Cloud hosting gives a great opportunity to companies and individuals to host their own IT infrastructure of any kind, be it websites, mail servers, or applications for internal use. Virtual servers have come down in price drastically over the last few years, while quite often providing great performance both in terms of CPU power and network throughput. However, it turned out that hosting on cloud services can some unexpected drawbacks:
Suddenly, out of the blue our mail server got blacklisted on several spam blocklists. It has been on the RATS Dyna list forever basically, which was hardly a trouble since that list is managed by (well, as title has it) by rats and has gathered some user discontent.
No-one really uses that list anyway, however it is a different situation in relation to Spamhaus, which is a commonly used spam blacklist. Normally the are quite open to interaction and it is easy enough to get delisted with them. This time it was different and it seems that they resorted to some dubious tactics of blacklisting an entire subnet to which our mail server's addresses happened to belong to. The reason for blacklisting was this:
Nearly identical spam was seen from the networks below. We believe that this is a dedicated snowshoe spammer attempting to hide the volumes of spam by using many IP addresses to spread the load. Please see also http://www.spamhaus.org/news/article/641/a-snowshoe-winter-our-discontent-with-can-spam
One might think that they are talking about dozens, or hundreds of IP addresses sending spam mail out, in fact so many that it is easier to block an entire /24 subnet rather than deal with the IP addresses individually, while in fact according to their records it turned out that there were 3 (three, in writing) email addresses that were sending spam out of 128 that are on the subnet:
cp 89.36.222.148 fenixcobrancas.in+ fenixcobrancas.in+ 2016-04-08 15:00:00 (+/-30 min)
cp 89.36.222.248 fenixcobrancas.in+ fenixcobrancas.in+ 2016-04-08 03:30:00 (+/-30 min)
cp 89.36.222.253 fenixcobrancas.in+ fenixcobrancas.in+ 2016-04-08 13:30:00 (+/-30 min)
As the result their system decided that blocking the subnet of 89.36.222.128/25 (IP addresses from 89.36.222.128 to 89.36.222.255) would be the most appropriate solution to the problem. This appears to be rather a sweeping approach, blocking 125 of potentially legitimately used IP addresses because of three that were sending identical spam messages. That does not appear to be an optimal solution but this is now a problem that has to be dealt with since getting on Spamhaus list can actually be a serious enough issue as their block list is used commonly.
What happened here is that given the price and accessibility of virtual servers many spammers took to the cloud to do what they do best, sending spam. There is a certain probability that when you get yourself a VPS for your own needs that there was a spammer using it before, which makes it unlikely that your new IP address would be on some sort of a blacklist. It is not a problem in many situations per se, but if you need to send mail from this IP address it can be a nuisance.
Most often it is easy enough to have yourself delisted, except for the dodgy lists like the mentioned RATS but as it turns out that is not necessarily the whole story. As we can see, blacklist maintainers are not always meticulous about their practices and can block IP address ranges just because of a few IP address that have been abused, so it is entirely not impossible to end up blocked even if you are conscious about your email reputation. Taking into account that cloud hosting is very popular today it seems that the problem is rather serious and should be of concern to a lot of companies.
However, not all hope is lost. While it is true that getting an IP address with clean reputation is tricky, and maintaining it is not any easier, the solution could be to piggiback other well established mail services. That can be as simple as using managed email services which might work in many situations, but it is not very appropriate if you want to have full control over your mail. Turns out that is not really a problem either since there are services offering SMTP relay services.
Shortly, the way it works as this. Instead of sending the mail from you email server directly to the recipients mail server and chance running into a trouble if the recipient's mail server sees that you are in some sort of spam blacklist, your mail server relays it to another mail server with a good reputation, which in turn delivers the message. So the recipient's mail server sees the originating IP address of the relay service, whose maintainers work hard on ensuring a good reputation 24/7 so the chances of getting blocked are rather low.
This looks and and works like similar a http proxy, only for SMTP. In this way you get to keep your mail server with all the configurations and settings but greatly reduce the chances of the email messages getting blocked in transit if your IP address happens to be on some sort of a block list. The SMTP relay would not care if it is since in order to use it you will need to register with it first, prove that you own a domain name by setting up some DNS records and use unique SMTP authorization credentials that will be given to you after verification. Spammers would not normally do that so the relay safely assumes that you are sending legit email, you just need to make sure that your sending machines do not catch some sort of a trojan.
When it comes to receiving emails, nothing changes in this regard, the mail will get delivered to your mail server in the usual fashion, spam blacklisting does not affect it. You often can use your SMTP relay service to receive you mail as well, if for some reason you have to configure it that way, but in this particular situation this won't be necessary.
There are a number of SMTP relay services that can be used for forwarding email, naturally one would expect to pay for that kind of functionality, but frankly it is not that expensive, and some even provide free tiers for low volume mail. "Low volume" here means less than 100K emails or so per months, which is more than enough for most practical purposes for a lot of businesses. Two most widely knowns SMTP relay services would be mailgun and sendgrid, however we found smtp2go to be a lot more user friendly when it comes to setup and configuration.
Apparently SMTP relay services are built as a means of forwarding of huge number of emails like newsletters, or registration confirmations, which can looks suspicious when done from a regular hosted IP address, but as we can see they also can be a good solution for circumventing the problem of IP address blacklisting and it is quite reliable. Some configuration and trial and error will be needed to set things up, of course, but nothing too complicated for anyone who has managed to configure a mail server in the first place.