βDNSBL
A quick overview of how DNSBLs work and how AWS SES and SENDUNE.com protect you.
Domain Name System-based Blackhole Lists (DNSBLs)βsometimes referred to as Realtime Blackhole Lists (RBLs), deny lists, blocklists, or blacklistsβare intended to inform email service providers like Gmail, Yahoo, Outlook, etc.) of IP addresses that are suspected of sending unwanted email.
Is your IP Blocked?
Let's say an email service provider is rejecting your email. Is this because the IP address of your email server is on a blacklist? How do you verify this?
It's easy. Open the raw email content of any bounced email. You might see something like below.
The above string is an error message from a mail server indicating that an email was blocked from being sent. Let's break it down:
554 5.7.1:
554: This is an SMTP error code indicating that the email was rejected by the receiving mail server. It's a permanent error, meaning the message will not be delivered.
5.7.1: This is an enhanced status code that provides more details. It typically refers to an error related to the sender's ability to send the email, such as blocked addresses or spam filtering.
Service unavailable: The email service is rejecting the connection and refusing to process the message.
Client host [192.0.2.0] blocked using DNSBLName:
The IP address 192.0.2.0 of the sending server has been blocked by a DNSBL (Domain Name System Blacklist).
DNSBLName is a placeholder for the actual DNS Blacklist provider name used to block the IP. Blacklists are used to prevent known spammers or compromised servers from sending emails.
See: http://www.example.com/query/ip/192.0.2.0: This URL is provided to help the sender understand why their IP is blocked. They can query the given IP address for more information or request its removal from the blacklist.
To summarize, the message indicates that an email from the IP address 192.0.2.0 was blocked because the IP is listed on a DNS Blacklist (DNSBL). To resolve the issue, the sender needs to visit the URL (http://www.example.com/query/ip/192.0.2.0) and follow instructions for unblocking the IP address.
FAQ's about DNSBLs
1. How do DNSBLs impact email delivery?
Different DNSBLs have different impacts on the successful delivery of a message. Major email providersβincluding Gmail, Hotmail, AOL, and Yahooβseem to recognize a very small number of highly regarded DNSBLs, such as those offered by Spamhaus. In our experience, other DNSBLs tend to have a low impact, although some mail systems emphasize certain DNSBLs over others.
Finally, many email providers have their own internal deny lists. Email providers guard these lists very closely, and rarely share them with the public. If an IP address is on one of these lists, it can have a major impact on your ability to send email to recipients who use that provider.
2. How do IP addresses end up on DNSBLs?
There are several ways that an IP address can end up on a DNSBL. IP addresses can be added to DNSBLs when they send email to a spamtrap. A spamtrap is an email address that doesn't belong to a human user. Spamtraps exist solely to collect spam and identify spammers. Some DNSBLs also allow individual users to submit IP addresses. A few DNSBLs even allow users to submit entire IP address ranges. Other DNSBLs are maintained through contributions by email administrators, and can include IP addresses that administrators believe are abusing their own systems.
3. How does Amazon SES prevent its IP addresses from appearing on DNSBLs?
AWS SES systems look for signs of abuse. If your email sending patterns or other characteristics could lead to an IP address being added to a DNSBL, you will receive a notification from AWS SES. If the situation is severe, or if you do not fix the issue even after the notification, your email sending will be paused until you resolve the issue. Enforcing these sending policies helps reduce the chances that IP addresses belonging to AWS SES end up on DNSBLs.
4. Can Amazon SES have its IP addresses removed from a DNSBL?
AWS SES actively monitors DNSBLs that could impact delivery across the entire Amazon SES service, or that could impact the ability to send email to recipients who use major email providers, such as Gmail, Yahoo, AOL, and Hotmail. The DNSBLs offered by Spamhaus fall into this category. When one of our IP addresses appears on a list that meets either of these criteria, we take immediate action to have that address removed from the DNSBL as quickly as possible.
We don't monitor DNSBLs that are unlikely to impact delivery across the entire Amazon SES service, or that don't have a measurable impact on delivery to major email providers. The DNSBLs offered by SORBS and UCEPROTECT fall into this category. Because of the specific listing and delisting practices of the vendors who operate these lists, we are unable to have our IP addresses removed from these lists.
5. Email that I send to Gmail, Yahoo, Hotmail, or another major provider is being sent to the spam folder. Is this happening because my sending IP address is on a DNSBL?
Probably not. If an IP address is listed by a DNSBL with significant impact, such as one of the DNSBLs from Spamhaus, major email providers will reject email from that IP address completely, rather than sending it to the spam folder.
When major email providers accept an email (rather than rejecting it), they usually consider user engagement when considering whether to place the message in the inbox or in the spam folder. User engagement refers to the ways in which users interacted with the messages you sent them previously.
To increase the chances that your messages reach your customers' inboxes, you should implement all of the following best practices:
Never rent or purchase lists of email addresses. Renting or purchasing lists is a violation of the AWS Acceptable Use Policy (AUP) and isn't allowed on Amazon SES under any circumstances.
Only send email to customers who explicitly asked to receive email from you. In many countries and jurisdictions around the world, it's illegal to send email to recipients who didn't explicitly agree to receive email from you.
Stop sending email to customers who haven't opened or clicked links in messages that you've sent in the past 30β90 days. This step can help to keep your engagement rates high, which increases the chances that the messages you send in the future arrive in recipients' inboxes.
Use consistent design elements and writing styles in each message that you send to ensure that customers can easily identify messages from you.
When customers use a web form to subscribe to your content, send them an email to confirm that they want to receive email from you. Don't send them any additional email until they confirm that they want to receive email from you. This process is known as confirmed opt-in or double opt-in.
Make it easy for your customers to unsubscribe, and honor unsubscribe requests immediately.
If you send email that contains links, check those links against the Spamhaus Domain Block List (DBL). To test your links, use the Domain Lookup Tool on the Spamhaus website.
By implementing these practices, you can improve your sender reputation, which increases the likelihood that the email you send reaches recipients' inboxes. Implementing these practices also helps keep the bounce and complaint rates low for your account, and reduces the risk of sending email to spamtraps.
InboxVISA
SENDUNE's InboxVISA program is a collection of email sending best practices and real-time heuristics adopted by SENDUNE to protect all users and guide emails safely into user inboxes. While these practices create trust with email service providers, the final decider in avoiding DNSBLs and better inbox placement is the content of your email. Ultimately, the only one who can guarantee safe inbox placement is YOU.
Last updated