Email, IP Addresses and Blacklists

Tech, Uncategorized
by Mike Clements

Introduction

I have a web & email hosting account so my email is on my own domain. A while back I wrote on this topic: http://mclements.net/blogWP/index.php/2024/02/06/email-send-blacklisting-ip-addresses/

That turned out to be a temporary solution and the problem kept recurring. I recently devised a permanent solution. I’ll describe this solution first, then get into the story of how I discovered it.

How it Works

Here’s what happens when I send an email from my own domain. Consider the email as foo@bar.com sent using MyHost SMTP servers.

  1. My email client (Thunderbird on Linux) calls GMail’s SMTP server to send an email from foo@bar.com
  2. The GMail SMTP server receives the call and says, “foo@bar.com isn’t a GMail email address. Do I recognize this?”
  3. The GMail SMTP server sees that I have added foo@bar.com as an external email account and verified it.
  4. The GMail SMTP server sees that I have told it to call the MyHost SMTP server to send email for foo@bar.com, and provided MyHost login credentials.
  5. The GMail SMTP server calls the MyHost SMTP server to send the email from foo@bar.com
  6. The MyHost SMTP server sends the email using the IP address of the caller, which is the GMail SMTP server’s IP address.

This ensures that the IP address associated with email sent from the MyHost account is not my Comcast assigned IP address, but that of GMail’s SMTP server. Thus, it passes all the various internet email security checks.

The Symptom

As I mentioned above, the problem kept recurring. I send email and sometimes it is rejected with a reply that looks like this:

host eig-east.smtp.a.cloudfilter.net [18.215.58.191]
SMTP error from remote mail server after end of data:
550 Gk0Tt29WcHdOCGk0UtJxy2 - <foo@bar.com> message rejected AUP#SNDR

I checked whether this IP address is blacklisted at this site: https://mxtoolbox.com/blacklists.aspx

It shows more than 40 different blacklists, all but 1 of which are green / OK. It was blacklisted by Spamhaus ZEN with reason PBL. In their words:

PBL - Spamhaus PBL is a DNSBL database of end-user IP address ranges that should not be delivering unauthenticated SMTP email to any Internet mail server except those provided for specifically by an ISP for that customer's use

In other words, internet SPAM and security has gotten so bad that servers don’t accept email from any IP address except those pre-cleared as public SMTP servers. When it comes to delivering email, they have shifted from blacklisting to whitelisting.

Previously I thought I could solve this by using the IP for my DNS name, instead of the one assigned by Comcast. But my hosting provider refused to do that and it wouldn’t help anyway.

The Solution

Google has employees whose job is to keep their SMTP servers on all the whitelists and off all the blacklists. When my hosting provider’s SMTP server sends email, it uses the IP address of whoever called it. If I can get Google’s SMTP servers to call my hosting provider’s SMTP server, then my email will deliver with a whitelisted Google IP address.

And Google provides a method to do exactly this!

Before starting, have the information for the SMTP server you want to use: hostname, login name, password, etc.

Point your browser to https://gmail.com, go to Settings, See all Settings, Accounts and Import.

In the “Send mail as” section, check the button for Reply from the same address the message was sent to.  Then click the link Add another email address. Follow the instructions in the window that pops up to verify the email account and SMTP provider.

Next, go to your email client settings and tell it to use the GMail SMTP server to send mail for your hosting provider email.

That’s it – you’re done.