The current article is the continuation of the former article (My E-mail appears as spam…
In the following article, we review the charters of a scenario in which your organization appears as blacklisted.
For the avoidance of doubt – the purpose of this article is not to provide a detailed instruction and links to the procedure of de-listing your organization from a particular blacklist.
The purpose of the current article is – to provide the flow and the structure of the tasks that we need to implement and best practices for a scenario of internal \ outbound spam.
Article Table of content | Click to Expand
Article Series Table of content | Click to Expand
- My E-mail appears as a spam – Introduction | Office 365 | Part 1#17
- Internal spam in Office 365 – Introduction | Part 2#17
- Internal spam in Office 365 – Introduction | Part 3#17
- Commercial E-mail – Using the right tools | Office 365 | Part 4#17
- My E-mail appears as spam | The 7 major reasons | Part 5#17
- My E-mail appears as spam | The 7 major reasons | Part 6#17
- What is SPF record good for? | Part 7#17
- Implementing SPF record | Part 8#17
- High Risk Delivery Pool and Exchange Online | Part 9#17
- High Risk Delivery Pool and Exchange Online | Part 10#17
- My E-mail appears as spam – Troubleshooting path | Part 11#17
- My E-mail appears as spam | Troubleshooting – Domain name and E-mail content | Part 12#17
- My E-mail appears as spam | Troubleshooting – Mail server | Part 13#17
- My E-mail appears as spam | Troubleshooting – Mail server | Part 14#17
- My E-mail appears as spam | Troubleshooting – Mail server | Part 15#17
- De-list your organization from a blacklist | My E-mail appears as spam | Part 16#17
- Dealing and avoiding internal spam | Best practices | Part 17#17
The great drama: My organization appears as “blacklisted”!
Let’s start with a dramatic sentence: my organization appears as “blacklisted”!
Q1: What is the meaning of: “my organization” appears as blacklisted”?
Q2: What should I do in a scenario of: “my organization” appears as blacklisted”?
Q3: Is there a specific charter of the scenario – “my organization appears as blacklisted” in Office 365 and Exchange Online environment?
The meaning of – “my organization” appears as blacklisted
The term: ”my organization”, could be translated into one of the four following options:
1. Public domain name
A scenario, in which your organization, public domain name appears as blacklisted.
2. Mail server IP address
A scenario, in which your mail server IP address appears as blacklisted.
As mentioned before – In an Office 365 and Exchange Online environment, the situation in which your “formal Exchange Online IP address” appears as blacklisted is very rare.
The most common scenario is a scenario in which that the IP address that appear as “blacklisted”, belong to the “particular Exchange Online servers” that are classified as: “Higher Risk Delivery Pool”.
3. Specific E-mail message content
A scenario in which a particular E-mail blocked because the content of the E-mail. In this case, it’s not clear if the “spam filter” decides to block also the recipient who sent out the E-mail, the particular mail server that sent out the E-mail or, the complete domain name that is a part of the recipient E-mail address.
4. E-mail address of a specific recipient organization
The scenario in which the “issue” relates to a particular organization E-mail address is less common. In this scenario, a particular organization’s recipient is blacklisted.
The optional scenario for “blacklisted” and their level of severity
A scenario in which mail that was sent by one of our organization users identified as spam mail and for this reason, blocked by the destination mail server or, sent to the junk mail folder as the destination external recipient, is not a desirable scenario.
The central question in this scenario is not if this situation is desirable or not, but instead – what is the “factor”, that the destination mail infrastructure use for identifying the E-mail that was sent by one of our origination users as a spam \ junk mail.
Option 1: the organization domain name is blacklisted.
The “less preferred scenario” is – the scenario in which our domain name appears as Blacklisted.
This type of scenario described as: “less preferred” because, in this case, the “guilt” is the organization domain name. In this scenario, all of the organization users are affected and not only to a particular organization user.
The problem in which the mail that sent from our origination identified as spam \ junk mail is not related only to a particular “event” or a specific mail item that includes specific content but instead, to all the “outbound mail flow” of our organization users.
In the following diagram, we can see an example of this concept.
The cause of the problem is the Office 365 recipient domain name (the “right part” of the E-mail address). The destination mail server “refuse” to accept the E-mail not because there is a problem with the E-mail content but because – the E-mail sent from a domain name that appears as blacklisted.
In this type of scenario in which our organization domain name appears on a blacklisted, we will need to contact the “blacklist provider” and ask him to be removed (remove our domain name) from the blacklist.
Option 2: Mail server IP address is blacklisted.
The severity of this scenario depends on the specific mail infrastructure that we use.
Non-Office 365 and Exchange Online mail infrastructure
In case that your mail infrastructure not based on the Office 365 and Exchange Online mail infrastructure, a scenario in which your mail server appears as blacklisted, also considers as a critical scenario.
The level of the “criticality” depends on the structure of your mail infrastructure.
In case that your organization has only one mail server, the “critical level” is very high because, all the organization mail is sent via a particular mail server and in case that this mail server is blacklisted, this is a major problem.
If the organization mail infrastructure based on more than one mail server, the “critical level” is less severe because – there is an option to route all the rest of the organizational E-mail messages via the additional organization mail servers until the problem with the particular mail server is resolved.
Office 365 and Exchange Online mail infrastructure
In Office 365 and Exchange Online the Exchange Online server represents the organization. In a very particular scenario, in case that the E-mail message that sent by the Office 365 users identified as spam \ junk mail by the EOP (Exchange Online Protection) the specific E-mail routed via the Exchange Online High Risk Delivery Pool.
The scenario in which the “formal Exchange Online” IP address that represent the organization will appear is blacklisted is very rare.
The more likely scenario is that in case that the E-mail message sent via the Exchange Online High Risk Delivery Pool, the destination mail server will reject the E-mail, and notify us that “our mail server” is blacklisted.
In this scenario, the “guilt” is alleged upon the Exchange Online Higher Risk Delivery Pool.
Office 365 spam filters recognize that the office365 users try to send out an E-mail message that considers as “problematic.”
To avoid a scenario in which all the organizations will be “stamped” as “questionable”, the particular E-mail message is routed via the mail server that created for this type of E-mail messages – the Exchange Online Higher Risk Delivery Pool.
The underlying assumption is that some of the IP address that is used by the Exchange Online- High Risk Delivery Pool, is already listed in some blacklists.
In Office 365 and Exchange Online environment the scenario which we describe as: “my mail server appears as blacklisted”, does not lead to the conclusion that the problem is related to the “Office 365 mail server”.
Instead, the problem is related to the “element” to a particular Office 365 user and to a specific E-mail message content, which was sent by the Office 365 users, identified as spam by the EOP and routed via the Exchange Online- High Risk Delivery Pool.
The cause of the problem is a particular E-mail content to “lead” into a scenario in which the E-mail sent via the Exchange Online Higher Risk Delivery Pool.
The “other side” classifies the E-mail as spam \ junk mail, but this “classification” relates only to the specific session and only to the particular E-mail message.
In case that the Office 365 recipients will send a new E-mail message that doesn’t contain a problematic content, most of the chances that the E-mail will successfully send to the destination external recipient.
Option 3: a particular E-mail address (organization user) is blacklisted.
What do I need to do for getting “de-listed” from a blacklist?
Technically speaking, there are two ways in which your organization can remove from a particular blacklist:
1. Self-service removal
A process in which an organization representative should fill a request form, in which he asks to be de-listed from the blacklist and, lists the reason or explanations for his request.
In simple words: the organization representative, should explain why his organization was recognized as an “element” the distribute spam mail by mistake.
2. Time-Based Removal
Some of the blacklist providers implement an automatic mechanism in which the domain name or the IP address of the domain that registered at the blacklist, will be removed automatically after a particular period.
In simple words: if the origination will not make any more additional problem and, act as a “good boy” the reward is that – his detailed will removed from the blacklist.
The problem is that we as an organization, have no control over the process.
“De-list” checklist, from a blacklist
Yes, I know that this heading sounds a bit funny.
Verify that you understand the following parts and can answer the following questions:
The problem scope
Q: Did your organization is blacklisted by a particular blacklist or, by a couple of blacklist providers?
A: The first and most important steps are to verify, what the scope of the problem: does your organization appear as blacklisted in a very specific blacklist or a couple of blacklists.
You can get a quick answer to this question by using online services that will help you to check multiple blacklist providers from one place.
You can read more detailed information in the article: My E-mail appears as spam | Troubleshooting – Mail server | Part 15#17
Your organization mail infrastructure details
Q: When we say: “our organization is blacklisted” are you fully understand the meaning?
Q: Does your domain name is blacklisted?
Q: Does your mail server is blacklisted?
Q: If you have more, then one mail server, do you have a list of all the existing mail servers who represent your organization?
Q: When you check for information about a scenario in which your mail server is blacklisted, and you have more than one mail server, did you check if the additional mail servers IP address appears as blacklisted?
A: Before you start the “de-list procedure” verify that you have all the required information in front of you.
The reasons that lead us to the scenario.
Q: Can you speculate regarding the reasons that lead us to the scenario in which your organization appears as blacklisted?
Q: Do you think that the “root cause” of the problem is related to bulk mail, to a particular E-mail message content? To a particular user?
A: There is no point investing all efforts and energy in the “de-list” process and hoping to get “de-listed if the “element” that causes this problem continue the particular behavior.
Implement your due diligence
You find out that your organization appears as blacklisted in a particular blacklist. You feel the appearance of the bitterness emotional and the question that appears: why did you do such a thing?
Before we are pointing our finger to the “element that blacked listed” our organization and causes us grief, let’s take a moment and verify if this is a classic scenario of false-positive meaning: our legitimate E-mail recognized as spam \ junk mail by a mistake or….Maybe there is a reason that leads to the unwanted scenario, in which our organization appears as blacklisted.
The reason for implementing this: “due diligence” is – that in a scenario which we indeed have a problem because we use a commercial mail that violates a common standard, we will continue to have problems not only with a particular blacklist provider but with many others.
Is “easy” to get on a blacklist, but the process of “getting out” from a blacklist is not easy.
An additional issue is our “integrity”. Before we are sending the request to be “removed from the blacklist” and we commit that – the process in which our mail infrastructure classified as “problematic” is a mistake (false positive), I think that is fair to implement a little investigation and try to verify if our organization “do something” that lead us to a scenario in which “others” identified E-mail message that is sent from our organization as spam \ junk mail.
Ask to be removed (de-list) from a blacklist
In a scenario in which our organization mail infrastructure appears as blacklisted in a “well know blacklist providers”, it’s obvious that the only thing that we want is – to immediately be excluded from the blacklist because the outcome is a severe disruption of our business activity.
In a perfect world, we will have to say specific magic words and… the problem will despair in two (or maybe 4) seconds.
In the real world, the process is not so easy!
Blacklist providers as Black Box
I relate to the subject of – blacklist providers as a “Black box” because, the “vague nature” of the blacklist providers.
The main excuse for this “ambiguity”, is maybe the “security argument” which is used to explain why there is no option for providing detailed information about the reason that a specific domain name or specific IP address of the mail server added to a blacklist.
My opinion is that the “security argument” is not strong enough to answer additional questions and requirement such as – the ability to get a formal response from the blacklist providers.
For example – approval that he got our request, update notification that will inform us if the de-list request was complete successfully or not, etc.
I know that this could consider as a “generalization”, and I am sure that there are significant differences between the different “blacklist providers” but, from my experience, the contrast between the business need to – urgently solve a problem in which the organization domain name appears in a blacklist versus the difficulty to get a response from “blacklist providers” could be very frustrating.
4 reasons for relating to “blacklist providers” as a Black box
In a scenario in which your organization appears a blacklisted, there are a couple of “parts” that are responsible for the “uncertainty” of the process.
1. The reason for adding your domain name\ mail server IP address
The Inability to get information about the specific reason\s that leads to the outcome in which our organization blacklisted. The reason for the ambiguity is that each of the “blacklist providers”, keeps in secret the algorithm and the methods, that he uses for identifying a specific E-mail item or particular organization as “entity” that sends spam \ junk mail.
2. The formal way to implement a “de-list process.”
Some of the “blacklist providers”, provide a very clear guide on how to apply the process of “asking to be removed from a blacklist” and some are not. I have also seen scenarios in which the particular “blacklist providers” request money for implementing the process of the “de-list.”
3. A contact person
Most of the “blacklist providers” will not provide a phone number, an E-mail address of a contact person.
The logic that implemented by most of the “blacklist providers” is:
- Fill in the request form, in which you ask to remove your organization name from the blacklist.
- We will read your request.
- Perform different checks
- If we decide that you are “entitled” to be removed from the blacklist, we will remove the information about your organization from the blacklist.
4. Formal response
The section based on the concept of “part 3”. Most of the “blacklist providers”, will not send an “update or a notification E-mail” in case that they decide to remove your organization from the blacklist. The responsibility for checking and verifying that your request to be de-list was “approved,” is your responsibility!
You will need to access the “blacklist provider” website and re-check the information about your status.
- Implement all the best practices and the preventive actions that help you to avoid future scenarios, in which your organization appears as blacklisted.
- Try to get all the available information about the process or the procedure of de- listing your organization from the particular blacklist provider.
- Take a deep breath, carry your eyes to the sky and hope for the best!
- After you complete the de-list process, access the website of the “blacklist provider” and verify if your organization still appears as blacklisted.
- Let’s assume that there was a reason for adding your organization to a blacklist and let’s assume that the “blacklist provider” was kind enough to remove your origination from the blacklist.
Verify that you “fix” all the issues that lead to the problem in the first time. Don’t make the same mistake again because if the “next time” occurs, the blacklist providers will be less forgiving.