- Apr 25, 2015
- 1,844
- 2
- 2,197
- 327
A couple things of importance! Within this example, some malicious IPs are borrowed from Zscaler's listed sources.
1. Get your list of IPs involved in email sending, for example:
The Spamhaus Project - Blocklist Removal Center Results - this ip is clean (at time of post)
If your email server IPs are on blacklists, this kills your sending as email gateways of all sorts may ignore your sending server - bounce / defer. "Deferrals. A deferred event, or deferral, is simply an event SendGrid has received back from the receiving server that tells us that the receiving server has temporarily limited access to their system."
So.. go get the removal URLs and call, email, whatever you have to do to fight for your stuff to get de-listed.
In fact, Proofpoint just got me off their blocklist / blacklist / deny list / wtf-ever-you-wanna-call-it-list-when-you-cant-send-mail from your IP (or domain)..
So if your domain is safe (age it like a fine wine I'd say 30+ days at the least), and your IP is safe. What now?
Email security protocols, so how about we use something called SPF and DKIM, then we can also have DMARC to make sure all our sh** is getting setup.
Anyway, if we do this and do a PTR record (domain / ip lookup) that matches the domain / hostname for the email server we are good.
How would this work? ip 6.6.6.0 has PTR for satan.com and we are sending from [email protected] - also btw I am not satanic and actually love God. I just felt like being weird..
Long story short - use secure email protocols, make sure your IP(s) are not blacklisted.
1. Get your list of IPs involved in email sending, for example:
The Spamhaus Project - Blocklist Removal Center Results - this ip is clean (at time of post)
If your email server IPs are on blacklists, this kills your sending as email gateways of all sorts may ignore your sending server - bounce / defer. "Deferrals. A deferred event, or deferral, is simply an event SendGrid has received back from the receiving server that tells us that the receiving server has temporarily limited access to their system."
So.. go get the removal URLs and call, email, whatever you have to do to fight for your stuff to get de-listed.
In fact, Proofpoint just got me off their blocklist / blacklist / deny list / wtf-ever-you-wanna-call-it-list-when-you-cant-send-mail from your IP (or domain)..
So if your domain is safe (age it like a fine wine I'd say 30+ days at the least), and your IP is safe. What now?
Email security protocols, so how about we use something called SPF and DKIM, then we can also have DMARC to make sure all our sh** is getting setup.
Anyway, if we do this and do a PTR record (domain / ip lookup) that matches the domain / hostname for the email server we are good.
How would this work? ip 6.6.6.0 has PTR for satan.com and we are sending from [email protected] - also btw I am not satanic and actually love God. I just felt like being weird..
Long story short - use secure email protocols, make sure your IP(s) are not blacklisted.