Mail Server IP Blacklist Removal Tips to Improve Email Deliverability

Mail Server IP Blacklist Removal Tips to Improve Email Deliverability

This guide is going to show you how to check your mail server’s IP reputation and give you some IP blacklist removal tips. Over the years of operating mail servers, we have seen many occasions of rejected emails due to IP address blacklisting. If you follow our instructions, you will be able to remove your IP address from most of the IP blacklists.

Different Types of IP Blacklists

First, there are internal blacklists and third-party blacklists. Many small and media-sized mailbox providers use third-party blacklists (Spamhaus, Barracuda, etc) because they don’t have the resource or time to build their own. Big mailbox providers like Gmail, Outlook, and GMX tend to their own internal blacklists. Actually, GMX uses both internal and third-party blacklists.

Then, there are single IP blacklists and whole IP range blacklists. It’s often very easy to request IP removal from single IP blacklists.

However, it’s not that easy to get off a whole IP range blacklist. Luckily they are not commonly used.

 

How to Check if Your IP Address is on a Blacklist

To check if your IP address is on a third-party blacklist, you can go to mxtoolbox and dnsbl.info. Note that you don’t necessarily have to remove your IP address from every third-party blacklist, because they might not be used by your email recipients at all.

To check if your IP address is on a mailbox provider’s internal blacklist, you need to check your mail server’s log file.

/var/log/mail.log on Debian/Ubuntu

/var/log/maillog on CentOS/RHEL 

However, reading the raw log file is not fun. We can use a tool called pflogsumm to easily analyze the log file. Install it on Debian/Ubuntu with:

sudo apt install pflogsumm

On CentOS/RHEL, pflogsumm is provided by the postfix-perl-scripts package.

sudo dnf install postfix-perl-scripts

Use the following command to generate a report for today. (Note that on CentOS/RHEL, the mail log file is /var/log/maillog.)

sudo pflogsumm -d today /var/log/mail.log

Generate a report for yesterday.

sudo pflogsumm -d yesterday /var/log/mail.log

If you like to generate a report for this week:

sudo pflogsumm /var/log/mail.log

To emit “problem” reports (bounces, defers, warnings, rejects) before “normal” stats, use --problems-first flag.

sudo pflogsumm -d today /var/log/mail.log --problems-first

To append the email from address to each listing in the reject report, use --rej-add-from flag.

sudo pflogsumm -d today /var/log/mail.log --rej-add-from

To show the full reason in reject summaries, use --verbose-msg-detail flag.

sudo pflogsumm -d today /var/log/mail.log --rej-add-from --verbose-msg-detail

You can add a cron job to make pflogsumm to send a report to your email address every day.

sudo crontab -e

Add the following line, which will generate a report every day at 4:00 AM.

0 4 * * * /usr/sbin/pflogsumm -d yesterday /var/log/mail.log --problems-first --rej-add-from --verbose-msg-detail -q

To receive the report via email, add the following line above all Cron jobs.

MAILTO="you@example.com"

You should pay attention to the message bounce detail and message deferral detail section, where you can see for what reason those emails are rejected.

If the MAILTO variable has already been set but you want Postfix log summary sent to a different email address, you can put the following line in your Cron job.

0 4 * * * /usr/sbin/pflogsumm -d yesterday /var/log/mail.log --problems-first --rej-add-from --verbose-msg-detail -q | mutt -s "Postfix log summary"  you@example.com

The output of pflogsumm command is redirected to mutt, a command-line mail user agent, which will use the output as the email body and send it to the email address you specify at the end. Of course, you need to install mutt on your Linux server.

sudo apt install mutt

or

sudo dnf install mutt

Rule of Thumb for Running Mail Server on a New IP Address

When you run a mail server on a new IP address, you should not use this IP address to send newsletters (aka marketing emails) right away. Instead, you should use this IP address to send transactional emails for a period of time to improve the reputation.

You may also want to use SMTP relay services to send emails for a few days because SMTP relay services have a high IP reputation. After that, send emails directly to the familiar recipients.

 

IP Blacklist Removal

Gmail Rating Limiting

If you see the following message when sending emails to Gmail users, then your IP address has been rate-limited, instead of being blacklisted. This is a special case which needs careful treatment.

Our system has detected an unusual rate of 421-4.7.28 unsolicited mail originating from your IP address. To protect our 421-4.7.28 users from spam, mail sent from your IP address has been temporarily 421-4.7.28 rate limited. Please visit 421-4.7.28 https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines.

Steps to solve this problem:

Send emails to your own Gmail account. If it’s put in the spam folder, you should mark it as not spam, and reply to the email. Do this several times.

1.   Once the email doesn’t go into your Gmail spam folder, you should make other Gmail users send emails to your new email address. If Gmail sees there are emails sent to your mail server, it would increase the reputation of your mail server’s IP address.

2.   When a Gmail user sends an email to you, your email address is automatically added to his/her contacts list. This is very helpful for your emails to land into their inboxes. Reply to those Gmail users.

3.   Repeat step 2 and step 3 for a few days.

4.   Do you send transactional emails? If you do, that’s great! Now you can use your mail server to send transactional emails. Transactional emails are sent from websites or web applications to their users. For example, a visitor receives an email after creating an account at a website, or request resetting the password. It can be very effective in improving IP reputation because the recipient expects you to send email to him/her. On your website, you can tell the recipient to check the spam folder and mark your email as not spam. They are much more likely to open your email and click links in the email. Over time, your email will automatically land into the inbox. Note that mailing list sign-up confirmation email is transactional email, so if you have a newsletter sign-up form on your website, you can also tell the recipient to check the spam folder and add your email address to the contact list. Recipients are very likely to click the confirmation link in the email.

5.   After Gmail doesn’t rate-limit your mail server, you can send newsletters. However, you should warm up your IP address. For example, send 100 emails on day 1, then send 500 emails on day 2, send 1000 emails on day 3. Don’t send email to thousands of people immediately.

6.   After sending newsletters to a few thousand users, you can check your IP address reputation in Gmail Postmaster Tools. As you can see from the following screenshot, my IP address has high reputation with Gmail now.

 



Microsoft Mailboxes (Hotmail.com, Outlook.com, Live.com)

Microsoft uses an internal blacklist that block many legitimate IP addresses. If your emails are rejected by hotmail.com, outlook.com, or live.com, you need to submit the sender information form. After that, your emails will be accepted.

Microsoft Exchange/Office 365

Note that Microsoft Exchange/Office 365 is a mail hosting solution for business owners. It’s different from the mailbox service for consumers (hotmail.com, outlook.com, live.com) and it may use different blacklist. For example, I once saw the following non-delivery notification in my inbox.

host agileconnected-nl01c.mail.protection.outlook.com[104.47.2.36] said: 550 5.7.511 Access denied, banned sender[xx.xx.xx.xx]. To request removal from this list please forward this message to delist@messaging.microsoft.com. For more information please go to http://go.microsoft.com/fwlink/?LinkId=526653.

So I simply forward this non-delivery notification to delist@messaging.microsoft.com, and add my own comment:

Hi,

I recently set up a new mail server on this IP address for my website. I use this mail server to send transactional emails and newsletters to    my subscribers. 

This IP address is in a data center. I know this IP address may have been used by spammers in the past, but I have a legitimate website that will not spam.

Please consider removing it from the blacklist.

Best,

Xiao Guoan

Linuxbabe.com webmaster

You will receive a reply email that will tell you what needs to be done.

GMX

GMX uses both third-party blacklists and an internal blacklist. If you see the following message in the mail log when sending emails to GMX users, that means your IP address is blacklisted.

host mx00.emig.gmx.net[212.227.15.9] refused to talk to me: 554-gmx.net (mxgmx017) Nemesis ESMTP Service not available 554-No SMTP service 554-IP address is black listed. 554 For explanation visit https://postmaster.gmx.net/en/error-messages?ip=xx.xx.xx.xx&c=bip)

You should go to https://postmaster.gmx.net/en/contact and use the contact form to request removal of your IP address. I received the following emails from GMX admin after I submitted the request.

Dear Sirs,

Thank you for your information.

We have now removed the mailserver's IP address from our blacklist.

Our servers will be updated within the next hour. You will then be able to

send emails to our system again.

Many thanks

Web.de

Web.de uses both third-party blacklists and internal blacklist. If you see the following message in the mail log when sending emails to web.de users, that means your IP address is blacklisted.

host mx-ha02.web.de[212.227.17.8] refused to talk to me: 554-web.de (mxweb110) Nemesis ESMTP Service not available 554-No SMTP service 554-IP address is black listed. 554 For explanation visit https://postmaster.web.de/error-messages?ip=xx.xx.xx.xx&c=bip

You should go to https://postmaster.web.de/en/contact and use the contact form to request removal of your IP address. I received the following emails from Web.de admin after I submitted the request.

Dear Sirs,

Thank you for your information.

We have now removed the mailserver's IP address from our blacklist.

Our servers will be updated within the next hour. You will then be able to =

send emails to our system again.

Many thanks

Actually GMX and Web.de are managed by the same company. So if your IP address is removed from GMX blacklist, then it will also be removed from web.de blacklist.

iCloud Mail

If you see the following message in mail log when sending emails to icloud.com users, that means your IP address is blacklisted.

host mx2.mail.icloud.com[17.57.8.135] refused to talk to me: 550 5.7.0 Blocked - see https://support.proofpoint.com/dnsbl-lookup.cgi?ip=xx.xx.xx.xx

Apple iCloud Mail is using the Proofpoint blacklist. You should go to https://ipcheck.proofpoint.com/ to check your IP reputation. If your IP address is blocked, then submit a support ticket to remove your IP address from the blacklist. Note that you should provide the recipient’s email address, so Proofpoint can quickly find your blocked email.

Proofpoint didn’t send me an email. After about 12 hours, I checked my IP address again at https://ipcheck.proofpoint.com/. This time, I saw the following message, which indicated my IP address was removed from the Proofpoint blacklist. And I can send emails to icloud.com users.

Unable to do IP Lookup, or failed to contact service for IP lookup

CloudMark Sender Intelligence

Cloudmark Sender Intelligence (CSI) is a third-party IP blacklist. If you see the following message in the mail log when sending emails, that means your IP address is blacklisted by CloudMark.

host mx.domain.com[66.96.140.73] refused to talk to me: 554 bosimpinc14 bizsmtp Connection refused. xx.xx.xx.xx has a poor reputation on Cloudmark Sender Intelligence (CSI). Please visit http://csi.cloudmark.com/reset-request/?ip=xx.xx.xx.xx to request a delisting.

Go to https://csi.cloudmark.com/en/reset to request delisting. After I submitted the request, I received the following email from CloudMark.

Dear Xiao Guoan,

Thank you for contacting Cloudmark.

I have reset the reputation of your IP, so you should see delivery improve shortly. Please note that updates do not occur instantly but should generally happen within an hour of receiving this response.

Cloudmark CSI Support

AT & T Mailbox

AT & T provides the following domain emails for their customers.

@ameritech.net

  • @att.net
  • @bellsouth.net
  • @flash.net
  • @nvbell.net
  • @pacbell.net
  • @prodigy.net
  • @sbcglobal.net
  • @snet.net
  • @swbell.net
  • @wans.net

If you see the following message in your mail log, your IP address has been blacklisted by AT & T.

<somebody@sbcglobal.net>: host al-ip4-mx-vip2.prodigy.net[144.160.235.144]

    said: 553 5.3.0 alph764 DNSBL:RBL 521< xx.xx.xx.xx >_is_blocked.For

    assistance forward this error to abuse_rbl@abuse-att.net (in reply to MAIL

    FROM command)

Simply forward the error message to abuse_rbl@abuse-att.net. I think it’s better to add some comments, like mine below.

Hi,

I recently set up a new mail server on this IP address (xx.xx.xx.xx) for my website (https://your-domain.com%29./ I use this mail server to send transactional emails and newsletters to my subscribers.

This IP address is in a data center. I know this IP address may have been used by spammers in the past, but I have a legitimate website that will not spam.

 Please consider removing it from the blacklist.

 Best,

Xiao Guoan

Linuxbabe.com webmaster

You will receive an email confirming they have received your delisting request. If they decide to remove your IP address from the blacklist, you will receive another email.

t-online.de

t-online.de is operated by Deutsche Telekom AG, a German ISP. If you see the following message in your mail log, your IP address has been blacklisted by t-online.de.

host mx00.t-online.de[194.25.134.8] refused to talk to me: 554 IP=XX.XX.XX.XX - A problem occurred. (Ask your postmaster for help or to contact tosa@rx.t-online.de to clarify.

You can send a delisting request to tosa@rx.t-online.de like so:

Subject: IP delisting request

Body:

 Hi,

 I recently set up a new mail server on this IP address (xx.xx.xx.xx) for my website (https://your-domain.com%29./ I use this mail server to send transactional emails and newsletters to my subscribers.

 This IP address is in a data center. I know this IP address may have been used by spammers in the past, but I have a legitimate website that will not spam.

 Please consider removing it from the blacklist.

 Best,

What If Your Delisting Request is Refused?

Some mailbox providers (such as .pl domain names) only tell you that your IP address is blacklisted, but doesn’t tell you how to request delisting your IP address. And if the network range your IP address belongs to, are blocked by a particular blacklist, then you have no choice but to use SMTP relay service to bypass IP address blacklisting.

 However, you might not want to set up your entire email server to use relay host. After setting up SMTP realy, you can configure Postfix transport map and relay map so that some emails are delivered via relay host, other emails are sent directly to recipients.


    • Related Articles

    • Prepare Data for IP Warmup

      In order to start sending emails during IP warm-up process, you need to prepare 3  different lists, this step is important to develop healthy deliverability. Following are the lists that should be imported: Bulk contact data Active email recipients ...
    • Email Sender Reputation

      Emails have evolved into critical company communication and marketing tools. There is more to email marketing nowadays for marketers. It's not just about sending your "email campaigns" to the proper people; it's also about your reputation and ...
    • Why do Email Bounces back?

      Why Do Emails Bounce Back, and How Can You Lower Your Bounce Rate? Bounces of emails is part of your total delivery. But is important to understand why this happen and how to avoid. In this article, you’ll learn: What is a bounce back email? What ...
    • Deliverability factors in your control

      Deliverability factors in your control Here I will show to you, some factors that are in your control when you are sending email campaigns. Some of them has a huge impact in your deliverability. Quality of your contact list.  If you have never sent ...
    • What Is IP Re-Warming?

      What Is IP Re-Warming? ​When people talk about IP warming, there’s a tendency to discuss it like it’s a one-and-done sort of thing. Just slowly increase the number of emails you send until you’re at the level you intend to send regularly ...