Appendix O: E-Mail Block Lists

As abuse of e-mail has grown, spam detection has become more aggressive, and it can sometimes happen that legitimate e-mail traffic is blocked.  This topic provides some hints for how to avoid being blocked.

There are no general rules which can guarantee that you will avoid spam blocking.  Your IP address or sender address or domain may be blocked for many reasons, including:

Your own ISPYou may be blocked if your own ISP detects a pattern of activity which they believe may contravene their acceptable usage policy.
Your mail serviceIf your mail is sent out for example via GMail or a similar mail provider, they may detect unusual activity and block you.  In addition the behavior of other users who send mail via your mail service can affect the processing of your e-mails.
The remote mail serverThe characteristics of your e-mail may cause the receiving mail server to treat it as unacceptable.  Many mail services also consult blacklist services to see if your address or IP is listed.
Other mail serversWhen not using normal CopiaFacts e-mail which connects to the mailserver of the recipient domain, your mail may travel via mail servers over which you have no control, and sectors of the path may not be encrypted even if the first and last sector use TLS. Your e-mail can be blocked (or intercepted) by such servers.
The recipientThe person who receives your e-mail may consider it spam and report it either to their own mail service or to a blacklist service.

Action by in any one of these cases can result in your e-mails either being directly blocked or being reported to a blacklist service such as SpamHaus or SpamCop.  Once on such a list, you are more likely to be blocked by other services, and some lists are hard to get removed from.  Blacklisting may be done based on IP or domain or both.

Actions you can take to reduce the chance of blacklisting

If you are sending legitimate marketing broadcasts, discuss your applications first with your ISP.  It may be the ISP who first discovers that you are being blocked, so the more they are aware of your activities, the better.

If the e-mailing activity is new, start slowly and gradually build up volumes.  Seeing large amounts of traffic from an IP address that has never been noticed before can be a trigger for blocking (although large volumes of e-mail can also be a trigger at any time).  It is essential to 'warm up' a new IP address before use.

Use clean e-mail lists, preferably using 'double opt-in'.  This is where a potential subscriber has to request your e-mails, then first respond to a confirmation e-mail you send to the provided address before they are added to the list.  A strong confirmation procedure also prevents automated or false sign-ups to your list.  Only use your own lists, and make sure that rejections are minimized.

Provide an effective and easy-to-use opt-out mechanism, to reduce the chance of your e-mails being considered as spam by the recipient.

Make sure that the Sender and the From addresses in your e-mails are genuine e-mail addresses in active use.

Do not send lots of e-mail to the same domain.  There are few legitimate reasons to do this.

Take care over your subject and text.  Check the messages you see in your own spam filter and avoid using the styles you see there.  Spam filters have become very sophisticated and it is no longer possible simply to avoid blocking by avoiding specific keywords and capitalized words in your subject, but it may help anyway.

Avoid including attachments in marketing e-mails, and scale back on the use of graphics and Flash.

Make sure that no computers on your network have virus infections which could be causing them to generate outbound spam.  Test and virus-check the content of your own e-mail.

Consider using DKIM, which is supported by CopiaFacts as a license option. This guarantees that the envelope sender of an e-mail also owns the DNS records for the sending domain (because a key to be matched must appear in the DNS records), and that the e-mail has not been tampered with in transit.  However the DKIM records are only verified if you are sending mail to one of the e-mail providers (e.g. Google or Yahoo, and many more) who support this.

Consider using SPF (www.openspf.org).  SPF uses records in your DNS settings to specify allowable login names (see localnames below) for the domain, in a way that destination servers can use to verify that the mail is valid.  Many spammers now do this, so its advantage is somewhat diminished.

Consider using DMARC (dmarc.org/overview) which builds on DKIM and SPF to add more effective processing, reporting and communication of spamming activities.

Finally, check your IP address regularly in the spam databases and take immediate action if it appears there.  Tools are available at sites such as www.dnsstuff.com (login required, but free) which will check for you in over 90 different databases.  There are also services such as www.debouncer.com and mxtoolbox.com which for an ongoing fee offer to check databases regularly for you and report back.

CopiaFacts Configuration Settings which help to prevent detection as spam

Use the correct local name in your $email_localname configuration setting:

If you are behind a NAT IP router, this will normally be the same for all nodes on the network: it is the IP address of the router.  You can find this address by running EMSETUP, which gets your externally-visible IP address by visiting www.copia.com/ip.  You can use * as the nodename parameter on your $email_localname command in this case.

If your machine sending COPIAFACTS e-mail has its own IP address, you will need to enter this on a specific $email_localname command for the node.

It is also valid to use the domain name of the machine as the localname, but this must correspond (and reverse-correspond) to the externally-visible IP address from which the mail appears (to the remote server) to originate.

Make sure that the domain name of the e-mail "envelope sender" on an $email_esender configuration command (or its override in an FS file) has valid Reverse DNS Lookup.  This means that:

The domain name must have an IP address in its DNS records which is identical to the one in the $email_localname command (check using NSLOOKUP), and,

When you look up the IP address in NSLOOKUP, it should resolve to the same domain as in your $email_esender command.

For bureau customers, it is possible to have multiple IP adapters (NIC cards) on multiple machines, each with a different externally-visible address, for use by different clients.  This will minimize the impact of a client being blacklisted by IP address.  See $email_node_localnames and $email_node_bindnames.

Incoming Spam E-Mail

The CopiaFacts SMTP Gateway (CFGATEWAY) can also receive spam.  You should regularly review the log files to find out if your mail server is being targeted.  It will have port 25 visible as open, and bad people may think it can be used as a relay for forwarding spam onwards (which it can not).  The result is that some Gateway users have reported occasions when large volumes of spam come in.  These may either be mail forwarding attempts or may simply be intended as denial of service.

The best defense is, if possible, to configure your firewall to detect and block attacks of this type.  If large volumes of incoming mail arrive at the Gateway, it will delay the processing of your legitimate users.  It will also slow down the processing of the spam, which will hopefully deter repeated attacks.

You should also make use of sender and recipient templates to validate your legitimate users, and if necessary specify a list of acceptable sender IP addresses on the Restrictions tab in GWMANAGER.  If you are providing an e-mail to fax service to send faxes addressed to faxnumber@domain, be sure to include the domain(s) you accept in the list of valid recipient domains.