In Part I, we talked about a few of the possible reasons that your email might be blocked. Today, we’ll talk about things that an individual end-user can do when they receive one of those dreaded bounce messages. Several of the tips here will also be relevant for small businesses.

One thing to take from Part I is the idea that you, as an individual, are probably not being blocked because anyone thinks that you’re a spammer. As a result of their efforts to get as much of their email delivered as possible, spammers have caused ISPs to tighten their restrictions on various characteristics of email they’re willing to accept, to the detriment of other senders. However, if you’re not actively trying to abuse a receiver, there are many steps you can take to help make sure that your future email gets through.

Take a close look at the bounces that you’ve received. There should be some information included in them to help point you to the reason why your mail was rejected. Some of the useful things you might see:

• links to DNSbl listings, like “550-[xx.xx.xx.xx listed in dnsbl.sorbs.net]“
• links to the receiver’s policy page, perhaps with a code, like “554-: (HVU:B1) http://postmaster.info.aol.com/errors/554hvub1.html”

If you’ve gotten this information, take advantage of it. Visit any web pages listed in the bounce; you’ll likely get a much clearer idea why your mail was blocked.

Unfortunately, you may not have all this information immediately available to you. Several email clients (some versions of Microsoft Exchange, for example) will hide those error messages from the end user in the name of ‘being friendly’. If the bounce you see doesn’t clearly spell out a reason, you’ll need to dig a little deeper. Enlist the aid of your postmaster – forward the bounce message to postmaster@ your ISP and ask them to check their maillogs for a more complete error message. You might also try directly contacting the postmaster at the receiving ISP. Laura Atkins at Word to the Wise has a collection of links to many ISPs’ postmaster pages. If all else fails, you may find yourself doing some detective work. Check the reputation of your outbound mail server’s IP address at the MXTools website – if your mail server is on a DNSbl, you’ll get immediate feedback, along with a link to the listing DNSbl’s homepage.

Whomever you end up contacting, be it an ISP’s postmaster, your own postmaster, or a DNSbl operator, keep a few things in mind:

• ISPs, for the most part, don’t want to block person-to-person mail. They may have some requirements for you (like, ’send your mail through your ISP’s primary mail server’), but they want you to be able to get your mail through. Blocking person-to-person mail is usually considered a ‘false positive’.
• Having said that, ISPs are not required to accept your mail. In the US, the CAN-SPAM act specifically mentions that it does not “have any effect on the lawfulness or unlawfulness, under any other provision of law, of the adoption, implementation, or enforcement by a provider of Internet access service of a policy of declining to transmit, route, relay, handle, or store certain types of electronic mail messages”.
• DNSbl operators are just as concerned about false positives as ISPs, but they define them differently – a false positive is a listing that does not match the stated listing criteria for the DNSbl. Be sure that your IP doesn’t meet their criteria before requesting a delisting.
• Emotional appeals are not going to assist you when requesting a delisting. To the receiving ISPs, your email is no more or less important than the millions of other emails they handle everyday. “You’re ruining my business” is not a compelling reason to change a policy.
• Neither ISPs or DNSbls have any reason to be dishonest with you about the cause of a block. If a DNSbl says that they’ve had reports of email from your IP address that appears to be coming from a Waledac-infested host, there’s likely to be a Waledac-infested host on your network somewhere.
• Spoofing your IP address is hard, especially in the context of an email transaction. The chances that your IP address has a poor reputation because someone spoofed it are astronomical.
• Sometimes, the evidence you want to see of an issue can’t be given to you. Spam and virus messages are often sent to “spamtraps”, addresses that are not made public. On the other hand, evidence shouldn’t be necessary for you to resolve an issue (if one exists). If you suspect a bot- or virus-infected machine on your network, there are plenty of free tools that will assist you in sniffing your network traffic and finding the culprit.

Everyone’s had it happen. You forward a joke to a friend or coworker, email a possible new vendor requesting a quote, or send out your daily/weekly/monthly newsletter and, a short time later, you get back that dreaded notification: “Subject: Undelivered Mail Returned to Sender”. Your first reaction is probably indignation. “I’m not a spammer,” you think to yourself, “so how dare they block my email!” Believe it or not, the receiving ISP probably doesn’t think that you’re a spammer.

Over the course of the next few blog posts, we’re going to discuss what you can do when you find mail bouncing – who to talk to, things to say, actions to take – whether you’re an individual, or the overworked sysadmin at a small company, or the deliverability manager at an ESP. We’ll also talk about things you shouldn’t do when your mail is blocked. We’ll even look at proactive things to do to try to prevent mail blocks in the first place.

Today, though, we’re going to look at a couple of the most common reasons for which your mail may have been blocked in the first place. This is not an exhaustive list of reasons, of course, but it should serve to give you some things to look for in your mail that might have caused it to be blocked. As you read, remember that all of these reasons have evolved over time – as various forms of email abuse (like spam and viruses) evolved, the methods to stop them evolved, too.

Blocking dynamic/generic IP addresses
This is one of the oldest methods of stopping abusive mail. In the early days of consumer-level Internet access, inexpensive dial-up connections with dynamically assigned IP addresses made it easy for abusers to rapidly cycle through a number of IPs. They’d dial in, send spam, disconnect, dial in (getting a new IP address), send spam, disconnect… lather, rinse repeat. Unfortunately for them, this pattern was pretty easy to detect when they were using their ISP’s mail server to forward all that mail, so the abusers added a twist, which they called ‘Direct-to-MX’. The abusers would connect their dialup connection directly to the receiver’s inbound mail server (sort of acting as a mini mail server) and inject the spam directly, thus avoiding any monitoring their ISP may have had. Receiving ISPs found ways to determine if a given IP was a dialup or a ‘real’ server, including looking for patterns in the reverse DNS (rDNS) for the IP address, or consulting one of the many dialup lists that sprang up. As dialups gave way to DSL, satellite, cable, and fiber connections, ‘dynamic’ was expanded to include ‘generic’. The definition for dynamic or generic rDNS has been evolving but, in a nutshell, it comes down to this:

If an IP has reverse DNS that appears to have been created by a script and which indicates that a given IP is one of many in a large pool of very similar names, that IP address is more likely than not to be dynamically assigned. Because the user behind that IP address can change at a moment’s notice – even if you’ve kept the same IP for 3 years, it could change – a receiving ISP is less likely to assign a positive reputation to that IP, and is more likely to be unwilling to accept mail directly from that IP.

Blocking abusive content
Most ISPs have implemented a method by which their customers can complain about spam which they’ve received. In many cases, this was originally used to find IP addresses which could be blocked, but has now expanded so that content common to spam messages can be detected and blocked. ‘Content’ can refer to anything in the email but, in this case, is used to describe the ‘call to action’ (the thing the spammer wants you to do – the phone number he wants you to call, or the web site he wants you to visit). Content in the body of email that garners a lot of complaints is going to be looked at suspiciously by the receiver and is more likely to be blocked.

Blocking based on DNSbls (DNS-based blocklists)
People realized early on that it made sense for everyone to share common lists of IPs that they might want to block. Early blocklists, transferred via BGP, caused data from listed IP addresses to be completely dropped, earning them the nickname ‘Black Hole Lists’. Later refinements moved the blocklist data to DNS, so that a receiving mail server could do a simple query, determine if the originator of an email was already known to be bad, and make the decision to block or accept their mail in real time. DNSbls may list an IP for many reasons – it may have been seen originating spam, or it may be part of a block of IPs that has acted suspiciously, or it may appear to be a dynamic IP. Some DNSbls will list an ISP’s entire network space if that ISP doesn’t appear to deal with abuse in a timely fashion. With so many possible listing criteria, it follows that there are many public DNSbls, with wildly varying levels of quality and reputation, and a listing on one or more of them may cause your mail to be blocked.

Coming in Part 2 – what should you, as an individual, do when you receive bounce messages?