We Keep Coding

trouble with hostedemail blacklist [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
The mail server I manage is clean according to 92 blacklists checked by MXToolbox.
But ...
host mx.ecentral.com.cust.b.hostedemail.com[64.98.36.4]
refused to talk to me: 421 4.7.1 Service unavailable; Client host
[My Server IP] blocked using tms.urbl.hostedemail.com; Your IP has been
sending too much spam
How does one get off of this list? What puts one on their list but not on any of the ones with more obvious rules? Is hostedemail.com some kind of rogue provider?
Thanks!

What's crazy about this (to me, anyway) is that both hostedemail.com and urbl.hostedemail.com have no A records and no website, not even a redirect or a single page that would give people the bare minimum information about their blacklist or service. That's not how professionally run blacklists are managed these days.
My users are getting this:
host mx.DOMAIN.org.cust.a.hostedemail.com[216.40.42.4] refused to talk to me: 554 5.7.1 Service unavailable; Client host [1.2.3.4] blocked using urbl.hostedemail.com; Your IP has been manually blacklisted
It's the reference to manual blacklisting that flummoxes me. None of my servers are in any of the blacklists checked by MxToolbox (and like most mail admins, I work hard to keep it that way), so if someone has taken the time to manually add the IP address of one of my servers to the list then this sounds as amateur as my own manual blacklist I use on my servers when I have no patience waiting for a spammer to be shut down or blacklisted. And it has been there for at least a week; I haven't bothered checking last week's logs, as a week is long enough to determine whether or not a server is (still) sending spam.
After some research I found this post:
What does this error mean when emails are bouncing back to sender?
That led me to:
https://fbl.hostedemail.com/
... which is actually a branded CNAME for fbl-opensrs.app.returnpath.net that leads to:
https://fbl.returnpath.net/
So at the end of that long trail I ended up signing up for Return Path's FBL for their short list of 22 ISPs (including, as far as I can tell, a couple of individual companies' email systems). In doing so I have now agreed to them sharing my "Personal Information with business partners or other third party sponsors of sweepstakes, contests and similar promotions from time to time" (seems like a bizarre provision for the terms of service for a B2B company, especially one whose raison d'être is about reducing spam, but what choice do I have?), but I am none the wiser yet on why my one server's IP address has been blacklisted.
However, like #StephenB, I am going to abuse my standing as an OpenSRS reseller (an account I have all but abandoned because of their crappy service) and send their support department an email. I expect I'll get the usual "not my department" reply, as happened sometime last year when someone was registering phishing domains spoofing one of my user's domains. I'll post the results of that in a comment when/if I hear back.
UPDATE: I did email OpenSRS reseller support and (to my surprise) they responded within the hour to (belatedly) inform me of the FBL. Another seven hours later they de-listed my IP and the delayed mails in the queue went through.
I brought up some of my points above and this was their reply:
Thank you so much for your feedback, certainly your concerns are understandable. At OpenSRS/Tucows we're always looking to provide a better service, and definitely we can see your point as far as blacklist/delisting goes, for the time being I believe the reason for this is due to a lack of resources to put something like this together, but certainly I can assure you it is on our radar. I will pass this information along to our managers so that we can ensure your voice is heard.
Platitudes, but nevertheless positive platitudes.
UPDATE 2: Well, the platitudes didn't last long. They blacklisted my IP again, and this time I was just patronised instead:
I am just replying back on the RBL listing you inquired about and I can confirm the IP was once again de-listed but I did get some additional information for you as requested. I needed to do a bit of checking but the IP x.x.x.x is provided by RIPE Network Coordination Centre, the IP assigned to the user by the hosting provider carries the reputation of the rest of the CIDR. The nature of VPS/Shared IPs is to be disposable, and it is not suitable for sustainable mail services. I would suggest that you should be renting a dedicated IP/CIDR directly from ARIN or any other static IP provider to avoid further listings from happening in the future since its [sic] not necessarily your customers being listed but the IP being listed. But of course for the time being we have de-listed the IP but assuming nothing changes its [sic] likely it will be listed again in the future. Let me know if you have any questions from here.
We've been using VPSes for mail since 2008 (after a lot of thought and research), and have never in that time had an issue. I understand the sentiment that VPS IPs have a lower reputation in the minds of sysadmins with long memories, including myself, but in this day and age this is like saying that "I don't like x nationality because of what they did to my great-grandfather during the war." Properly maintained blacklists are supposed to have a memory hours long (in most cases; not all, of course), not generations long, and OpenSRS/Tucows/Hostedemail are blocking data centres worldwide full of legitimate mail servers, that nobody else are blocking. I diplomatically told them they're using thinking that became obsolete around the end of the last century.
I already have one of their customers (that our users were having trouble emailing) talking to us about moving.

If WiTon Nope's answer was correct at one point, it doesn't appear to be accurate anymore. They blacklisted my server as well, for no apparent reason, and it took a week of chasing them to get that resolved - and it appears that the only reason it didn't take longer (or got resolved at all) is because I'm already an OpenSRS reseller for domain registration (I don't use their EMail service, and I certainly won't be after this experience). Even then, I had to resort to calling them, because the attempts I made to contact them via their reseller support EMail & Twitter were all ignored. Oh, and unlike nearly every other RBL I've dealt with, they fail to provide any method for requesting delisting.
Also, the suggestion to check MX Toolbox doesn't seem to be relevant, since they don't actually monitor urbl.hostedemail.com - and same as with Daniel Wilson, my server wasn't on any of the (more than 40) RBLs that MX Toolbox does monitor.
To top it all off, once they finally DID resolve the problem, they refused to provide any useful details, like ANY reason for having listed my server, or even so much as confirming that there WAS a reason in the first place. I try not assume that people are acting in bad-faith, but I can't think of any reason not to provide the justification for the listing - unless they discovered that was no valid reason for blacklisting the server, and are just trying to weasel out of admitting that they screwed up.

hostedemail.com is used by OpenSRS providing email hosting service and it's not a blacklist directory. You don't have to worry you have to wait for couple of days while your IP will be refreshed accross all mailservers and dns globally.

Temporary e-mail accounts for integration tests [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 5 years ago.
Improve this question
I would like to write some integration tests which verify if user receive registration confirmation e-mails.
Ideally, for this purpose I would like:
Create temporary e-mail account.
Pass it in registration form.
Check if we receive e-mail.
Delete e-mail account.
Are there any disposable e-mail accounts which provides a simple API? I couldn't find any, but existing ones are fairly easy to parse/make requests (e.g. http://10minutemail.com/).
Is this sounds like a good idea? The alternative is use some gmail account and use tags for this purpose. However, dealing with msgs in spam folder, other folders, etc. sounds a bit more complicated.

you can test with your email from Gmail, just append +something to your email address:
myemail#gmail.com
you can have a test account that will deliver to your normal Gmail address:
myemail+testuser1#gmail.com
myemail+testusern#gmail.com

http://mailinator.com supports POP3.
Connect to the server via POP3 with any username and check e-mail.

I know this question is relatively old, but this fits your purposes quite well:
https://www.guerrillamail.com
Disposable email addresses
Emails are deleted after 60 minutes
Customizable temporary email address dashboard
I use it on the daily while testing emails or for signing up for services that I'll only use once, that require email verification.
I highly recommend it!

You may use special services for QA/QC engineers with API:
https://mailtrap.io
http://www.emailvoid.com
https://mailcatcher.me
https://mailsac.com
More you can read in article http://railsware.com/blog/2012/06/18/remove-qa-headache-while-testing-email-delivery/

If you're running on a linux machine it'll already have an email service running (username#localhost... eg root#localhost) which is kinda perfect for testing emailing scripts.
I don't know why you'd go to the trouble of automating this when it would be better to rather use dependency injection and create a mock-mailing class so you can adequately do integration testing - instead of the last stage of transmitting the email it simply writes the content to a file, a database, or just stays alive in the mock-object long enough it can be tested before it's garbage collected.

spam issues with sending millions of emails

I am currently developing an email server in C, and the end goal is to be able to send millions of emails to millions of people every day. Many organizations have email lists with large numbers of users that they email every week/month/etc.
The big question: how can I prevent the server and the emails from being marked as a spam? All of the SPAM-prevention stuff I've seen so far deals mostly with poor configurations, or at least does not require large numbers of emails to be send every hour. I have yet to see anything that addresses the scope of millions-of-emails-per-hour.
Here are some assumptions you can make:
EVERY single email sent is legitimate
all SPF records and MX records are accurate, up-to-date, and valid
all other common SPAM-prevention tactics are being used (reverse DNS is good, DKIM is used, return-addresses are valid, etc etc etc)
emails are one-to-one (ie, I'm not CC'ing 1000 gmail addresses; I'm sending one email to each address)
Here are some questions to get us moving in the right direction:
should I limit the number of emails sent to X emails per minute per domain? If so, how do sites like GMail and MailChimp get around this? note: there are no ISP restrictions; this is only an issue for the receiving mail server...
should I limit the number of connections to a domain at a given time? (eg, will Google think I'm a spam agent if I open 10/100/1000 simultaneous connections to gmail servers?)
how many bounce-backs (5xx errors on an address) should I accept for automatically removing that email from a subscription list? does this affect a server's spam rating?
is there anything else I should or should not do?
Final note: please remember this is a programming question, NOT a library question - I don't want to use someone else's service; we are writing our own for a reason. I'm looking for practical programming advice.

This is not a programming question, but here goes:
I strongly recommend you join your local mail operators mailing list, as well as "Spam-L" mailing list. Read the archives, and see what issues others are having.
The short answer is that destination servers can, and do, use all sorts of methods to try to prevent spam. THere are many things you will need to be aware of in order to have good deliverability, and those things change all the time.
First and most important, remember:
Free speech also includes free listening.
Nobody has to accept or transmit your mail.
Independent operators, businesses and individuals have a perfect right to refuse your mail for any reason or no reason. ISPs are limited only by their contracts with the customer and common-carrier laws, which generally give them broad discretion in what is considered spam and how they block it.
Their system, their rules. If you want your messages delivered, you must cooperate with receiving ISPs. This may mean jumping through hoops, or complying with requirements you think are stupid, or pointless.
Ensure you are not listed by SpamHaus. Most ISPs small and large use SpamHaus DNSBL service. Presence on one of SpamHaus' lists asserts their opinion that your mail meets their listing criteria. Because of SpamHaus' high reputation, most ISPs will simply block all mail you send based on their opinion.
Make sure you process unsubscribes.
Make sure you process non-delivery reports. You may not want to kill a subscription on the first NDR, as there can be intermittent network or server problems which can result in non-delivery, or even erroneous reports that an address is incorrect. But if you get several over the course of a month or two with no successful deliveries, you should kill the subscription.
Join a pay-for reputation service. These may require posting a bond which you may lose if you send Spam. SpamHaus offer one. There are others.
Get professional advice from someone like Return-Path. You will have to pay for this also.
Monitor. The hoops you have to jump through change all the time. Ensure you are aware of emerging deliverability problems.
Join feedback loops. most large ISPs offer feedback programmes where you can get feedback on how users are perceiving your mail, whether they are reporting it as spam, etc.

Ben had some good practical advice, but for others with this problem, here is what I have discovered in the past month:
Email is all about REPUTATION. You will never be able to throw together a server, ip, and/or domain name and expect to be able to send out millions upon millions of emails.
On Stack Overflow, we have a rating system (up and downvotes) to estimate the value/trust that person has with the SO community. But it takes time and effort to get points. It's the same with email - you have to start sending out small amounts of email that people actually open up and read (and would never mark as spam), and then slowly send out more and more every month until you reach the goal of millions and millions of emails.
Everytime someone "downvotes" - marks the email as spam, flags the domain, flags the ip address, deletes the email without reading it, etc - you get a hit against your reputation. You need to be continually monitoring and putting effort and best-practices into your reputation if you want to gain good standing with people.
So start small, expand in a stable and steady manner, and always keep a watchful eye out for abuse, misuses, good and bad feedback, or anything else that might affect your reputation.
It's not only possible, but very practical; you just need to give it time and effort.

How software like Return Path or SendGrid knows how many emails reached inbox? [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I am interested to know the technical background of how this services can determine if my email reached the inbox or not(as this is the key servicethis providers offer). If I send an email to somebody wh uses Yahoo messenger or Gmail or maybe just an enterprise email address, what does the ISP have to do with that? Isn't the email filtered after it reached the Yahoo or Enterprise server, and than moved to Inbox or Junk or whatever other folder?

(full disclosure: I currently work for SendGrid as a web developer, so I have some insight but maybe not the low-level technical answers you're seeking)
From a slightly simplistic view, when we go through the SMTP process of delivering a message to an ISP/ESP, we generally know that the message has been "delivered" and we track it as such in your statistics. We also set up feedback loops (FBL's) with ISP's/ESP's which can ping back to us if a user flags a message as spam, which we then subtract from the "delivered" total.
How they route the message and make the decision to move it an Inbox or Junk folder is based on whatever criteria they have, and as far as I know, there is no FBL that can be set up to alert us to that fact.
We do, however, work very hard with our customers to teach them how to "warm up" an IP address for sending good, non-spammy messages, which builds up a "reputation" for an IP address (search google for "sender score"). Obviously the closer to 100% the better. We also have automated systems in place which may alert us if outgoing messages seem "spammy" and we'll put them on hold and alert you so you can make corrections. After all, our reputation is also on the line.
Hope that helps a little.

Well, if I recall correctly, SendGrid uses embedded images in the email and tracks if the image gets loaded as a way to determine if the target user read the email. This, of course, is fairly unreliable.
I certainly never allow my email client to automatically show images by default, so the image won't be requested and SendGrid won't be able to count this email as opened.
See these links for more details... now comes the RTFM! :)
http://docs.sendgrid.com/documentation/apps/click-tracking/
http://en.wikipedia.org/wiki/Email_tracking

Email deliverability - Influencing factors [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
[Our website] is very dependent on being able to successfully send email to its members. We are currently having trouble reaching all our members, especially hotmail users.
What do you recommend we do to improve our sending of email?
We are sending heavily user customized emails. So a third party solution would need a good api
to support this.
Possible solutions:
Would sending email through the app
engine help for delivery rates?
Does returnpath help? http://www.returnpath.net/
Update:
Some good comments on how to improve and test our own email sending capabilities. Another option would be a third party solution.
We're sending updates on your networks activities, registration emails, new comment emails, new follower emails these type of things. Especially your networks activity is highly individual and problematic with most third party emailing solutions. Would need a very flexible email solution.
Are there sufficiently capable solutions out there?

We had a similar issue a while back.. You probably want to read up on Microsoft's Sender ID:
https://www.microsoft.com/mscorp/safety/technologies/senderid/default.mspx
and look at the link called "Sender ID SPF Record Submission Form".

Postmark and Sendgrid seem to offer a very decent api to use for sending email and improving deliverability. As a bonus stats are also handled by them.

1 ) using shared ip
2 ) sending more than 1000 email per hours may cause Spam
3 ) sending from root server without SMTP login may cause this problem
4 ) contents email has links from websites blocked from RBL ( Real Time Blacklist )
5 ) ...

I'd in general be pessimistic about the IP reputation of platform-as-a-service type offerings. Testing Google AppEngine is on my to-do list, but I've there's been much talk about Amazon EC2 presenting a real problem -- these products are not very efficient preventing use by spammers, and reputation is taking a hit.
As for the practical steps of setting up outbound email, Jeff Atwood has a very nice and nearly comprehensive article on his blog.
What I'd certainly suggest is:
Make sure your sending IP has a reverse DNS.
Check your IP reputation for example at senderscore.org (though that's heavily US centric)
Make sure bounces are handled on your side, and postmaster#your.domain is reachable
Set up SPF and DKIM. SenderID if you want to.
Sign up for all feedback loops at major mailbox providers / ISPs and act on spam complaints -- if your user complain, you're doing something wrong. Also, set a "friendly name" on your From: address, as some mailboxes will only display the local part -- " Update" is friendlier than only seeing "automatic" (Gmail does this).
Watch the volume you send. If it's high from the start (>1000s/day to each major ISP) you may get blocked outright.
You'll find a lot of deliverability tips, most of the time from interested parties (email service providers). A relatively reputable resource is deliverability.com, backed in part by Return Path. Of course, going with a commercial email service provider might be a solution for you, but your use case is quite specific and you'll need real-time individual messaging, not marketing newsletters, if I understand you right.
I worked for a company that re-sold Return Path's tool -- so take this with a pinch of salt: It' won't help you get delivered. It can, however, be a valuable tool tracking down where your problems are. It is on the other hand expensive, and hiring a specialist that can go through your specific case might be more affordable. Or reading a lot and experimenting a lot yourself.

#chryss does a great job pointing out the important factors that need to be taken into consideration:
-- reverse DNS, sender reputation, list management (ie, cleaning lists of addresses who have marked your email spam, invalid addresses, etc and keeping track of hard and soft bounces and acting accordingly to those events), SPF records, DKIM signatures, ISP feedback loops, ISP rate limits. Also, email content is important to keep in mind.
Generally speaking, this is all pretty complicated and annoying stuff to deal with, especially as your email volume increases.
In terms of IP reputation with PaaS systems, the key thing to remember is this:
-- if you share an IP with someone who earns a poor reputation (say, a spammer on EC2), that reputation will negatively affect your deliverability. On the other hand, if you send from a dedicated IP, you have the opportunity to earn your own reputation - if you are a good sender, follow best practices, and your customers want the emails they expect to receive from you (which they should since it sounds like you are sending mostly transactional emails), you will maintain a great reputation and should enjoy good deliverability (granted all of the technical stuff mentioned above is taken care of).
We generally keep an eye on deliverability "chatter" online, and send out all the cool/useful stuff that we find on a daily basis through our twitter feed -- feel free to follow us: twitter.com/sendgrid. We are also beginning to ramp up our own blogging, so you can join the conversation if you like: blog.sendgrid.com.

If you want a comprehensive solution without having to do a lot of troubleshooting/fact-finding, just check out SendForensics.com. Disclaimer: I am affiliated with the company.
Regards,
Russ

Deliverability issues generally happen if there is something wrong with any or all of the following elements:
Email Content
Server Configuration
Email address and Domain reputation
IP address reputation
More information here