-1

Recently the email account of one of my users was hijacked to send a lot of spam and phishing mails. Once I realized the problem I did solve it, but only after my domain was marked as spammer by many servers.

Is there a way to unlist my domain?

anx
  • 8,963
  • 5
  • 24
  • 48
Engel
  • 1
  • 1
  • 4
    You need to figure out which blacklists you are on and follow their procedures to remove your server or domain from the blacklist. – Paul Nov 22 '21 at 03:06

1 Answers1

3

Yes, but as email reputation management is not managed by just one party, you need to solve this on a case-by-case basis with each of the systems that have flagged your server. Fortunately, the number of cases will still be small, as most email providers use the same handful of popular lists.

While details may differ between providers and change over time, you need to follow these common steps:

  1. Setup suitable monitoring & relay policies to ensure that not only you have resolved the incident, but would more quickly address future incidents. In any case, ensure that your abuse@yourdomain.example mailbox is read by someone able to quickly act or escalate on reported problems.
  2. Identify the lists that publicly list you, and look up their policies. Usually they will have some website that explains whether listings automatically expire and when expedited removal can be requested.
    • Lookup services called "rbl check" will help you identify where you are currently listed.
    • Take note of which identifiers were listed. Is your domain name listed? Is your IPv4 and/or IPv6 IP address prefix listed? Procedures for names and for addresses may differ.
  3. Some lists may require you to fulfil additional, otherwise not strictly mandatory, requirements before you can request removal from their lists. This may include publishing up-to-date contact information, or setting up PTR records ("reverse DNS") suitable for your EHLO name, ..
  4. Many lists will drop the listings substantially faster than automatic expiry if you explicitly request so on some web form.
    • Some lists will offer to help you identify and resolve outstanding issues for a monetary fee. Such offer is typically completely independent of free removal requests.
    • Get it right the first time. Some maintainers will ignore follow-up requests for some time if you already wasted their time by submitting early/incomplete requests.
anx
  • 8,963
  • 5
  • 24
  • 48
  • 1
    I like to use [MX Toolbox](https://mxtoolbox.com/blacklists.aspx) to identify relevant lists, but many web services, most free of charge, exist. – anx Nov 23 '21 at 00:17
  • 1
    The SMTP service is explicitely required to have `postmaster@domain` mail address (at least by the RFC5321), while it is not clear why `abuse@domain` is requred. There is RFC2142, but it is not evident everybody needs an address for "Customer Relations". – Nikita Kipriyanov Nov 24 '21 at 13:39
  • @NikitaKipriyanov If you already have a mandatory SMTP-specific box anyway, why bother? - Because processing complaints can be your only chance before RBL providers (or your ISP) start mitigation with unpleasant side effects. – anx Nov 24 '21 at 16:52