Mail Server IP Blacklist Removal Tips to Improve Email Deliverability
In previous tutorials, I explained how you can easily set up your own mail server using iRedMail or Modoboa. This guide is going to show you how to check your mail server’s IP reputation and give you some IP blacklist removal tips. Over the years of operating mail servers, I have seen many occasions of rejected emails due to IP address blacklisting. If you follow my instructions, you will be able to remove your IP address from most of the IP blacklists.
Note: This article is not for spammers. If you send spam, your IP address will be blocked again.
Different Types of IP Blacklists
First, there are internal blacklists and third-party blacklists. Many small and media-sized mailbox providers use third-party blacklists (Spamhaus, Barracuda, etc) because they don’t have the resource or time to build their own. Big mailbox providers like Gmail, Outlook, and GMX tend to their own internal blacklists. Actually, GMX uses both internal and third-party blacklists.
Then, there’s single IP blacklists and whole IP range blacklists. It’s often very easy to request IP removal from single IP blacklists. It’s not that easy to get off a whole IP range blacklist. Luckily they are not commonly used.
How to Check if Your IP Address is on a Blacklist
To check if your IP address is on a third-party blacklist, you can go to mxtoolbox and dnsbl.info. Note that you don’t necessarily have to remove your IP address from every third-party blacklist, because they might not be used by your email recipients at all.
To check if your IP address is on a mailbox provider’s internal blacklist, you need to check your mail server’s log file.
/var/log/mail.log
on Debian/Ubuntu/var/log/maillog
on CentOS/RHEL
However, reading the raw log file is not fun. We can use a tool called pflogsumm
to easily analyze the log file. Install it on Debian/Ubuntu with:
sudo apt install pflogsumm
On CentOS/RHEL, pflogsumm is provided by the postfix-perl-scripts
package.
sudo dnf install postfix-perl-scripts
Use the following command to generate a report for today. (Note that on CentOS/RHEL, the mail log file is /var/log/maillog
.)
sudo pflogsumm -d today /var/log/mail.log
Generate a report for yesterday.
sudo pflogsumm -d yesterday /var/log/mail.log
If you like to generate a report for this week:
sudo pflogsumm /var/log/mail.log
To emit “problem” reports (bounces, defers, warnings, rejects) before “normal” stats, use --problems-first
flag.
sudo pflogsumm -d today /var/log/mail.log --problems-first
To append the email from address to each listing in the reject report, use --rej-add-from
flag.
sudo pflogsumm -d today /var/log/mail.log --rej-add-from
To show the full reason in reject summaries, use --verbose-msg-detail
flag.
sudo pflogsumm -d today /var/log/mail.log --rej-add-from --verbose-msg-detail
You can add a cron job to make pflogsumm to send a report to your email address every day.
sudo crontab -e
Add the following line, which will generate a report every day at 4:00 AM.
0 4 * * * /usr/sbin/pflogsumm -d yesterday /var/log/mail.log --problems-first --rej-add-from --verbose-msg-detail -q
To receive the report via email, add the following line above all Cron jobs.
MAILTO="[email protected]"
You should pay attention to the message bounce detail
and message deferral detail
section, where you can see for what reason those emails are rejected.
If the MAILTO variable has already been set but you want Postfix log summary sent to a different email address, you can put the following line in your Cron job.
0 4 * * * /usr/sbin/pflogsumm -d yesterday /var/log/mail.log --problems-first --rej-add-from --verbose-msg-detail -q | mutt -s "Postfix log summary" [email protected]
The output of pflogsumm
command is redirected to mutt
, a command-line mail user agent, which will use the output as the email body and send it to the email address you specify at the end. Of course, you need to install mutt on your Linux server.
sudo apt install mutt
or
sudo dnf install mutt
Rule of Thumb for Running Mail Server on a New IP Address
When you run a mail server on a new IP address, you should not use this IP address to send newsletters (aka marketing emails) right away. Instead, you should use this IP address to send transactional emails for a period of time to improve your reputation.
You may also want to use SMTP relay to send emails for a few days because SMTP relay services have a high IP reputation. After that, send emails directly to the familiar recipients.
IP Blacklist Removal
Gmail Rating Limiting
If you see the following message when sending emails to Gmail users, then your IP address has been rate-limited, instead of being blacklisted. This is a special case and needs careful treatment.
Our system has detected an unusual rate of 421-4.7.28 unsolicited mail originating from your IP address. To protect our 421-4.7.28 users from spam, mail sent from your IP address has been temporarily 421-4.7.28 rate limited. Please visit 421-4.7.28 https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines.
Steps to solve this problem:
- Send emails to your own Gmail account. If it’s put in the spam folder, you should mark it as not spam, and reply to the email. Do this several times.
- Once the email doesn’t go into your Gmail spam folder, you should make other Gmail users send emails to your new email address. If Gmail sees there are emails sent to your mail server, it would increase the reputation of your mail server’s IP address.
- When a Gmail user sends an email to you, your email address is automatically added to his/her contacts list. This is very helpful for your emails to land into their inboxes. Reply to those Gmail users.
- Repeat step 2 and step 3 for a few days.
- Do you send transactional emails? If you do, that’s great! Now you can use your mail server to send transactional emails. Transactional emails are sent from websites or web applications to their users. For example, a visitor receives an email after creating an account at a website, or request resetting the password. It can be very effective in improving IP reputation because the recipient expects you to send email to him/her. On your website, you can tell the recipient to check the spam folder and mark your email as not spam. They are much more likely to open your email and click links in the email. Over time, your email will automatically land into the inbox. Note that mailing list sign-up confirmation email is transactional email, so if you have a newsletter sign-up form on your website, you can also tell the recipient to check the spam folder and add your email address to the contact list. Recipients are very likely to click the confirmation link in the email.
- After Gmail doesn’t rate-limit your mail server, you can send newsletters. However, you should warm up your IP address. For example, send 100 emails on day 1, then send 500 emails on day 2, send 1000 emails on day 3. Don’t send email to thousands of people immediately.
- After sending newsletters to a few thousand users, you can check your IP address reputation in Gmail Postmaster Tools. As you can see from the following screenshot, my IP address has high reputation with Gmail now.
Microsoft Mailboxes (Hotmail.com, Outlook.com, Live.com)
Microsoft uses an internal blacklist that block many legitimate IP addresses. If your emails are rejected by hotmail.com, outlook.com, or live.com, you need to submit the sender information form. After that, your emails will be accepted.
Microsoft Exchange/Office 365
Note that Microsoft Exchange/Office 365 is a mail hosting solution for business owners. It’s different from the mailbox service for consumers (hotmail.com, outlook.com, live.com) and it may use different blacklist. For example, I once saw the following non-delivery notification in my inbox.
host agileconnected-nl01c.mail.protection.outlook.com[104.47.2.36] said: 550 5.7.511 Access denied, banned sender[xx.xx.xx.xx]. To request removal from this list please forward this message to [email protected]. For more information please go to http://go.microsoft.com/fwlink/?LinkId=526653.
So I simply forward this non-delivery notification to [email protected]
, and add my own comment:
Hi, I recently set up a new mail server on this IP address for my website. I use this mail server to send transactional emails and newsletters to my subscribers. This IP address is in a data center. I know this IP address may have been used by spammers in the past, but I have a legitimate website that will not spam. Please consider removing it from the blacklist. Best, Xiao Guoan Linuxbabe.com webmaster
You will receive a reply email that will tell you what needs to be done.
GMX
GMX uses both third-party blacklists and internal blacklist. If you see the following message in the mail log when sending emails to GMX users, that means your IP address is blacklisted.
host mx00.emig.gmx.net[212.227.15.9] refused to talk to me: 554-gmx.net (mxgmx017) Nemesis ESMTP Service not available 554-No SMTP service 554-IP address is black listed. 554 For explanation visit https://postmaster.gmx.net/en/error-messages?ip=xx.xx.xx.xx&c=bip)
You should go to https://postmaster.gmx.net/en/contact and use the contact form to request removal of your IP address. I received the following emails from GMX admin after I submitted the request.
Dear Sirs, Thank you for your information. We have now removed the mailserver's IP address from our blacklist. Our servers will be updated within the next hour. You will then be able to send emails to our system again. Many thanks
Web.de
Web.de uses both third-party blacklists and internal blacklist. If you see the following message in the mail log when sending emails to web.de users, that means your IP address is blacklisted.
host mx-ha02.web.de[212.227.17.8] refused to talk to me: 554-web.de (mxweb110) Nemesis ESMTP Service not available 554-No SMTP service 554-IP address is black listed. 554 For explanation visit https://postmaster.web.de/error-messages?ip=xx.xx.xx.xx&c=bip
You should go to https://postmaster.web.de/en/contact and use the contact form to request removal of your IP address. I received the following emails from Web.de admin after I submitted the request.
Dear Sirs, Thank you for your information. We have now removed the mailserver's IP address from our blacklist. Our servers will be updated within the next hour. You will then be able to = send emails to our system again. Many thanks
Actually GMX and Web.de are managed by the same company. So if your IP address is removed from GMX blacklist, then it will also be removed from web.de blacklist.
iCloud Mail
If you see the following message in mail log when sending emails to icloud.com users, that means your IP address is blacklisted.
host mx2.mail.icloud.com[17.57.8.135] refused to talk to me: 550 5.7.0 Blocked - see https://support.proofpoint.com/dnsbl-lookup.cgi?ip=xx.xx.xx.xx
Apple iCloud Mail is using the Proofpoint blacklist. You should go to https://ipcheck.proofpoint.com/ to check your IP reputation. If your IP address is blocked, then submit a support ticket to remove your IP address from the blacklist. Note that you should provide the recipient’s email address, so Proofpoint can quickly find your blocked email.
Proofpoint didn’t send me an email. After about 12 hours, I checked my IP address again at https://ipcheck.proofpoint.com/. This time, I saw the following message, which indicated my IP address was removed from the Proofpoint blacklist. And I can send emails to icloud.com users.
Unable to do IP Lookup, or failed to contact service for IP lookup
TrendMicro RBL
TrendMicro is a security solution provider. If you get a bounce message like below, it means your IP address is blacklisted by TrendMicro.
host mail.silvester.be[91.183.124.216] said: 550 5.7.1 Mail from xx.xx.xx.xx has been blocked by Trend Micro Email Reputation Service. Please see https://ers.trendmicro.com/reputations to get detailed information. (in reply to end of DATA command)
Go to https://www.ers.trendmicro.com/reputations to request delisting. If you have a legitimate website, your delist request will be granted.
CloudMark Sender Intelligence
Cloudmark Sender Intelligence (CSI) is a third-party IP blacklist. If you see the following message in the mail log when sending emails, that means your IP address is blacklisted by CloudMark.
host mx.domain.com[66.96.140.73] refused to talk to me: 554 bosimpinc14 bizsmtp Connection refused. xx.xx.xx.xx has a poor reputation on Cloudmark Sender Intelligence (CSI). Please visit http://csi.cloudmark.com/reset-request/?ip=xx.xx.xx.xx to request a delisting.
Go to https://csi.cloudmark.com/en/reset to request delisting. After I submitted the request, I received the following email from CloudMark.
Dear Xiao Guoan, Thank you for contacting Cloudmark. I have reset the reputation of your IP, so you should see delivery improve shortly. Please note that updates do not occur instantly but should generally happen within an hour of receiving this response. -- Cloudmark CSI Support
AT & T Mailbox
AT & T provides the following domain emails for their customers.
- @ameritech.net
- @att.net
- @bellsouth.net
- @flash.net
- @nvbell.net
- @pacbell.net
- @prodigy.net
- @sbcglobal.net
- @snet.net
- @swbell.net
- @wans.net
If you see the following message in your mail log, your IP address has been blacklisted by AT & T.
<[email protected]>: host al-ip4-mx-vip2.prodigy.net[144.160.235.144] said: 553 5.3.0 alph764 DNSBL:RBL 521< xx.xx.xx.xx >_is_blocked.For assistance forward this error to [email protected] (in reply to MAIL FROM command)
Simply forward the error message to [email protected]
. I think it’s better to add some comments, like mine below.
Hi, I recently set up a new mail server on this IP address (xx.xx.xx.xx) for my website (https://your-domain.com). I use this mail server to send transactional emails and newsletters to my subscribers. This IP address is in a data center. I know this IP address may have been used by spammers in the past, but I have a legitimate website that will not spam. Please consider removing it from the blacklist. Best, Xiao Guoan Linuxbabe.com webmaster
You will receive an email confirming they have received your delisting request. If they decide to remove your IP address from the blacklist, you will receive another email.
t-online.de
t-online.de is operated by Deutsche Telekom AG, a German ISP. If you see the following message in your mail log, your IP address has been blacklisted by t-online.de.
host mx00.t-online.de[194.25.134.8] refused to talk to me: 554 IP=XX.XX.XX.XX - A problem occurred. (Ask your postmaster for help or to contact [email protected] to clarify.
You can send a delisting request to [email protected]
like so:
Subject: IP delisting request Body: Hi, I recently set up a new mail server on this IP address (xx.xx.xx.xx) for my website (https://your-domain.com). I use this mail server to send transactional emails and newsletters to my subscribers. This IP address is in a data center. I know this IP address may have been used by spammers in the past, but I have a legitimate website that will not spam. Please consider removing it from the blacklist. Best, Xiao Guoan Linuxbabe.com webmaster
After a while, my delisting request was granted. Here’s the response I received.
Dear Xiao Guoan, We will delist your IP. This measure usually becomes operative in one or two hours, but could possibly take up to 24 hours. Kind regards Deutsche Telekom AG E-Mail: [email protected] www.telekom.de
What If Your Delisting Request is Refused?
Some mailbox providers (such as .pl
domain names) only tell you that your IP address is blacklisted, but doesn’t tell you how to request delisting your IP address. And if the network range your IP address belongs to are blocked by a particular blacklist (such as UCEPROTECTL2), then you have no choice but to use SMTP relay service to bypass IP address blacklisting.
- How to Set Up SMTP Relay on Ubuntu with Sendinblue
- How to Set Up SMTP Relay on Debian with Sendinblue
- How to Set Up SMTP Relay on CentOS/Rocky Linux with Sendinblue
However, you might not want to set up your entire email server to use relay host. After setting up SMTP realy, you can configure Postfix transport map and relay map so that some emails are delivered via relay host, other emails are sent directly to recipients.
Managing your IP Reputation at dnswl.org
dnswl.org is the most well-known public whitelist. You can go to the self service
page and register an account on the website, then add your mail server information. If you are lucky, your mail server’s IP address might be added to the whitelist.
After creating an account at DNSWL, you should click the DNSWL IDS
tab to create an ID. Enter your domain name and verify the domain ownership. Then add your mail server IP address to your DNSWL ID.
Your IP address will not be added immediately to your DNSWL ID. Your change requests must be approved by DNSWL admins. Once approved, your IP address will appear in your DNSWL ID, which means your mail server IP address is added to the whitelist.
Wrapping Up
I hope this article helped you remove IP address from blacklists. You may also want to read the following article to learn how to stay out of the spam folder.
As always, if you found this post useful, then subscribe to our free newsletter to get more tips and tricks. Take care 🙂
Good information here. I had no idea iCloud used a 3rd party service, I assumed it was all internal.
this post useful!!!!!