I’m launching an email newsletter today focusing on Gmail productivity!
If you’re a GMass user, then you’re also one of the 1 billion+ Gmail users on the planet. Every Thursday I’ll send you tips and tricks for maximizing your productivity inside Gmail. If you’re spending longer than you like managing email, then this is for you. The first issue is already out.
Love what you're reading? Get the latest email strategy and tips & stay in touch.
Domain blacklists have been used to filter email for years, and in this comprehensive guide, I’ll cover:
The most popular public domain blacklists and lesser known, but equally important, private domain blacklists
How to determine if a domain is on a blacklist
How to get off each blacklist
Tips and tricks, gleaned from my own research and experience, about each blacklist
Given that GMass is an email marketing service used by over 200,000 people, we’ve seen our fair share of deliverability and spam issues. Because GMass works on top of Gmail and G Suite, we don’t maintain our own sending IP addresses. Instead, all email is sent from users’ Gmail accounts, meaning email originates from Gmail’s IP addresses.
Therefore GMass users almost never have to worry about an IP block. The one exception to this rule is if you’re sending from an alias From Address in Gmail and were required to input your own SMTP server credentials. In that case, Gmail routes your email through the external SMTP server, which makes the IP reputation of your SMTP server relevant. Far more common for GMass users, however, is the issue of domain-based blocking, since with the standard G Suite setup, your emails are sent from Gmail’s IP addresses.
Are domain blacklists the same as DNSBLs?
The term DNSBL is used often in the email deliverability industry. It stands for Domain Name Server Block List and refers only to the mechanism by which the block list is published (the Domain Name Server system). DNSBLs can be either lists of IP addresses or lists of domain names. Most DNSBLs are listings of IP addresses, and include popular blacklists like the Spamhaus Block List (SBL) and Spamcop. The blacklists that most concern GMass users are those that list domain names. This is because GMass sends emails from Gmail’s IPs, which are arguably the highest deliverability IP addresses in the world and aren’t blocked by anybody. Therefore it’s rare that an IP address will ever be the source of an email deliverability issue, except in the scenario mentioned above. A domain, however, can be the source of a deliverability issue.
This is a current and comprehensive guide to public and private domain-based email blacklists.
Overview
While IP-based email blocking is far more common, domain-based email blocking has gained popularity in recent years, and consumer email providers like Gmail and AOL and even corporate email filters like Barracuda, Symantec/MessageLabs, and Mimecast scan incoming email for the presence of domains on domain blacklists. If found, the email is rejected or sent to the Spam folder. This is why I’ve encouraged each GMass user to set up a dedicated tracking domain.
Domain-based DNSBLs fall into two categories: those that are publicly usable and searchable, meaning any email server administrator can use the list to filter email, and those that are private and used for an organization’s internal purposes only, like AOL’s. Plenty of email companies have written about domain blacklists previously, including Return Path and Sendgrid, but in this comprehensive guide, I’ll dig deeper into the nuances of both public and private blacklists.
Public Domain Blacklists
There are three main public domain blacklists: Spamhaus, SURBL, and URIBL.
Spamhaus DBL
Web lookup form:https://www.spamhaus.org/lookup/ Query via DNS: Query [domain].dbl.spamhaus.org and look for a response of 127.0.0.2 Tips and tricks: Spamhaus is the 300-pound gorilla of blacklists and publishes both an IP list and a domain list. Spamhaus will sometimes list domains that have never appeared in email flow before. It has an algorithm that detects newly registered domains, and if these domains meet a particular criteria, they are listed on the Spamhaus DBL without ever being included in a single email message. These domains are also the easiest to get delisted using the Blocklist Removal Form. Additionally, the email address that you enter to receive the confirmation removal link can determine whether your request is accepted and the link is sent, or your removal request is denied and you’re told to get in touch with Spamhaus staff. If your domain is ineligible for self-removal, you’ll have to contact Spamhaus and ask them to remove the domain, and that can be difficult.
You’ll typically get a response within 24 hours. In my case with this domain, I didn’t get any explanation about the listing, even though it’s been used in very minimal email flow.
SURBL
Web lookup form:http://www.surbl.org/surbl-analysis Query via DNS: Query [domain].multi.surbl.com and look for a response of 127.0.0.2 Tips and tricks: It’s relatively easy to get a domain off of SURBL, as long as you’re not a systemic spammer and have a reasonable explanation. In my experience, if you explain why your domain was used in spam and can show that you’re generally a responsible mailer, a few hours later, you’ll get a response accepting your request. I’ve never been turned down when asking for a domain to be delisted.
URIBL
Web lookup form:https://admin.uribl.com/ Query via DNS: Query [root domain].multi.uribl.com and look for a response of 127.0.0.2 Tips and tricks: The URIBL list is very difficult to get off. You can create a URIBL account and submit a delisting request, but in my experience, most delisting requests are denied. It also seems that whether a delisting request is accepted or not is at the whim of the person who is currently reviewing requests, given that only one out of all of my requests were accepted (for gmass.co), and the request was made just one day after the previous request was denied. Here’s my own history of delisting requests:
Tips and tricks: The URIBL blacklist will be the subject of a future blog post, because it exhibits some rare and often quirky attributes. In our research though, it’s the least used of the three public blacklists. My own domain, wordzen.com, has been listed for a long time, and I’ve seen virtually no blocking of any email that includes the wordzen.com domain. Even MailChimp’s default tracking domain, list-manage.com, is grey-listed on URIBL.
Private Domain Blacklists
You might think that a private blacklist like the ones maintained by AOL, Barracuda, and Google are just that…private and un-searchable. While that may be true, it’s still possible to determine if your domain is on it. If you send an email with a listed domain to an address that uses a particular filter, the SMTP bounce response will indicate if the domain is on that private blacklist.
Barracuda’s Intent List
How to query: Use their web lookup form. DNS Lookup: There is no DNS-based method to look up a domain on Barracuda’s Intent List. Barracuda does provide a DNS method for querying their IP list, but not their domain list. It is possible, however, to examine SMTP responses to determine listings.
For example, if a domain is on Barracuda’s Intent List, you’ll get a bounce with an SMTP code from Barracuda that looks like:
Remote-MTA: dns; d124601a.ess.barracudanetworks.com. (64.235.154.140, the server for the domain d211.org.)
Diagnostic-Code: smtp; 550 permanent failure for one or more recipients ([email protected]:blocked)
Note that the specific domain that is on the list is not mentioned, so it will take some further analysis to determine the actual domain. How do we know that this response code is likely a domain-based block rather than an IP-based block? Because Barracuda’s response code for an IP-based block is specific to that IP address:
You might have noticed the difference between the two remote MTAs in these examples. In the first, the remote MTA is clearly a Barracuda-hosted server, because it ends with “barracudanetworks.com”. The second, dgcuda.com, appears to be an on-premise appliance running the Barracuda mail filtering software. Note the reference to “cuda”, which is likely short for Barracuda. Customers who install the Barracuda appliance can name the appliance whatever they like. Still though, the SMTP response codes will be equivalent regardless of whether the email server is hosted by Barracuda or hosted on-premise by an organization.
How to query: The only way to know you’re on AOL’s domain blacklist is if you receive an SMTP response code containing “HVU”, which stands for High Volume URL. Like Barracuda, the SMTP response won’t indicate which domain is blacklisted; it will only tell you that one or more domains present in the email are on the blacklist.
If a domain is on AOL’s private domain blacklist, the SMTP response from AOL will look like:
Google maintains a blacklist of domains, but the only way to tell if you’re on it, is to send an email to a Gmail or G Suite-hosted domain, and look at the reason you ended up in the Spam folder.
SpamRL
How to query: The only way to know you’re on the spamrl.com’s blacklist is if you receive an SMTP response indicating that the URL is on the list.
There is no web lookup form or DNS method to query the list.
When determining whether a domain is on one of the publicly searchable blacklists, I like to automate the process by programmatically doing the DNS lookup. As a secondary means, I’ll go to the website directly and use their lookup forms. An even easier way is to use a third party lookup tool that searches many blacklists at once.
Avoid Googling “DNSBL check”, and using one of the many forms in the search results that claim to check your domain or IP against a plethora of blacklists. This is because most lookup forms don’t properly perform the lookup against domain blacklists and instead do it against IP blacklists. An example is this lookup tool from MX Toolbox, https://mxtoolbox.com/blacklists.aspx. The prompt asks you to enter a domain or an IP address, but in reality, this check has nothing to do with domain-based blacklists. If you enter a domain, it simply converts your domain to an IP and then checks the IP against IP-based blacklists, which is entirely different from checking the domain-based blacklists that I’ve referenced above. Here’s another popular tool that does the same, converting your domain to an IP and only searching IP blacklists: https://www.ultratools.com/tools/spamDBLookup
An example of a lookup tool (that is buried deep in the search results) that does perform the correct kind of lookup is:
This intelligent tool, while prompting you for an IP or a domain, will determine WHETHER you entered an IP or a domain and tailor its search accordingly. If you enter a domain, the first set of results will be searching that domain properly against domain-based blacklists, however the domain blacklists it searches is limited to the publicly available blacklists that I’ve mentioned above. Here’s another tool that also performs the lookup correctly and also offers a proactive monitoring service:
Now that you have an overview of what the main public and private blacklists are, you are likely wondering which blacklists are relevant to your mailings. Does Gmail use these domain blacklists to filter their email? Does Outlook.com use them? Do corporate email filters like Barracuda, Mimecast, and Symantec/MessageLabs use them?
My research shows the following:
Spamhaus
SURBL
URIBL
AOL
Delivered
Delivered
Delivered
Gmail
Delivered
Uncertain
Delivered
Outlook.com
Delivered
Uncertain
Delivered
Yahoo
Delivered
Delivered
Delivered
Comcast
Uncertain
Uncertain
Uncertain
Barracuda
Delivered
Uncertain
Delivered
Mimecast
Blocked
Uncertain
Uncertain
Symantec/MessageLabs
Blocked
Delivered
Delivered
Testing methodology
I sent emails containing various blacklisted domains to a set of seed addresses
If the email containing the blacklisted domain made it to the Inbox, the blacklist/ISP combination receives a Delivered status. This is only indicative that the blacklist isn’t used to outright block email. It is not indicative that the blacklist doesn’t play a factor in determining overall spammyness.
If the email containing the blacklisted domain did NOT make it to the Inbox, in most cases, we designate that as Uncertain, since we can’t be sure if the fact that the domain was on the blacklist caused the block, or if the domain was already internally blocked.
In the cases where a blacklist/ISP combination is designated as Blocked, it’s because the blacklisted domain has such little email traffic that we can reasonably determine that its presence on a particular blacklist caused the block.
What you should do
You should regularly check the domains that are important to you and the domains that appear in your email flow against both public and private blacklists. For the public blacklists, there are several blacklist monitoring services that will periodically check your domains against Spamhaus, SURBL, and URIBL, and alert you of a listing. For the private blacklists, you should either manually scan your SMTP responses and look for patterns mentioned above, or you should programmatically check them (like we do for GMass users) to determine which domains are on private blacklists. GMass users needn’t worry about this, as this is handled by our internal deliverability monitoring tools. All GMass users’ domains are checked against the public blacklists once every hour and our intelligent private blacklist detection system works in near real-time.
Resources
The Wikipedia article on DNSBLs provides a good overview of how email blacklisting works. Be sure to read the part on URI DNSBLs though, because that’s the specific type of DNSBL that is a domain-based blacklist, as opposed to an IP-based blacklist.
Here’s a handy guide to the blacklists and lookup tools mentioned in this article:
Spamhaus DBL – Spamhaus’s domain block list lookup tool SURBL – The SURBL lookup tool URIBL – The URIBL lookup tool Barracuda – Barracuda’s Domain/IP lookup tool AOL – AOL’s contact form to request delisting of a domain SpamRL.com – their form to request delisting of a domain for 7 days
Love what you're reading? Get the latest email strategy and tips & stay in touch.
There are certain situations where you may be eligible for a refund from GMass. For example:
You subscribed the wrong account, and now want a refund before you subscribe the correct account.
When you initially subscribed, you chose a plan that was incompatible with your account type (Gmail or G Suite), and you were auto-adjusted into the correct plan, but don’t want to pay the higher price.
You forgot you had an active subscription. You recently cancelled but haven’t used GMass in a while and would like the most recent charge refunded.
Not all accounts are eligible for a refund, and only the most recent charge is eligible for a refund. You must also have paid with a credit card via Stripe in order to use this automatic refund system.
3. If you are logged into the Gmail account for which you seek a refund, leave the Subject blank. If you are logged into a different Gmail account, specify the account for which you are seeking a refund as the Subject.
4. Hit the GMass button. Do not hit the Send button.
You will be immediately notified if you are eligible for a refund and if your refund has been processed. If it is eligible for a refund, and it also has an active subscription, the subscription will be automatically cancelled at the same time the refund is issued.
See why GMass has 300k+ users and 7,500+ 5-star reviews
Email marketing. Cold email. Mail merge. Avoid the spam folder. Easy to learn and use. All inside Gmail.
Love what you're reading? Get the latest email strategy and tips & stay in touch.
I just fixed a bug that was causing non-English characters in the To “Name” of a sent email to be corrupted. On the receiving end, the recipient, while receiving the rest of the email intact, would also see his/her Name in the To field corrupted.
The issue was due to the fact that GMass wasn’t properly using Encoded-Word format for the To header of sent emails. When you send a Gmail mail merge campaign in GMass, if you’re not using a spreadsheet containing your recipient addresses, you can place contacts directly in the To field of the Gmail Compose window. Gmail will add the Name of the contact if available. While the To Name portion of a contact can contain foreign characters, the email address portion cannot. For example, here is a campaign all set to go, containing foreign characters in the To Names, and these contacts are all Gmail Contacts, not from a spreadsheet:
The MIME standard states that non-ASCII characters in the headers of emails must be properly encoded in Encoded-Word format, and while GMass was doing this for all other email headers, it was not for the To field. This is now fixed.
Note that this bug did not affect personalization in the Subject and Message. Meaning, if you had used {FirstName} or {LastName} in the Subject or Message, the personalization worked properly, even if the first and last names contained foreign characters. This was solely an issue with how the Name appeared in the To field.
Ready to transform Gmail into an email marketing/cold email/mail merge tool?
Only GMass packs every email app into one tool — and brings it all into Gmail for you. Better emails. Tons of power. Easy to use.
Love what you're reading? Get the latest email strategy and tips & stay in touch.
While 99% of GMass users experience the highest email deliverability they’ve ever experienced through any email marketing platform, sometimes users will ask us for help with a deliverability issue, because they believe that some of their email is landing in people’s Spam folders rather than Inboxes. GMass Campaign Reports do show blocks, which happens at the SMTP level, and is indicative of a content or domain-based blocking issue, but in cases where an email isn’t outright blocked and then generates a bounce, it’s helpful to know whether the email is making it to the actual Inbox or not.
Over time, I’ve built an array of tools to help our Support Team diagnose where a user’s emails are landing, the Inbox or Spam folder. When a user contacts us with a suspected deliverability issue, we first analyze the account and look at the open rates of the most recent campaigns. Some users have open rates of greater than 50%, and if we see that, we can usually conclude that there isn’t a widespread deliverability problem. If the open rate is lower, or we want to be thorough, then we conduct a seed list test. We have a simple way of taking any campaign in your GMass account and sending it from your Gmail account to several “seed list” addresses that we maintain. This list of about ten secret addresses are addresses across multiple email providers and email filtering systems, and they include at least one address in each of the following systems:
Gmail and G Suite (obviously)
GoDaddy Hosted Email
Outlook.com
Yahoo! Mail
Comcast
AOL
Barracuda
Symantec Email Security (formerly known as MessageLabs)
Mimecast
The first six (Gmail, GoDaddy, Outlook.com, Yahoo! Mail, Comcast, and AOL) are consumer email providers, and it’s easy to test Inbox placement at these domains, simply because anybody can sign up for a free email account at those providers, and then send their email campaign to these addresses to see if the email makes it to the Inbox. The next three (Barracuda, Symantec, and Mimecast), however, are the world’s three most popular corporate email filters, and surprisingly, most email marketers have never heard of them. I’ve secret-shopped all three such that I have at least one email address at each provider, so that I can test whether their filters are blocking or accepting a particular email message.
It’s also important to understand that the three corporate email filters don’t host email — they simply filter email and then pass the email to the email service that is the host, which for most corporations, is either G Suite or Microsoft Office 365. Therefore, it’s possible to host your company’s email on G Suite, but also, as an additional layer of protection, implement Mimecast or Barracuda or Symantec as the first line of defense.
How do you know if a domain has implemented such a setup? You need only look up the domain’s MX record. One of my domains is chromecompete.com, and I’m using Barracuda to filter its email. Here’s the MX lookup for chromecompete.com:
So while you can discern that any @chromecompete.com address is using Barracuda to filter email, you cannot discern who the true email provider is…whether it’s G Suite, Microsoft Office 365, or something else. It turns out that I’m actually running my own Windows mail server (a platform called IceWarp) that hosts the email for @chromecompete.com.
As I mentioned, we have the ability to take a campaign from your account and send it, from your Gmail or G Suite account, to this list of addresses. Then we manually check each address to see whether the email arrived or didn’t arrive, and if it arrived, whether it landed in the Inbox, the Spam folder, or whether it was blocked by one of the corporate email filters. Additionally, our seed list tool allows us to easily vary elements of your email campaign, such as whether open and click tracking is on, what tracking domain is used, and the From Address. Even better, soon we’ll be making this tool available to you with the click of a button, and we’ll program our software to check if the email made it to the various email accounts and send a report back to you in a few minutes. Next, I’ll dig into some of the specific spam filters the seed-testing tool examines.
The Gmail Spam Filter
If your email campaign ends up in the Gmail Spam filter, Gmail accompanies it with an explanation that sheds some light on why it ended up there. Gmail has been doing this since 2012. We’ve generally seen five reasons when we see that a user’s emails are ending up in the Spam folder:
Generic content issue:
From Domain Issue:
DKIM Domain Issue:
What’s shocking about this DKIM sample is it shows Google’s willingness to place email from its own paying G Suite customer in the Spam folder. As it’s explained on this page about how G Suite DKIM-signs emails, the gappssmtp.com domain is G Suite’s internal domain, meaning this email was sent by a G Suite customer and ended up in Spam folder.
Generic Issue:
Phishing/Scam Issue:
Given the variety of reasons Gmail may route an email to the Spam folder, even when it’s an email sent from a Gmail or G Suite account, this is how we would advise our users in each scenario:
From Domain or DKIM Domain Issue: Contact G Suite Support, since it’s your domain that’s been flagged, and it’s unrelated to anything GMass adds to your email.
Content-Related: We’ll use our seed testing tool to vary elements of your email to see if we can get it to the Inbox and what changes were necessary to make that happen.
Heuristic-Related: We’ll again use our tool to vary the content to see what works.
The Barracuda Filter
Inside the Barracuda control panel, I can highlight any message that’s been blocked by a Barracuda filter, and Barracuda will state why it’s been blocked, and even better, they’ll tell you if it was a particular domain that caused the block.
Based on the Barracuda reason, we’ll advise our user to take the appropriate action. In these examples, if it’s an SPF failure, we’ll advise our user to set up the appropriate SPF record, which is an easy fix. If the block is because of the Barracuda Real-Time System (BRTS) and a domain is specified, we’ll advise our user to eliminate that domain from the emails, and if the domain happens to be the tracking domain, we’ll have you swap out that tracking domain for another as an immediate workaround while we submit the blocked domain for delisting to Barracuda Support in the interim.
The Symantec/MessageLabs Filter
In our experience with Symantec/MessageLabs, we’ve noticed little domain-based blocking, and when we have, it’s been tied to the domain being listed on a public blacklist, like SURBL or Spamhaus. We haven’t seen evidence of MessageLabs maintaining their own domain blacklist, so most blocks we see are content-based. So in cases of these blocks, we again vary the email with different tracking domains and tracking options to see if the email gets past the filter.
Google’s Postmaster Tools
In addition to use the seed-list testing tool, Google’s Postmaster Tools provides helpful data to determine what is happening to your emails sent to @gmail.com, @googlemail.com, and G Suite email addresses.
We’ll take a close look at the Postmaster Tools in a future article, but you can set this up easily by adding your sending email domain to your account, and then sharing the data with us. Doing so will help us diagnose what is happening with your emails sent to Google-hosted addresses.
What if I’m on a blacklist?
There are two kinds of blacklists, IP-based and domain-based. It’s unlikely that your sending IP is blacklisted. In most cases, your emails are sent from Gmail’s own servers, so it’s almost impossible that your deliverability issue is caused by an IP issue, because only a foolish network administrator would ever block Gmail’s IP addresses. The exception to the rule is if you’re sending via an alias From Address you have set up inside your Gmail account. Gmail now requires you to specify an external SMTP server by which to send emails with an Alias From Address, so it is possible that the SMTP server you specify has an IP address that is on an IP blacklist.
If you’re experiencing lower open-rates than normal, then it’s possible one of the domains in your email is on a domain blacklist. Domain blacklists are either publicly searchable or private and internal to an organization. GMass encourages the use of dedicated tracking domains to isolate your domain reputation from that of other GMass users, since GMass isn’t a fully monitored system and it’s possible that a shared tracking domain ends up on a public or private domain blacklist. If your email isn’t outright blocked but instead ends ends up in Spam, it’s usually a content issue that involves either the actual text of the email, the From Domain, or the tracking domain present in the body. And if it’s the tracking domain causing the issue, we’ll pursue delisting of the tracking domain and replacement of the tracking domain during the time it takes for the delisting to happen.
In conclusion…
GMass employs a number of tactics to resolve the rare email deliverability issue that a user faces. We do the following:
Check your domain’s SPF records
Ensure your emails are DKIM-signed
Maintain seed addresses at every major email provider, both consumer and corporate
Additionally, you should share your Google Postmaster Tools data with us to give us an additional set of information to analyze. We are soon going to be releasing our automated “seed list testing” tool, so that you can conduct much of this analysis yourself, with the click of a button. Stay tuned!
Ready to send better emails and save a ton of time?
GMass is the only tool for marketing emails, cold emails, and mail merge — all inside Gmail. Tons of power but easy to learn and use.