0

Overview

For our application, we use SendGrid to send emails to many of our users. Recently over the past few weeks, our SendGrid IP addresses have been added to the RATS-Spam blacklist multiple times. In our SendGrid profile, we can find the following logs in the Blocks section suggesting that our IP address is in the list (I hid our IP address)

550 RBL-{IP Address}: RBL: spam.spamrats.com SPAMRATS IP Addresses See: http://www.spamrats.com/bl?{IP Address}

While it is quite easy to remove our IP addresses from the list, the impact is still visible as many users will not receive their emails.

Background

We looked into the number of spam reports when our IP address was blacklisted. Though the number of spam reports is indeed higher at these times, the number is not significant enough to suggest that these were the issues.

We also have a basic and overly prohibitive mechanism to detect emails to spam traps. Our IP addresses were blacklisted despite enabling this mechanism.

Online Resources

I already searched into other resources online, but they do not help us determine the root cause behind the blacklisting.

SpamRats Whitepaper

This whitepaper provides several reasons as to why the IP address would be banned. However, it is vague in their descriptions. For example, how is "unwanted email" determined in the statement below?

The IP attempted to deliver high volumes of unwanted email or non-existent email accounts across multiple unique ISPs (Internet Service Providers) within a short period of time

Other ServerFault Post

Most of the solutions here suggest that we do not use SpamRats. Unfortunately, we have many users that are using multiple unique domains all using SpamRats. It is not feasible at our current scale to tell our users not to use SpamRats.

We also already use MX Toolbox.

Question

  1. Did anyone else encounter this issue before? If so, how did you find the root cause and what was it?
  2. What are some methods that we can implement on our servers or SendGrid account that could prevent the issue? We cannot tell our users not to use SpamRats.
  3. How is unwanted email qualified and high volumes/multiple unique/short period quantified? Are these unwanted emails from spam traps or spam reports or something else?
7
  • Have you reached out to SendGrid support?
    – joeqwerty
    Commented Sep 27, 2022 at 2:38
  • What type of incident results in you sending/relaying spam? How quickly after learning that something is off from number of bounces do you stop sending and investigate?
    – anx
    Commented Sep 27, 2022 at 4:53
  • 1
    Do you have your own sendgrid IP address or are you using a shared IP address ?
    – user9517
    Commented Sep 27, 2022 at 8:46
  • 1. No, we have not. 2. We have a subset of users, who can send emails to another subset via our platform after becoming our customers. We do not know when this email sending "feature" goes wrong and causes the incident. We never stop sending the emails as the RATS-Spam only affects some domains and the business costs of not sending is too high. We remove our IPs from the blacklist and then investigate. 3. We have our own Sendgrid IP.
    – su-ayoo
    Commented Sep 27, 2022 at 16:13
  • The answers in the post you linked suggest that RBL provider is listing larger blocks under some unclear conditions. Have you already queried IP addresses matching your prefix? What kind of volume are you sending that a "higher number of spam reports" does to you not seem like a serious problem requiring immediate attention regardless of any RBL provider behaviour?
    – anx
    Commented Sep 28, 2022 at 14:37

0

You must log in to answer this question.

Browse other questions tagged .