Score:1

How to minimize chances of one's domain being falsely blacklisted (uribl)

ph flag

My side job is to admin my wife's company domain. It's only used as a domain name for Google mail and tools (slides, docs, etc...).

Although she used her domain for email for many years without any issues, we apparently made the mistake of leaving the web part with a parked website. Last week, a Fortune 500 company, our main customer, changed their spam filter and her email are getting blocked. Email is required to submit business proposal.

http://multirbl.valli.org/lookup/ lists every list as green for our domain, except uribl. uribl shows us on the multi and black lists.

I've put a request to delist and the very fine folks at http://uribl.com answered with:

Status: Rejected

Reason: what kind of business has a parked web page? - will expire

No spam has ever been sent from this domain. It doesn't have any webserver to be compromised, no file transfer. It only ever sent Google email from her account, to a handful of customers, and was not compromised.

My question is: What would a decent sysadmin do in such a situation? I tried putting a real website (it's up now), and re-asked to be delisted, but I've got a feeling the kind of person that would refuse delisting the first time round with a pedantic and rhetoric question will not be moved.

Is the ability to deliver a real business email from one's legit domain really in the hands of some random person managing a minor spam blacklist? (I know it sounds like a rant, I'm trying to keep my emotion in check, but this is probably a major risk to half a year salary)

Below is a redacted snapshot of multirbl.valli.org showing the details I have: enter image description here

Edit: Answering @anx, whois has actual business address, owner name, phone number, the whole thing. IP points to the registrar's server (still using their "build a website" service). [email protected] gets drop. The integration with Google suite is costed on a per-user basis. I guess I'll consider paying for [email protected].

DMARC I did not know about. I guess that will be a question for Google support as they send the emails. There's no signature or links (we didn't have a website until yesterday, so definitely no point linking to it ;-p)

anx avatar
fr flag
anx
What does the reject message of the recipient say anyway? It would be very odd for an URI you are clearly not actively using to be the one and only reason for block most or all of your mail.. (sure, do remove stale links from your template/signature just as a matter of keeping things up to date, but its not likely that is a major contributor to whatever spam scoring system the recipient uses)
Michael Hampton avatar
cz flag
You should [make an alias](https://support.google.com/a/answer/33327) for abuse@ rather than a new user account. This has no cost.
Jeffrey avatar
ph flag
I'm unsure where to get that in the Google workspace, but I'll look for it.
Jeffrey avatar
ph flag
Closest I got to is : `https://admin.google.com/u/4/ac/emaillogsearch/details` showing one such non-delivered email as `Delivered to an SMTP server with IP address: 216.71.129.247 (TLS enabled)` and `No Error`. That had me thinking it was silently swallowed by whatever spam filtering software the destination used.
anx avatar
fr flag
anx
@Jeffrey that IP sounds like CISCO, so go lookup your sending IP on [talos](https://talosintelligence.com) and see if they report anything about your IP or your ISP that you should investigate or have corrected.
Score:2
fr flag
anx

How to minimize chances of one's domain being falsely blacklisted?

  1. Put your org name and preferred methods of contacts wherever one might look. Setting up a web server for all domains you are sending mail from is reasonable. Setting up a server with unrelated content ("parked") is a red flag.
  2. If upon registering the business with local authorities you received any publishable serial no. or tax ID from, put it on your website, next to your address. Helps verifying your business (still) exists in the jurisdiction claimed.
  3. Setup standard recipients like abuse@ as mailbox or alias and ensure mail will be seen by someone knowing what to do about them.
  4. Act on complaints, even when they are not using your preferred contact methods.
  5. Remove URI from mail templates/signature templates unless they point to a website that contains your business name & address (I suspected this may be the case, because being listed in one dbl is a stronger spam signal if such domain is found in your mail body)

Since your goal is also not be be negatively affected when being listed in some reputation database anyway, take these additional steps:

  1. Ensure your server matches current expectations from a technical perspective. What is possible, nice and expected tend to slowly shift over time, things previously only being regarded as nice are now being expected: some recipients now consider TLS & registering FCrDNS as a hard requirement. Checking all the technical boxes helps reduce the impact of dbl as well, because spam filtering is often multi-factorial these days.
  2. Read their rules & then register a free entry on the opposite sort of list, e.g. https://dnswl.org/ - some recipients disregard negative signals from other list maintainers if they also receive a positive signal like that

I do not believe your assumption that a single dbl having you listed is solely responsible for your mail delivery problems. The recipients postmaster would know. It is not unreasonable for mail operators to specifically reach out to each other to inquire, but preferably after applying the steps mentioned here (before, you would likely be told to start with the easy steps first).

Jeffrey avatar
ph flag
Thank you. Explanations and linked answers much appreciated. I set up SPF and DKIM. DMARC will follow in 48 hours, once propagated. Much helpful.
anx avatar
fr flag
anx
@Jeffrey Oh if you are thinking *waiting* is your best bet to know DKIM and SPF are configured appropriately, you may find some welcome news as you read through more DMARC deployment process documentation. It is designed specifically so you can proceed step by step with confidence, only making significant changes *after* already utilizing its reporting features to know you are not breaking anything.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.