Robert, My experience in this area is mostly with (legitimate) email marketing, so some of this may not apply, and of course YMMV. I apologize to others on the list for the long winded reply, and it's not a problem if you would like to take this off list.
There are a few things to look at: 1) Make sure you are on feedback loops. AOL, Comcast, Yahoo (requires DomainKey/DKIM signing of messages), and RoadRunner have ok ones and hotmail also has a web interface you can use to see problems. The downside is that a lot of these require cooperation from the people listed in the ARIN whois for the IP address(es) you are sending from. In a related note, make sure you are getting complaints from SpamCop (spamcop.net) as well. These will at least help you in identifying where the complaints are coming from. 2) Use a confirmed opt-in list and make sure you have opt-in records. I know they're customers, but having the opt-in info makes it much much easier to get off of a list if you get on one. You should keep as much of the following as possible: Date of the signup IP address of the signup URL used for the signup Email address of the signup Date of the confirmation IP address of the confirmation URL used for the confirmation 3) Make sure you process your bounce backs, and pay attention to your servers' logs as they are the first indicator of deliverability problems. Some providers say that you should remove an address from your list on the first bounce, but some will stretch it to 3 bounces (there is also logic used based on the status given by the bounceback). A lot of providers use SpamTraps and see repeated attempts to deliver to non-existent addresses as a "spammy" behavior. 4) Throttle your send rate. Different providers have different "acceptable" levels for connections per second, number of messages per hour, etc. If you push them too far they will block you altogether. 5) Check the email reputation for the IPs you are sending from. SenderScore (return path, http://www.senderscore.org) is used by a lot of ISPs, while Cisco IronPort appliances use SenderBase (http://www.senderbase.org). On a side note, there is a great piece of software, although not open source or free (pricey from what I understand) called PowerMTA from a company called Port25 (http://www.port25.com/). It lets you use multiple IPs on a multi-homed server to send out messages and lets you do all kinds of throttling. In addition it lets you keep "accounting" logs which is a CSV formatted file of the messages sent, their delivery or failure, and the reasons. Processing them and getting them into MSSQL, MySQL, etc. become pretty easy after that. It's utterly configurable, and does a great job. I don't work for them, but they are a great bunch of guys and make a great product. You can also use a piece of software called BoogieBounce (I think) to do bounce processing on messages which are not rejected when the mail server delivers them. Again, sorry for the long message, and feel free to contact me off list (unless more people are interested). Hope this helps, David Shpritz -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Robert Miller Sent: Wednesday, November 25, 2009 11:20 AM To: PaulDotCom Security Weekly Mailing List Subject: [Pauldotcom] Legit Mass Emails Cause Blacklisting Good morning everyone, We are currently having an issue with our billing software in regards to sending mass emails. We use Platypus by Tucows and it has a feature to mass email our customers. We want to use this for notifying customers of outages due to maintenance but every time we use this feature we get blacklisted by SORBS and others. The company now uses iContact (http://www.icontact.com/) which stops us from being blacklisted but because we are using a third party solution we can't put notes into the accounts that a notification email was sent on x date at y time like we can when we would use the Platypus feature. Has anyone ran across this before? Any suggestions of a solution we can run in house, off the same MS SQL database that we use for Platypus, and allows for the noting of accounts? Thanks again everyone! - Robert arch3angel _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
