transit our network both inbound and outbound, however we do not perform any “blocks” of outbound emails unless they are known viruses as we know it is critical to minimize any chance of emails outbound being blocked incorrectly (False Positives). Instead, we have a defined process designed to minimize impact on particular offending customer, but also to maximise the protection of all of our customers from the results of being blacklisted.

  1. Our systems determine a customer’s machine has been compromised and is sending spams.
  2. If it is all being sent by one email address, we place a block in for that email address and notify the partner immediately with all available information to resolve the issue;
  3. If the spams are being sent from multiple addresses, we will notify the partner, and attempt to apply a rule to block the spams from being sent.
  4. If within 24 hours the spams are still being sent from multiple addresses, we will remove the outbound service for the customers to temporarily in order to safeguard all customers from a blacklist scenario.
  5. Once the partner has completed a ticket detailing what has been done to remove the threat, we will then re-instate the outbound service.

What we do if we are blacklisted?

Manage Protect maintain an excellent relationship with many of the blacklist providers. We utilise 24×7 monitoring of blacklists through MXtoolbox’s blacklist monitoring service, and when we become aware of one of our IP addresses being blacklisted we notify partners through our statuspage.manageprotect.com alert service. We then investigate the reason we have been blacklisted, and ensure that any issue has been resolved (either by the partner having resolved the compromised machine, or by the outbound service being removed). Only then are we able to request removal from the blacklist (to do so earlier would result in being re-listed). Most services will remove us from blacklists fairly promptly, within 2-24 hours. 

During the time the blacklist is in place, this will typically only impact on “some” emails as we send outbound emails through multiple servers residing on different IP addresses. Also, different anti-spam services will carry different weighting on the blacklist dependent on their configuration.

Blacklist Mitigation options

In the specific case of Microsoft Hotmail services blacklisting our IP range, we are also able to set specific “compliance rules” on your customer’s accounts that re-route any outbound emails destined for these services through specific MTA’s in our network that are not blacklisted. This can be done on a customer by customer basis. This option is also available for mitigating other blacklisting scenarios.

Will this always be an issue?

Unfortunately, while we provide an outbound relay service for customers we will run the risk of having our IP ranges blacklisted. We will always work to minimise this impact on our customers, and do whatever we can to avoid being blacklisted also. If you have any questions whatsoever, please do not hesitate to contact your account manager or our technical support team on 1300 657 500.