The Spamhaus Informational Listing Spree

The Spamhaus Informational Listing Spree

The Spamhaus Informational Listing Spree

Oh my! Spamhaus went on a listing spree! But why? Three words. Verbatim. From Spamhaus.
“Poor.
Sending.
Practices.”

It seems so simple that this is the answer, but it is.

So what are poor sending practices?

When it comes to Spamhaus, the majority of sending practices that will get legitimate senders listed revolve around the ‘how’ email is sent and the ‘who’ email is sent to. In other words, system security (how) and data (who).

Spamhaus isn’t going to pick apart your content (unless there is something malicious in it) or your engagement rates, but they do pick apart your sending behavior as well as the behavior and settings on the system you are mailing from.

So let’s be more specific, if you find during your blocklist monitoring or in your bounce logs that you are listed, be it informational or an active listing, it means that you need to start researching.

System Security

If there is a compromise or security concern of sorts that is getting you listed, your ESP needs to get engaged as you won’t be able to make any movement on this without them. Your ESP needs to review the listing and check their system to ensure it doesn’t have a bad actor or vulnerability being exposed.

For example, I once dealt with a domain listing due to a redirect that was not secured. The click URLs in the emails were being exploited because they were open redirects. This allowed bad actors to add malicious URLs into the redirect, which they then blasted out into the world. Since the original redirect had a reputable domain, it was easier to instill trust and obscure the true intent of the URL. This ultimately leads to more end users clicking on the link and ending up on the bad actor’s site than if they provided the bad link in its true form.

To protect end users, this domain was identified and listed at Spamhaus. The only way to move forward was to update the redirect system on the ESP side, which shut down the exploit and the listing was removed.

Thankfully this was a client-specific domain so we were able to isolate it and remedy it with impact only to the one client. Can you imagine if this was a shared domain?

Consent and Data Maintenance

If you are listed due to hitting Spamhaus traps, this is on you. Ultimately these listings are telling you that you are not taking care to gain consent to mail these addresses, confirm the consent, or you aren’t maintaining your data with proper bounce processing.

Spamhaus traps never sign up for email. One could argue that you got a Spamhaus address through typos or through an abused form. Perhaps, but there are ways to remedy that and if you don’t have protected forms, you should identify what forms are in use today and make sure you either add protections or take them down, especially if they are no longer in use.

Once you get that email, pay attention to bounces and remove anyone you are unable to deliver to, especially if it’s been over a number of months and retries. For those that you are able to deliver to, monitor their engagement and plan for a “sunset” initiative to phase them out or try to regain their consent.

Most important is to make sure your emails are consented. Are they collected in a way that is:

  • Clear to the user
  • Obvious about what is being signed up for
  • Directly with your brand (no third-party mumbo jumbo deals) and
  • Opted-in (not opt-out)?

And if you want to be really safe, and it may be required if you are listed at Spamhaus, are you sending a consent confirmation campaign on new signups or re-permission campaign on inactive emails?

But what’s up with the sudden blast of listings?

In July of this year, Spamhaus made a public announcement on Twitter that they were about to roll out the results of their improved spam detection and an increase in listings was about to go down.

Although some may have squirmed a little in their seats after reading this, it should come as no surprise that Spamhaus would continue to improve and update their systems. Why? Because everything evolves. The Internet has evolved. Email has evolved. Spammers have evolved. Abusive actors evolved. Why shouldn’t spam filters, blocklist providers, ESPs, ISPs, and Mailbox Providers evolve too?

Spamhaus covers the background on this nicely in their article around why there was a “tidal wave of informational listings.” In short, they state the detection mechanisms had to evolve otherwise they no longer would be providing timely (or effective) signals to those that use their services.

What to do about a Spamhaus listing

Although the listings were sudden and Spamhaus said they will work to roll them out more slowly moving forward, the spate that was released were, at least, informational only. This was a kind act they gave to senders. Spamhaus could have kept the “actively list immediately” mentality, but that too is evolving. Since informational listings don’t typically cause the massive blocks and deliverability issues seen with active listings, it gave senders time to act.

Spamhaus is closely intertwined in the community and their goal is to stop abuse and collaborate. Not all providers supporting email are spam sending machines. Being able to put out a warning sign gives the providers time to identify and stop the bad actors while not destroying their entire range or outbound system.

If you are one of the senders called out, it’s your chance to “get your house in order.” If you don’t, the next step won’t be a courtesy alert, but a full blown listing that could impact up to 70% of your list. So start reviewing who you are sending to and work with your ESP and data teams if you need help.

And if that informational listing turns into an active listing or you skip informational status entirely, you’ll need to identify the type of listing and then take specific actions to remediate your Spamhaus block.

Not sure where to start, we can help! Our team of deliverability experts has been at the deliverability game for decades so we’re pretty darn good at helping senders get through these types of issues.


The Spamhaus Informational Listing Spree

Click to rate this post!
[Total: 0 Average: 0]

Check Also

dmarc-monitoring:-what’s-the-value?

DMARC Monitoring: What’s the Value?

Bad actors love to use a legitimate sender’s brand in their malicious emails because it’s trusted by recipients and has a good reputation. At least, they do until they destroy the reputation the sender worked so hard to build. Bad actors are the reason why we have authentication. Up until DMARC was introduced, control over what to do with messaging was at the discretion of

>