Question

DigitaOcean sold us a droplet with a blacklisted IP. How do we get another IP?

Posted September 15, 2018 5.5k views
EmailDigitalOceanUbuntu 18.04

Hello,

About 2 months ago, we purchased a DigitalOcean droplet. We moved our customers websites and email server in there.

To our great dismay, the droplet IP address “looks clean” for some major spam email IP blacklists but not all. Our customers are unable to send email to Hotmail, Live.com, Outlook.com and to the second biggest national email provider in our country.

Microsoft is taking weeks to “evaluate” the blacklist removal and that email provider is totally unresponsive (actually, its third party “email reputation service” is).

So we have 70% of our customers unable to do business and very annoyed with us.

What can we do?

Every other VPS provider sells additional, hopefully “clean” IP addresses but not DigitalOcean.

I thought about saving a droplet snapshot, destroy the snapshot and then rebuild it again, but I just read that, if when we’ll rebuild the server we’ll get back the same, blacklisted IP.

Is there any option to force in another IP address?

Please help us, we hoped to save time and money with DigitalOcean but we’ll probably end up losing hundreds euros to idemnify our customers!

1 comment
  • Hi lucaf, can you see if your Google rankings dropped when you switched your website to Digital Ocean ? I seen a drop to around 1/3 of the initial google hits and I am thinking the IP reputation has something to do with it. Please let me know. Thank you.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
7 answers

Hi Lucaf,

we are one of the blacklist providers that listed almost all DigitalOcean IP addresses. The reason is not any malware traffic or spam mails since this happens to all providers. We listed DOs networks because they do not care about or handle abuse reports. Attacks keep on even over six months after reporting malicious behavior. It seems to be the business strategy of digital ocean to support this behavior. So we decided to mark DO as a “bad provider” and can only advice you to chose a provider that cares about their IPs being used in a malicious manner, since we - or our partners - are not willing to remove their networks from blacklists, if they dont change their incident handling.

Cheers,

Martin Litter
Darklist.de

DigitalOcean does sell additional IPs. They are called floating IPs.

Hey friend!

This is a great question. You’ve discovered something that I’ve been dealing with for quite some time, regardless of who owned the IP address that I’ve used or how clean it was by any external measure. What you’ve discovered is that the company you are sending mail to has it’s own measure of IP reputation and that you have no way to query it or control it.

The only way to change your droplet IP will be to create a new one. Floating IPs should not function in this capacity. However, this is not likely something that will benefit you. You’ve already submitted a request to have the block removed, changing IPs will reset your position in this process. If you need to guarantee email delivery to a particular provider, without waiting for these steps, the only option you have is to send to their service through a route that you know will not be rejected. You can try an SMTP delivery service like SendGrid, MailChannels, or any number of providers that specialize in email delivery.

Going the DIY route for email delivery is admirable, but there’s no shortcut to resolving these types of issues by hand. This is something I’ve personally spent a lot of years and money on trying to solve. The only viable paths are luck, very hard work to influence the recipient email provider, or money spent on solutions designed to solve the problem. If I can share anything from the years I’ve been dealing with this, it’s that spending the money on a solution that solves this is the only consistently reliable path that will allow you to set it and forget it. I wish it were otherwise, but there’s a whole market for email delivery and it exists for good reason. Hopefully I can help save you time and headaches at least :)

Jarland

  • Thank you for your reply.

    I see two issues with this:

    1. One of those “email reputation services” has been sold (1 year ago) to a new company. The new company does not reply to any blacklist removal request. I’ve contacted them directly and, when they found out I was not there to buy something, they just stopped replying. As of now I am stuck with this, nobody is going to even read my whitelist request.

    2. I manage a number of customers and none of them wants to spend 1 penny on email delivery services. Most of them send a very moderate number of emails and don’t see why they should pay something they don’t use. Nor I can create dozens of 3rd party email delivery accounts without their consent.

    • Thanks for reaching back out, always happy to help :)

      Most blacklists are irrelevant these days, only a handful actually end up being queried by recipient providers. I cannot accurately say which ones are queried by Microsoft, but I am inclined to believe that it is zero and that they only use their own internal list. This is my best guess from experience, given that I cannot know with absolute certainty.

      I totally get that customers have the expectation of simply sending mail and it working, without paying something extra or anything like that. Especially when they can move from A to B and they see it working again. My perspective is that doing this is chasing around the remainders of a time that has passed. Temporary gains from moving around to different IP space.

      When MS blocked a brand new IPv4 range that I received, having not received any spam from it, I began hopping around through IP space to find ranges they hadn’t blocked (at various providers). Soon after, those ranges would be blocked too. Inevitably, a few customers would set up email forwarders that would send spam to their service, causing the blocks to simply follow me around over time.

      My response to this problem was to purchase a MailChannels subscription and set up cPanel to relay all mail through it. It was expensive but it worked great. It cost me all of my profits, but as I learned this is simply the way the game is played these days and whether or not I liked it, I either had to pay up or ask my customers to change their expectations.

      Fast forward to today and I have my own rented /24 that I work hard to keep clean, and I’m still dealing with it (at least today I no longer manage it alone). Last night we had to rotate out an IP and fill out the MS removal form because one user had their password compromised and their account used to send a few spam, the JMRP form doesn’t work because they hit RIPE rate limits constantly. This is the life of an email provider in 2018. There is no rest, there is no easy way out. The easiest path is to spend money, the hard path is to spend a little less money but instead spend all of your time doing it (or hire help). The frustrating path is to move around constantly and wait for the problem to find you again elsewhere because of one email forwarder or a neighbor server.

      I do wish there was an easy way out. A lot of advice out there exists about easy ways out, but I’ve found that they tend to come from people who are in very isolated situations. A single user who never forwards email and does not delegate email services to any significant number of customers is going to have an easier time with everything, for example. For you and I, just trying to get users on a shared server to consistently send to Hotmail, we will see that the old days are gone and the new ones are not so pleasant. We’ll survive, but it will cost us something.

      I hope my insight proves valuable at the least :)

      Jarland

      • Hello Jarland,

        thank you for your articulated and “felt” reply. You have made me search for an emailing solution and I’ve found 2. Our servers emailing “needs” are limited - no bulk emails needed - so I could find a good yet very affordable service that I am now using as relay.

      • sorry but you are mistaken, I’ve been using KnownHost for years now and their ips are clean. Mailchannels works because of providers as DO, Godaddy, etc. I was testing DO and I wont use it anymore. The infrastructure works, but they don’t care about the blacklists so its more a problem than a solution.
        BTW, every mail server uses some kind of blacklist.

To all those suggestions recommending “floating IP’s” that will not work.

Floating IP’s are only used for ingress traffic, not egress.

Migrate to AWS or somewhere else.

SdxCentral is a site that block all my DO VPN traffic. Just as an example.

Nothing we poor users can do until DO gives a crap about their IP reputation and takes measures to fix it.

Ufff…
we just have checked in digitalocean.

I have been all the day installing a virtual ser ver and moving all the data.

When I have it running at last, I have ended with the problem of sending email from our blog and forum.

It took me the whole afternoon to discover that the problem was that the IP is blacklisted.

I have tried to use a Gmail account to send the emails, but no result (Gmail complains about user and password incorrect, but I have rechecked them several times).

So is ther no solution for this problem?

I have tried to us a SPF record in my DNS to list all the machines in my DNS list as email senders, using
@ “v=spf1 mx ptr ~all”

No luck either.

Hey @lucaf , even I’m facing the same issue. Did you find a solution? How to get rid of blacklisted IPs??

  • Hey @nishchal1906, have you checked on some blocklist checker tool?

    There are tools which shows the reasons why your IP was blacklisted. Also, they give delisting steps. Even mine IP was blocked on RFC-clueless (domain setting compliance) but luckily after following few steps everything is settled now.

Submit an Answer