We’re doing the SEO for a local Central Oregon business. They’re great clients. We built them a custom WordPress site, with an integrated blog and all the fancy bells and whistles. In their monthly analytics reporting last month, I noticed a substantial traffic drop from the month prior so I looked further to see if there were any issues I could address. I found their domain’s ISP had been blacklisted by two DNSBLs (Domain Name System Blacklists are spam blocking lists that allow administrators to block messages from specific systems that have a history of sending spam). Yikes. Here’s the lowdown, and why you want to avoid it from happening to you.
When we setup the hosting for Company M, we’ll call them, they insisted (well, their IT guys did) that their records be pointed back to our small Central Oregon internet service provider (ISP). We’ll call them, Local Dog. We advised against this several times. As of today, at least one of Local Dog’s servers affecting the whole IP range is blacklisted by two DNSBLs. It’s been 3 weeks since we found it, and Local Dog hasn’t gotten themselves de-blacklisted. My hunch is they’re unaware that they’re even on one. Therein lies the problem.
Are they so small that they don’t have the measures in place to realize their servers have been blacklisted and their customers are affected? Will they ever notice? Do they have enough clout to get themselves removed if and when they figure it out?
How to Fix the Issue if ISP Blacklisting Happens
Ultimately the ISP needs to get their servers removed as quickly as possible. With a good ISP, entire teams will work on this and can get the server(s) removed in a matter of days. If this isn’t fast enough or if the ISP can’t/won’t get themselves removed from the blacklists, the IP address needs to be changed, so the account would need to be closed and a new one opened to receive a different IP address. With our client, we’re suggesting a new domain in addition to a new IP to avoid affecting the domain health. The initial drop in traffic was enough for us to suggest the client move the domain to start fresh. Of course, moving domains would lose any acquired page rank, but in some situations such as when the traffic is affected or when the domain doesn’t have substantial page rank, it makes sense.
The whole incident sheds light on the issue of security in shared hosting environments. The reason why we set our client up with the host we did was due to the excellent security, speed and support this host would provide them.
When Company M pointed their records off-host and back to Local Dog, Local Dog became the ISP of record.
When domain IPs are blacklisted, brand reputations can be damaged and traffic can be lost. This results in lost leads, cash and productivity for your business.
Some measures you can take to help:
- Choose host providers with excellent IP reputation, security and auditing
- Implement a security audit schedule
- Use a dedicated mail server or use hosted email solutions (Google Apps, Office 365, etc)
- Whatever you do use, always use secure passwords (no Changeme’s or Test’s allowed)
Have fun out there and let us know if we can help. | Christina, Creative @ Savy
As part of the well-known “Local Dog” in Central Oregon, I’d like a chance to respond to your post. I agree to the point that bulk email management is best done with a relationship management application. But, I take exception to your assertion that we are irresponsible with our email and hosting reputation management. We take blacklisting and our sender reputation very seriously. We use Cisco Ironport appliances to help manage our inbound and outbound email reputation. We carefully monitor and respond to changes in our reputation, and outbound mail. In other words, we are absolutely aware when we are listed.
The referenced listing with SORBS was a residential relay, and did not impact CPANEL hosted domains. We worked with SORBS closely to resolve the blacklisting, and continuously strengthen our email practices to keep ahead of exploits. There are several public sites where readers can review our sender reputation, including https://www.senderscore.org/lookup.php?lookup=188.8.131.52+&ipLookup=Go and https://www.senderbase.org/lookup/?search_string=184.108.40.206
Our ISP has outbound relays for residential, and one for commercial email traffic. We can help customers situate their outbound mail through the appropriate relay. This is especially important with the history of platforms like WordPress and Drupal being susceptible to email exploits that trigger blacklisting, as referenced in this summary article: http://blog.sucuri.net/2014/07/mailpoet-vulnerability-exploited-in-the-wild-breaking-thousands-of-wordpress-sites.html
We know we’re not the perfect host for every type of web application in Central Oregon, and we struggle with the same security concerns that our ISP industry combats as a whole. But we do strive to be stable, secure, and responsive for every hosting and email customer who trusts us with their business.
It’s great hearing from you. As of today, your IP 220.127.116.11 does appear to be blacklisted on SORBS. See this link for a scan from today: https://savyagency.com/MXToolbox.png.
We design and develop a substantial amount of WordPress websites in the region. We do develop our websites secure and without the use of unnecessary or insecure plugins like MailPoet. I did check the link you provided: https://www.senderscore.org/lookup.php?lookup=18.104.22.168+&ipLookup=Go%20and%20https://www.senderbase.org/lookup/?search_string=22.214.171.124, and once logged in, it does show the complaint list as “high”.
We hope you can get it sorted out.
I like the valuable information you provide in your articles.
I will bookmark your weblog and check again here frequently.
I’m quite certain I’ll learn a lot of new stuff right here!
Best of luck for the next!