DO deceiving its customers with banned IPs

March 27, 2019 455 views
DigitalOcean

I got an IP address - 134.209.207.223 - that is on blocked lists. Sending an email from this address is impossible as Gmail and other providers will reject it as an address that sends spam.

When I sent a complaint about this I got a “can happen” answer with the advice to use third party email providers. I beg to disagree.

I understand that DO customers sometimes send spam and that DO needs to sell addresses. But this is like a car dealer selling a car that he knows is defect. DO should take its responsibility and check the IP addresses itself and if there are problems it should take effort to clean the reputation of the address. It is much better equipped to this than its customers.

1 Answer

Greetings!

I greatly appreciate your feedback on this matter. It is important for us to combat spam, and this is something that we spend a lot of time, money, and effort doing. Sadly, there is no way for us to determine who will block emails from an IP address and why. While some public RBLs may offer some insight into this, they do not tell a complete story. Not all RBLs are relevant, and not all email providers subscribe to all RBLs. Most major email providers have internal block lists that they do not share, and they do not discuss with others.

I have a unique understanding of your frustration, as someone who manages a great deal of mail servers and faces such issues on a regular basis. I would ask that you consider a different perspective on this. The email provider you are reaching out to has chosen not to accept your email, for whatever reason. In such a situation, your attention should be directed primarily at that email provider. Perhaps they have a reason for the block, perhaps it is about something that we can do better and you can share it with us. Perhaps, though, they do not have an active and legitimate reason. It is ultimately their choice to block an IP, and their choice to unblock it. This is not something that your IP provider has influence over in many cases.

To give you some insight into things I’ve dealt with. I have three IP ranges that I run mail servers on. These IP ranges are of spotless reputation. I do not send spam, I do not allow spam. These IPs, if they have ever been involved in spam, have not been involved in them for at least a decade. One range is completely blocked by two major email providers. One is continually blocked and unblocked by one very major email provider. Two are regularly rate limited at low send rates. What did my provider of these IPs do to cause this for me? Nothing. These were choices made by those email providers, and by those email providers alone. In some cases they will speak to me about it, in others they will not. At the end of the day, if you truly want to ensure that you can receive email from all of the internet, you need to choose email providers that do not block IPs. If you want your recipients to always receive mail from one particular place on the internet, you need to go well beyond using a single IP and expecting it to work everywhere - it simply will not. Email no longer works that way, anti-spam efforts are too great and too broad in 2019 for this to work. This is why companies like SendGrid and MailChannels are raking in new customers, because sending email to recipients at all major email services is not as simple as it used to be.

While I do understand that you may have better luck on one IP range than another, to your preferred recipient services, this is simply the reality of today. I cannot tell you why one IP range is better received than others, because I can verify by hand that two clean IP ranges are treated differently by services like AT&T, Verizon, Google, Yahoo, and Microsoft. Rarely have I found a range that can consistently send to all of those services at once without issue, most often I’ve had to rotate between multiple IP ranges to send to all of them collectively. This is why I maintain a series of outbound relays on multiple IP ranges that utilize postfix’s smtp_fallback protocol, and I eventually ship an email off to MailChannels if the email fails on all ranges. Despite all of the money and effort I put into it, I still have about 100 emails per hour going out through MailChannels because some recipient service declined an email from three clean IP ranges.

I hope that my information has been useful :)

Jarland

  • I also wanted to add that if you are having trouble sending emails to Microsoft, you can speak to them about it here:
    http://go.microsoft.com/fwlink/?LinkID=614866&clcid

    Microsoft also returns a message that the IP range is blocked on occasion when the IP range is not blocked. I can verify this with logs from my mail server this morning, where they reject an email stating that the IP range is blocked, and then accept the next email. In reality, they simply declined that email, but they returned an error that told me they were blocking my IP as a whole. This is misleading, but it is what their mail servers do.

    Example:

    Mar 27 14:45:10 relay-direct3 postfix/smtp[22758]: 3AFE73F04C: to=<{removed}>, relay=hotmail-com.olc.protection.outlook.com[104.47.13.33]:25, delay=0.21, delays=0.04/0/0.13/0.03, dsn=5.7.1, status=bounced (host hotmail-com.olc.protection.outlook.com[104.47.13.33] said: 550 5.7.1 Unfortunately, messages from [185.234.75.10] weren’t sent. Please contact your Internet service provider since part of their network is on our block list (S3150). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. [HE1EUR04FT016.eop-eur04.prod.protection.outlook.com] (in reply to MAIL FROM command))

    Followed immediately by:

    Mar 27 14:45:11 relay-direct3 postfix/smtp[22751]: C1B503F04C: to=<{removed}>, relay=grewada-nl.mail.protection.outlook.com[104.47.4.36]:25, delay=1.1, delays=0/0/0.48/0.66, dsn=2.6.0, status=sent (250 2.6.0 <{id removed}> [InternalId=2035814505849, Hostname=VI1PR10MB1901.EURPRD10.PROD.OUTLOOK.COM] 15682 bytes in 0.153, 99.524 KB/sec Queued mail for delivery)

    Then the reply from their support team this morning:

    We were unable to identify anything on our side that would prevent your mail from reaching Outlook.com customers.

    As you can see, these things are not so simple, and the recipient providers need to be included in conversations about issues sending email to their services. Before contacting them, I would make sure that my email is flawless by using mail-tester.com to test my outbound email (SPF, DKIM, solid headers, etc).

Have another answer? Share your knowledge.