So…What Is Blacklisting? (Part 1)

Blacklisting. It’s such a scary word, isn’t it? Today’s post is the first in a series of posts that will explain what it means to be blacklisted, how you might end up on a blacklist, how to get off that blacklist, and blacklist prevention. Hopefully, this series will help demystify blacklisting to some degree.

To start off with some background on why blacklisting is necessary, consider this: 90% of all email sent worldwide is considered spam email. If we didn’t have some way of sorting through the legitimate email versus the spam email before it even hit your inbox, you’d never be able to accomplish anything! In addition to this, spam messages cost internet service providers (ISPs) money to store messages on their servers, so there needed to be a valid, timely way to determine if a message should be accepted or rejected outright. The first blacklist was created in 1997 and we haven’t looked back since.

So what is a blacklist?

A blacklist is a (generally) publicly available real-time database that receiving servers can query in order to obtain information on the reputation of an IP address or domain used to send email. Receiving servers use blacklisting information to help determine if an email should be accepted or rejected. If an IP address or domain is on a blacklist, it’s been reported as a “known” source of spam. It’s important to note that if an IP address or domain is not on a blacklist, it doesn’t necessarily mean the IP or domain isn’t a spammer. It simply means nothing can be explicitly said about the IP or domain, so the receiving server would then need to use other methods to determine if an email is coming from a reputable source or not. Spamhaus has a great infographic that provides a bit more of a visual overview of how blacklisting works when an email hits a receiving server.

Are there different types of blacklists?

There are a few types of blacklists, but I’m going to focus on the most common types I handle in my role as a compliance specialist: private blacklists (such as Hotmail, McAfee, and Cloudmark) and public blacklists (such as Spamhaus, SORBS, and Spamcop). Private blacklists tend to be based on strict spam filtering and are not able to be queried externally, meaning you won’t know you’re on these particular blacklists until you begin receiving bouncebacks from those particular spam filters. There’s no way to specifically determine exactly why you’d gotten listed on a private blacklist. Conversely, public blacklists, such as Spamhaus and Spamcop, can be searched to determine if your IP address is on a blacklist, so it’s easy to know you’re listed and resolve the listing before you start sending email. A good site to check for IP-based blacklisting is MX toolbox, as it queries a number of blacklists in one easy-to-read format. In Pardot’s case, we get daily reports of major blacklistings on any of our IP addresses and will reach out to you if we determine you have caused or are the victim of having your sending IP address blacklisted.

Which blacklists should I pay attention to?

While there are hundreds of blacklists in existence, not all blacklists are created equally. There are a few notable blacklists that will significantly impact your sending reputation and deliverability if you find your IP is listed on them. These blacklists are:

Other, smaller blacklists aren’t quite as important and aren’t as widely used as the “big five” players in blacklists. This definitely doesn’t mean they should be entirely ignored, as one listing can be indicative of a larger problem down the road, but you also shouldn’t be overly concerned if you’re listed on a minor blacklist. If it’s an important enough listing to cause trouble, we’ll be the ones to let you know!

So how do you get onto a blacklist? Stay tuned for part two of our blacklisting series, “How do I get on a blacklist?”