8 quick ways to get your site blacklisted

Avoid these common mistakes that put business communication at risk

We can't live without e-mail. Even though Internet standards warn us not to depend on any given e-mail message ever arriving at its destination, every business executive knows how important it is for the mail to get there. But if your mail server's IP address is stuck in a blacklist -- a list of addresses or domains identifying known spammers -- your e-mail newsletters and individual e-mail messages will be blocked long before they get to their recipients.

Blacklists are distributed in a format that can be easily queried by Internet applications, particularly e-mail servers. Many -- if not most -- e-mail administrators use blacklists (sometimes called RBLs, for "real-time black-hole lists") as one step in their process of removing spam before it ever reaches an end user.

If you discover that your site or e-mail server is included -- even if it was all a terrible, terrible mistake -- you will discover just how painful and time-consuming it is to get yourself off the list. And in the meantime, your e-mail traffic is cut off.

Nobody really wants this to happen -- except, of course, to actual spammers. But it does happen, even to well-meaning people. Fortunately, ignorance is curable. Here are several common ways that companies find themselves blacklisted.

1. Buy an e-mail list from any random provider.

Marketers (and content-generators such as CIO.com! Did I mention we have some great newsletters of our own?) understandably want to disseminate the company's information to as wide an audience as possible, as quickly as possible. One common way to extend a company's reach (a leftover of the print catalog era, but less effective online) is to buy a mailing list of qualified buyers or people who have expressed interest in similar services.

E-mail is expected to be opt-in; that is, someone must explicitly give permission to receive unsolicited commercial mail from a particular sender. Almost by definition, anyone who sells a list of e-mail addresses is distributing those identities without the users' consent. Permission can't be bought, sold, bartered or assumed. It must be acquired directly from the only person who can give it: the owner of an e-mail address. Savvy spam fighters intentionally sign up for some lists with "spam-trap" IDs just to see if the e-mail ID will be abused.

If you're thinking of buying a list, you'd better be sure that the IDs were acquired properly -- which is rare. The Spamhaus Web site tells people never to buy a list of e-mail addresses for bulk distribution. Otherwise, Bam! Straight shot to a blacklist.

2. Don't follow industry best practices for mailing lists.

Any newsletter you send should use confirmed opt-in (sometimes called closed-loop opt-in) to ensure that the person who signed up is the person to whom the e-mail will be sent. This is a biggie. If your newsletter doesn't follow this rule and you get onto a blacklist for any reason, you won't be removed from the list until the confirmed opt-in issue is addressed.

Make it easy to unsubscribe from a mailing list. Even when you do make it a one-click action, entirely too many people fail to unsubscribe and instead stab angrily at the "This is spam" button in their e-mail client. Big e-mail service providers such as Yahoo Mail won't block your newsletter for a single spam report, nor will they list you in an RBL because of one lazy newsletter recipient, but you don't want to get anywhere close to the line.

Another express ticket to the blacklists is to repurpose addresses. "Don't store a user's e-mail address for one reason and then send them bulk e-mail for a completely different reason," explains Richi Jennings, lead analyst for the e-mail security practice at Ferris Research.

For example, a hosted antispam service allegedly mailed its customers' technical contacts a marketing message. When customers signed up for the service, they provided a technical contact for messages about service outages, trouble-ticket updates, etc. "The technical contact has a clear expectation of the types of messages they'll receive, and that doesn't include marketing," says Jennings.

3. Let anyone use content-sharing features, willy-nilly.

Many sites (yes, including CIO.com) encourage readers to participate in some way. You might comment on an article (we writers do appreciate it, not that I'm hinting or anything), e-mail the article link to a friend or, with modern social networking tools, create your own page.

Those are great. But blog comments can generate comment spam, which points right back at your domain. Many sites' "e-mail this article" feature is malformed -- for example, spoofing the "from" address -- leading to bounce messages if not the land of blacklists. And so on.

Catherine Hampton Jefferson at SpamBouncer explains: "If you're a news site, for example, and want to let people forward a news story to someone, you should restrict them to sending it to a small number of e-mail addresses. I'd also check the IP they're connecting from against the CBL and perhaps other carefully selected block lists."

1 2 Page 1
Page 1 of 2
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon