Singapore IP Blacklisted with Outlook, Mail-Abuse, Symantec and more...

Hi,

We recently setup a droplet with DigitalOcean and installed cPanel, LiteSpeed, Redis and a bunch of other softwares.

We did all of the following:

• Setup appropriate DMARC records
• Setup appropriate DNSSEC records
• Setup appropriate SPF records
• Setup appropriate DKIM records
• Ensured PTR was setup.
• Disabled the ability to create/use email accounts on the server itself. Emails are managed by Office365 or GSuite
• Enabled cPanels “SMTP Restrictions”
• Enabled a limit of 150 emails per domain per hour
• Setup the default/catch-all forwarder to “fail”.
• Setup the server to hold outgoing mail that is “potentially spam”
• Setup the server so if a domain sends 200+ unique emails out per hour it gets flagged as a potential spammer.
• Restricted outgoing SMTP mail to root, exim and mailman only.

The only emails our droplet sends are:

• cPanel usage/security emails
• Imunify360 emails
• Wordfence security emails
• WordPress password reset emails
• WordPress contact form emails (Of which is protected with Google’s reCAPTCHA)

I’ve check the emails from the websites with mail-tester.com and they score a perfect 10/10 with the only improvement possible being “Add a List-Unsubscribe header” of which is to be expected because it was a single email that wasn’t part of a subscription.

I’ve checked the server IP against various blacklists and the IP is listed on a few because DO has had a lot of abuse on its network so the entire AS is “limited”

However when I check IP’s around my IP on the likes of talosintelligence.com especially:

https://i.imgur.com/w83OsAw.png

What am I supposed to do here to allow cPanel/Websites to send a few basic emails without them being blocked. I can’t use a Floating IP because you can’t setup a PTR for them…

I don’t want to have to try and move the droplet to another country especially when DigitalOcean doesn’t have a “Migrate droplet to different zone” feature.