Sometimes emails can be rejected due to the poor reputation of an IP address the email is coming from. The sender may think the problem must be related to their email hosting provider and the reputation of their IP addresses, however, in some cases the originating IP of the sender is the one getting into the real-time blackhole lists and causing the issues. This article describes what the originating IP is, how to find out whether it is blacklisted or not, and how to make sure it is not treated as a spam source.
- What is the originating IP?
- How to determine the Public IP address of your network
- RBL and DNSBL
- How to remove the IP from an RBL?
IP Address is a numeric identifier that represents a computer or device on a TCP/IP network. The devices on the network rely on the address in order to know where to route data.
The configuration of mail servers involved into the mail delivery process defines the way how the originating IP is going to be displayed in the message headers.
In the example below, it is defined as the 'X-Originating-IP' tag:
The picture below illustrates how an email leaves the source environment and is routed to the target one. Recipient server checks the IP of the connecting SMTP server against RBLs. If the IP address matches one on the list(s), then the connection gets dropped before accepting any traffic from the blacklisted IP. Therefore, even if the IP is added to the Safe Senders list, the email will not be received. A sender may get the Non-Delivery Report.
Depending on the configuration of the recipient server, the originating IP (public IP of the sender) can be checked as well. If the IP is blacklisted, the email will fail RBL checks and will be rejected because of the recipient mail filtering settings.
Read the Knowledge Base article on Email Protection For Exchange for more information.
Note: if the sender uses mail server on-premises, the originating IP (public IP) and connecting SMTP server IP will most likely be the same.
IP addresses aren’t necessarily fixed. If a static IP address hasn’t been purchased and configured with ISP, the router will occasionally assign your devices new IP addresses.
If the IP is static, there still can be various reasons why originating IP is not the same as the public IP.
The most common cases are:
- Usage of VPN (virtual private network) service or settings. VPN encrypts your Internet connection and routes it through a server in a different location. Other devices or websites will only see the IP address of the VPN server instead of your real IP address.
- The message has been sent from another network. Please make sure that you try to check the public IP for the same network the email has been sent from. Please note: If the mobile device has been connected to Wi-Fi and a cellular network at the same time, it could have used a cellular network to send an email.
- The mailbox has been compromised. If someone has used your credentials to send an email from a different place, the headers can show the IP of the actual sender.
- Spoofing attempt.
A Domain Name System-based Blackhole List (DNSBL) or Real-time Blackhole List (RBL) is a list of IP addresses or/and domains whose owners refuse to stop the proliferation of spam. The RBL usually lists IP addresses from ISPs whose customers are responsible for the spam and from ISPs whose servers are hijacked for spam relay.
There is a large number of different RBLs. However, not all of them have an impact on mail filtering and mail delivery.
In the Smarsh Hosted Services environment, only the 3 major RBLs are taken into account:
If the IP of connecting SMTP server is blacklisted in one of the RBLs above, the connection will be dropped and the email will be immediately rejected.
Though, if an originating IP is blacklisted in other large RBLs such as Barracuda, Sorbs, etc., it may affect the final spam score assigned to the message. As a result, the message might be rejected due to the settings in the Email Protection.
Note: if the recipient is not hosted with Smarsh Hosted Services, other RBLs can be involved in the mail filtering process on the recipient side. Contact the recipient to check on the configuration they use.
You may use public tools that gather information about major RBLs in one place, in order to check if your IP has been blacklisted.
Important: Smarsh Hosted Services cannot de-list the originating IP address from the RBL on your behalf. De-listing can be only requested by the owner of the IP, you may check the owner using WhoIs site.
To start the blacklist removal process, navigate to the corresponding RBL site and follow the instructions there.