Proactive Security: Avoid E-Mail Server Blacklisting
Getting blacklisted is pretty much the worst thing that can happen as far as users are concerned. The typical result of your IP address getting blacklisted is that you can no longer send to anybody who subscribes to a spam filtering service. These services use databases such as the CBL to check whether or not an IP address is sending illegitimate e-mail.
Here are a couple of things you can do to prevent getting blacklisted:
- Use virus protection on your server. I’d say 95% of the time when someone gets blacklisted it is because the e-mail server or a client within the network is sending out spam messages due to a compromise.
- Block port 25 access from all machines except your e-mail server. By making this change in a firewall or router ACL, you can ensure that nobody is communicating through SMTP except your e-mail server.
- Subscribe to a SPAM filtering service. Obviously, the less SPAM you receive means the less SPAM your users will be subject to. Even clicking on a link from one SPAM message can get a computer infected as part of a botnet that will cause you to get blacklisted. I personally recommend Appriver.
- Filter inbound allowed servers. If you are using a SPAM filtering service that also queues inbound e-mail, make sure that your e-mail server is set to only receive incoming mail from the remote filtering servers.
- Make sure that your e-mail server presents itself as valid. A lot of the time remote systems will perform checks on your server to make sure it is valid. The best way to make sure these checks come back to the remote system as they would like to see them is to set a masquerade domain to your domain name (i.e. domain.com) and make sure your ISP has your reverse DNS entry set correctly. You can work with them to make sure it is set to what it is supposed to be.
- Make sure you are not set as an open relay. If you are, then anybody can relay mail through your server and cause you to get blacklisted. You can test this here.
Doing all of these things SHOULD keep you from getting blacklisted. If you do by chance happen to still get blacklisted then you should work with the organization that blacklisted you to get to the bottom of this. I have personally worked with the CBL on blacklisting issues several times and they have some pretty dedicated people who will help you.
