PaulDotCom mailing list archives

Legit Mass Emails Cause Blacklisting

From: dshpritz at edgewebhosting.net (David Shpritz)
Date: Wed, 25 Nov 2009 16:06:42 -0500

Robert,
My experience in this area is mostly with (legitimate) email marketing, so some of this may not apply, and of course 
YMMV.  I apologize to others on the list for the long winded reply, and it's not a problem if you would like to take 
this off list.

There are a few things to look at:
1)  Make sure you are on feedback loops.  AOL, Comcast, Yahoo (requires DomainKey/DKIM signing of messages), and 
RoadRunner have ok ones and hotmail also has a web interface you can use to see problems.  The downside is that a lot 
of these require cooperation from the people listed in the ARIN whois for the IP address(es) you are sending from.  In 
a related note, make sure you are getting complaints from SpamCop (spamcop.net) as well.  These will at least help you 
in identifying where the complaints are coming from.

2)  Use a confirmed opt-in list and make sure you have opt-in records.  I know they're customers, but having the opt-in 
info makes it much much easier to get off of a list if you get on one.  You should keep as much of the following as 
possible:
Date of the signup
IP address of the signup
URL used for the signup
Email address of the signup
Date of the confirmation
IP address of the confirmation
URL used for the confirmation

3)  Make sure you process your bounce backs, and pay attention to your servers' logs as they are the first indicator of 
deliverability problems.  Some providers say that you should remove an address from your list on the first bounce, but 
some will stretch it to 3 bounces (there is also logic used based on the status given by the bounceback).  A lot of 
providers use SpamTraps and see repeated attempts to deliver to non-existent addresses as a "spammy" behavior.

4)  Throttle your send rate.  Different providers have different "acceptable" levels for connections per second, number 
of messages per hour, etc.  If you push them too far they will block you altogether.

5) Check the email reputation for the IPs you are sending from.  SenderScore (return path, http://www.senderscore.org) 
is used by a lot of ISPs, while Cisco IronPort appliances use SenderBase (http://www.senderbase.org).

On a side note, there is a great piece of software, although not open source or free (pricey from what I understand) 
called PowerMTA from a company called Port25 (http://www.port25.com/).  It lets you use multiple IPs on a multi-homed 
server to send out messages and lets you do all kinds of throttling.  In addition it lets you keep "accounting" logs 
which is a CSV formatted file of the messages sent, their delivery or failure, and the reasons.  Processing them and 
getting them into MSSQL, MySQL, etc. become pretty easy after that.  It's utterly configurable, and does a great job.  
I don't work for them, but they are a great bunch of guys and make a great product.  You can also use a piece of 
software called BoogieBounce (I think) to do bounce processing on messages which are not rejected when the mail server 
delivers them.

Again, sorry for the long message, and feel free to contact me off list (unless more people are interested).

Hope this helps,

David Shpritz
?
-----Original Message-----
From: pauldotcom-bounces at pdc-mail.pauldotcom.com [mailto:pauldotcom-bounces at pdc-mail.pauldotcom.com] On Behalf Of 
Robert Miller
Sent: Wednesday, November 25, 2009 11:20 AM
To: PaulDotCom Security Weekly Mailing List
Subject: [Pauldotcom] Legit Mass Emails Cause Blacklisting

Good morning everyone,

We are currently having an issue with our billing software in regards to 
sending mass emails.  We use Platypus by Tucows and it has a feature to 
mass email our customers.  We want to use this for notifying customers 
of outages due to maintenance  but every time we use this feature we get 
blacklisted  by SORBS and others.  The company now uses iContact 
(http://www.icontact.com/) which stops us from being blacklisted but 
because we are using a third party solution we can't put notes into the 
accounts that a notification email was sent on x date at y time like we 
can when we would use the Platypus feature.

Has anyone ran across this before?

Any suggestions of a solution we can run in house, off the same MS SQL 
database that we use for Platypus, and allows for the noting of accounts?

Thanks again everyone!

- Robert
arch3angel
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

U3 enabled device, (continued)
- - U3 enabled device Robert Portvliet (Nov 23)
    - U3 enabled device Butturini, Russell (Nov 23)
    - U3 enabled device Tim Mugherini (Nov 23)
    - U3 enabled device John Miller (Nov 23)
    - U3 enabled device Butturini, Russell (Nov 24)
    - Legit Mass Emails Cause Blacklisting Robert Miller (Nov 25)
    - Legit Mass Emails Cause Blacklisting Raffi Jamgotchian (Nov 25)
    - Legit Mass Emails Cause Blacklisting Bradley McMahon (Nov 25)
    - Legit Mass Emails Cause Blacklisting Robert Miller (Nov 25)
    - Legit Mass Emails Cause Blacklisting Zenofex (Nov 25)
    - Legit Mass Emails Cause Blacklisting David Shpritz (Nov 25)
  - U3 enabled device Robert Miller (Nov 23)
- U3 enabled device Tim Mugherini (Nov 23)
  - U3 enabled device Butturini, Russell (Nov 23)
    - U3 enabled device Tim Mugherini (Nov 23)
- U3 enabled device Don Kiser (Nov 27)