Back in 1996, the world was a different place. There was little in the way of Spam filtering, let alone any real legislation in place to control it like there is today. No Authentication, No rules and very little accountability. Companies were free to purchase lists and the “Spray & Pray” method of sending millions of emails to complete strangers was born. Inboxes everywhere were bombarded with emails none of them ever asked to receive. This was obviously a serious problem costing the economy some serious money and it was clear something needed to be done.
Enter the Mail Abuse Prevention System (MAPS) which appropriately is “s-p-a-m” spelled backwards. Created in 1996 by software engineers Paul Vixie and Dave Rand who decided to keep a list of IP addresses which had sent spam or engaged in other behavior they found objectionable. The list quickly became popular and was known as the Real-time “Blackhole” List (RBL).
In 1998, Steve Linford followed suit and founded Spamhaus as a way to track email spammers and spam-related activity. The name Spamhaus (or “Spam House”) a pseudo-German expression coined by Linford to refer to any entity which sends Spam or knowingly provides service to spammers. Today Spamhaus is used by most of the world’s leading ISPs and there’s a very good reason for that – Trust.
Spamhaus works, whether you know it or not it prevents a lot of unwanted emails from infiltrating your Inbox. They maintain several anti-spam lists, but here are the big 3:
- The Spamhaus Block List (SBL) is a realtime database of IP addresses of spam-sources, including known spammers, spam gangs, spam operations and spam support services. SBL listings are made according to policies outlined in SBL Policy & Listing Criteria.
The Spamhaus Domain Block List (DBL) is a realtime database of spam domains including spam payload URLs, spam sources and senders (“right-hand side”), known spammers and spam gangs, and phish, virus and malware-related sites.
The Exploits Block List (XBL) targets illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, virus-infected PCs & servers and other types of trojan-horse exploits. That is to say it is a list of known open proxies and exploited computers being used to send spam and viruses. The XBL includes information gathered by Spamhaus as well as by other contributing DNSBL operations such as the (Composite Blocking List CBL).
Spamhaus adds 2,000,000 IP addresses to their databases every single day.
According to their FAQ Spamhaus adds “2,000,000 IP addresses to the SBL, CBL/XBL and PBL databases every single day. It also provides two combined lists (SBL+XBL) and ZEN, which is the combination of all Spamhaus IP-based DNSBLs.” Spamhaus not only helps filter Spam, their data feed service can prevent the bad guys from ever getting in.
Impact of Spamhaus
Getting your IPs (or domain) blacklisted on Spamhaus is a marketer’s worst nightmare. One might compare it to falling through the ice into freezing cold water in the middle of a snowstorm.
Your day starts like every other, until you suddenly realise you’ve been listed on the largest blacklist on the planet and a feeling of panic falls over you as you sit back and helplessly watch the waves of bounces roll in. What did I do? How did this happen?? How do I get out of this mess??
Unfortunately, most ESPs have had clients live through this unfortunate experience at one time or another and it’s no picnic. We recently lived through this ordeal and given it has been several years since it last happened, I decided to send a test to see what kind of an impact Spamhaus has on our delivery today. I sent several tests from IPs listed on the Spamhaus SBL and saw a 100% block at providers like Hotmail, Office365, Outlook, Apple (me.com and icloud.com) and Gmail (the world’s largest receiver) saw 100% hit the Junk box.
If you are listed on Spamhaus, you could expect to see a bounce rate upwards of 50% and those that don’t bounce usually end up in the Junk box.
Marketers have a lot of questions when this happens and rightfully so. For that reason, we’ve provided a short Q&A that might help clear up some of the confusion:
Q: We have been sending for years and never had a problem, how could this happen?
A: The size of your list and how long you’ve been using it does not prevent you from getting blacklisted. Just because your list gets used often and there were no problems yesterday, doesn’t mean there are not going to be problems tomorrow. You need a strong opt-in process like Confirmed Opt-in (COI) to prevent people signing up with an invalid address or type-o domain (HOTMOIL.CA, YAHOIO.CA, GMAIL.COM.COM) or using bogus emails like firstname.lastname@example.org, email@example.com or my favourite.. firstname.lastname@example.org. Without using COI you risk adding these addresses to your list as active.
Q: We ARE using a strict confirmed opt-in policy, how is this even possible?
A: Email addresses are not static, they don’t stick around forever. So it is possible for addresses that signed up legitimately to be recycled into traps. They could be on your list due to poor list hygiene, not removing contacts who do not open/click, poor bounce processing, etc. People also abandon emails, people lose their job, people relocate, companies fold, people die.. just because somebody confirmed their email with you last year, doesn’t mean that address is still going to be valid.
Also has your “strict confirmed opt-in policy” been in place from the very start? Using confirmed opt-in only helps prevent people planting traps, type-o or bogus emails they don’t have access to, it does not mean that address exists or will stay active forever. As a responsible sender, you need to keep your list clean by (1) sending on a regular basis, (2) removing bounces, (3) removing emails that never open/click every few months. These “non-openers” can be sent a re-engagement email, but they should not stay active permanently. There is no point sending to people that never open if it affects the delivery for those who do!
Q: What if I just use a different domain (or IP) that’s not blacklisted so I can keep sending?
A: This is a horrible idea. Trying to get around a blacklisting instead of dealing with the problem at hand is exactly what a spammer would do. Going down this road will lead to more permanent/resolute blocking. You must take ownership of the problem and learn from your mistakes, not try and get around them.
Q: Why can’t I just remove the blacklisted trap emails from my list?
A: It is almost impossible to detect spam trap emails. They do not bounce or look like “fake” addresses. If that were true, senders would simply remove them from their list, share these emails with their spammer friends and RBLs like Spamhaus would not be as effective for very long. Think of these emails like undercover cops of the Email world. If they were easily detected/removed, they wouldn’t be very good cops!
Q: How can I prevent getting Blacklisted
A: Excellent question! The fact you are asking it means you are on the right track:
- Never use purchased lists
- Use Confirmed Opt In (COI) only
- Remove emails that Hard bounce or are otherwise invalid
- Avoid sending to role accounts (sales@ info@ contact@)
- Remove unengaged emails that never open/click
- Periodically ask Subscribers if they want to stay on your list and remove those who don’t
- Always include a valid Unsubscribe link
- Make sure your domain has working abuse@ postmaster@ mailboxes
Spamhaus has an excellent FAQ page detailing why you were blacklisted and how to get removed.
Spamhaus also have a very good data feed that can warn you if any potential “Bad apples” have entered your basket before they become clients.
Final Word of Advice
I can tell you, starting off with an apology and admitting you were at fault goes a long way to fixing the problem. Remember – it is your fault you were blacklisted – not Spamhaus.
They are providing a free service in letting you know your list is not clean – don’t ignore it. Taking the high road, admitting your mistake and acting on their recommendation(s) is the quickest way to resolve the situation.
Take this time to educate yourself on what you have done wrong and make sure it doesn’t happen again. Even if this means terminating that one bad client who got you blacklisted or scrapping your list and starting again.
If you send on behalf of multiple clients, your focus should be with the clients who don’t cause problems, not the ones who do.
Lastly, don’t ask questions they have already answered in their FAQ. Good luck!
Bye for now,