5 Reasons Why Good Email Addresses Get Rejected and Blacklisted
For some people dealing with rejection can be difficult, especially if you have no idea why you were rejected. The feeling of rejection can leave one feeling confused, unjustly wronged and even angry.
We aren’t talking about relationships here – we are talking about email addresses. Yes, having your email address and/or message rejected or bounced back by a mail server can be a terrible feeling. Surely there must have been a mistake? Especially when you know that your email address is good, and wonder why it was rejected.
Did your email address fail email verification, perhaps from a web form using an email verification service? Maybe an email you sent out was rejected or later bounced back by the recipient mail server? Worse yet, you may find that your email address was not simply rejected but has been outright blacklisted! But why? You are no spammer or hacker, and you have been using the same email address for years without issue. So why did you suddenly get blacklisted?
5 Common Reasons Why Email Addresses Get Rejected
Unfortunately, anyone can have their email address rejected and added to a blacklist. The world is flooded with spam, and mail servers have various methods in place to try and combat the unending torrent of spam that they receive. Some mail servers are protected by anti-spam solutions. These solutions are sometimes included in firewalls or mail servers, or are proprietary to the mail host provider.
These solutions can vary in sophistication. Most solutions will incorporate filters, and rely heavily on blacklists to try and identify spam and spammers. Once you get on a blacklist it can sometimes be very difficult to get off one, and it doesn’t help when a blacklist organization will not tell you specifically why you were added in the first place.
Here are five common reasons why this happens, that are not so commonly known:
- Backscatter Spam
- Guilt by association
These reasons are not mutually exclusive from the other. In fact, quite the opposite: they can all share a similar cause-and-effect relationship. Let’s take a look at each of them.
Email carelessness can come in many forms. For example, you freely share your email address and allow it to be exposed, or you sign up for many sites & services regardless of how shady they appear to be.
“But I am careful with my email address!”, you might say in protest. Perhaps you have an alternate email address that you use specifically to sign up for sites or services to protect your primary email address from harm or exposure? If so, then it would not be too much of a surprise then to find that the email address was possibly harvested and/or sold. If a malicious user or organization gets their hands on a good email address, there are a variety of malicious possibilities at their disposal for what they can do with it.
A malicious user may try to hijack your email address, via a scam, a man-in-the-middle attack (MITM), or by hacking into your account. Opening unsolicited email or visiting insecure websites can gives hijackers the opportunity they need to prey on unsuspecting users. Scammers can then trick users to freely give up their security credentials or lie in wait for the right opportunity. All the while you, the victim, may be completely unaware that your account has been compromised.
Perhaps you simply had a weak password that a malicious user or bot was able to easily guess, which then granted them access to your email account. The strength of an email password or lack thereof can be considered as another part of email carelessness, as well as bad habits like opening unsolicited email messages and visiting insecure sites. Overall, it is important to stay vigilant in your online activities.
Even if a malicious user is unable to hijack your email account, they may still choose to spoof your email address. Email spoofing, also known as email forging, is the act of creating and sending an email message with a forged sender email address. Spoofing allows a malicious user to create and send an email message as you, even though they do not have access to your account. A spammer from Brazil may be sending out Viagra spam on your behalf, or malicious users from China or Russia may be sending out phishing spam as you from across the world. This spamming activity done in your name can easily land your email address on one or more blacklists.
When this kind of spamming technique is done in bulk it is known as backscatter spam, also known as outscatter, misdirected bounces, blowback, collateral or non-delivery (NDR) spam. Backscatter generally occurs when spammers take advantage of sometimes purposefully misconfigured mail servers, where the recipient server does not reject a bad email address and instead bounces it back to the sender. The sender, however, is forged or spoofed by a malicious user, and so the unsuspecting sender is now the victim of the unsolicited spam.
This technique allows the spammer to sometimes circumvent typical firewall and anti-spam filters, since the spam is sent as a non-delivery report (NDR) instead of as a normal email message. Even if you are not directly a victim of backscatter spam, you may still fall victim to its effects if your mail server is the one being manipulated and bouncing back the spam to other servers. If your host mail server allows backscatter to occur by not rejecting a bad recipient email address outright and instead bounce it back, then it can easily land itself on one or more blacklists. When your mail server gets blacklisted, you will likely find yourself blacklisted by association as well.
Guilt by Association
Even if you are careful in your email and browsing activities, sometimes you may still find yourself blacklisted, as your email address may be considered guilty by association. If your email domain, server or IP address get blacklisted then all users associated with the blacklisted item will be affected.
For example, if your domain gets blacklisted, any user/mailbox that uses that domain will be blacklisted. Worse yet, your domain may be fine but another domain that is hosted by the same mail server may get blacklisted, which in effect can cause one or more IP addresses that the mail server relies on to get blacklisted. Some blacklists can be even more heavy handed, where not just one IP address is blacklisted, but an entire IP address block range will be blacklisted. This would be the equivalent of the post office refusing to deliver mail to your premise because you live in a bad neighborhood.
As extreme as this may sound, it is not an uncommon tactic used by administrators, especially if they find themselves the constant victim of unyielding spam. It is also not uncommon for business administrators at times to simply block incoming email from entire countries that they know they do not do business with, or only allow email from domestic connections.
What to Do
Unfortunately, once you find yourself on a blacklist, there is not much that you can do to get off one. Some blacklist organizations allow users to submit a removal request: some may charge a fee to do so, and even so this will not necessarily guarantee that you get removed from the list. It is not uncommon for a blacklist organization to not accept removal requests and instead enforce a wait policy, where the user is forced to wait for a cooldown period that usually starts when the malicious activity was last reported.
Overall, the best you can do is to try and follow best practices to reduce the risk of email fraud that can lead to spam. If you are an email administrator, then be sure that you follow best practices so that your mail server or servers do not contribute to backscatter spam. This means making sure that the mail servers are configured to immediately reject invalid email addresses, instead of allowing messages to go thru that will then get bounced back as backscatter spam later. Using an email verification service like DOTS Email Validation can help reduce unwanted bounce backs by identifying bad email address before any messages are sent out.