Go Back   vb.org Archive > vBulletin Article Depository > Read An Article > Management Articles

Reply
 
Thread Tools
How to keep your board from getting blacklisted as a spammer.
Alfa1's Avatar
Alfa1
Join Date: Dec 2005
Posts: 3,537

 

Netherlands
Show Printable Version Email this Page Subscription
Alfa1 Alfa1 is offline 05-27-2008, 10:00 PM

If your board does not comply to the bulkmail rules of large email providers, then all email from your board to these email providers may get banned.

The way you handle your email protocols and email subscriptions is vital to the well being of your board. Many boards are not even aware that they being punished by large email providers, for the way the boards are handling their email. Have you ever noticed that mail to a specific email provider often does not arrive? If so, then it?s likely that your site has been listed as a spammer. Email providers do share their spammers lists, with other email providers.

If you want to resolve or prevent this, then lets inspect the bulk mail rules of the major email providers. I have extracted them and summed them up for you. My clarifications to the mail rules are in blue.


Hotmail:

There must be a simple method to terminate a subscription.
Mailing list administrators must provide a simple method for subscribers to terminate their subscriptions, and administrators should provide clear and effective instructions for unsubscribing from a mailing list. Mailings from a list must cease promptly once a subscription is terminated. This can be by a link, the receiver has to click on, or a valid Re: address.


*vBulletin has this function built in to terminate subscriptions, so this will not cause problems in this regard. However, there is no functionality to let members automatically unsubscribe themselves from admin mailings. Fortunately Kirk made this hack: Unsubscribe link in Administrative Mail (vb 3.7 and lower only)

There should be alternative methods for terminating a subscription.
Mailing list administrators should make an "out of band" procedure (e.g., an email address to which messages may be sent for further contact via email or telephone) available for those who wish to terminate their mailing list subscriptions but are unable or unwilling to follow standard automated procedures.


*This is something you will need to fix yourself, by editing the template. A good way to resolve this is to add a text to the email message that explains how to remove subscriptions by going to the userCP.

Undeliverable addresses must be removed from future mailings.
Mailing list administrators must ensure that the impact of their mailings on the networks and hosts of others is minimized. One of the ways this is accomplished is through pruning invalid or undeliverable addresses.


*This is a vital issue that needs to be resolved. Especially if you have a big board. If you are sending out large amount of subscriptions and other email, then there will be a lot of outdated and false emails in your database. If you keep sending email to inexistent email addresses, then the risk of getting banned by email providers is very large.

Unfortunately vBulletin does not have a function for this and there is no hack that automatically resolves this problem. However; I highly recommend that you install Anti-Virus his EZ Bounced Email Management for Admins.


Mail volume must take recipient systems into account.
List administrators must take steps to ensure that mailings do not overwhelm less robust hosts or networks. For example, if the mailing list has a great number of addresses within a particular domain, the list administrator should contact the administrator for that domain to discuss mail volume issues.


This only seems to be an issue for very large or local boards.

Steps must be taken to prevent use of a mailing list for abusive purposes.
The sad fact is that mailing lists are used by third parties as tools of revenge and malice. Mailing list administrators must take adequate steps to ensure that their lists cannot be used for these purposes. Administrators must maintain a "suppression list" of email addresses from which all subscription requests are rejected. The purpose of the suppression list would be to prevent forged subscription of addresses by unauthorized third parties. Such suppression lists should also give properly authorized domain administrators the option to suppress all mailings to the domains for which they are responsible.


*vBulletin has this function built in, so this will not cause problems.


The nature and frequency of mailings should be fully disclosed.

List administrators should make adequate disclosures about the nature of their mailing lists, including the subject matter of the lists and anticipated frequency of messages. A substantive change in the frequency of mailings, or in the size of each message, may constitute a new and separate mailing list requiring a separate subscription.


*You should describe in your email text to which email the email has been sent, why the recipient is receiving the email, from who(include your url) and how often.

In addition, e-mail sent, or caused to be sent, to or through the Services may not:
? use or contain invalid or forged headers;
? use or contain invalid or non-existent domain names;
? employ any technique to otherwise misrepresent, hide or obscure any information in identifying the point of origin or the transmission path;
? use other means of deceptive addressing;
? use a third party's internet domain name, or be relayed from or through a third party's equipment, without permission of the third party;
? contain false or misleading information in the subject line or otherwise contain false or misleading content;
? fail to comply with additional technical standards described below; or
? otherwise violate the applicable Terms of Use for the Services.


Basically this means that you need to make sure that the way you are sending your email makes sense. If the way your server, domain, url and your email address are set up are not consistent this may lead the email provider to throw your site on their spammers list. Some considerations:
Is the domain on your server the same as the url of your website?
Is the sender email address of the same extension as your website?
Is the sender email address reachable?
Is the bounce email address of the same extension as your website?
Is the bounce email address reachable?

Since vb 3.7 there is an option to define a bounce email address. Many thanks to Jelsoft for adding this!


CAN-SPAM act:
What the Law Requires
Here's a rundown of the law's main provisions:
? It bans false or misleading header information. Your email's "From," "To," and routing information ? including the originating domain name and email address ? must be accurate and identify the person who initiated the email.
? It prohibits deceptive subject lines. The subject line cannot mislead the recipient about the contents or subject matter of the message.
? It requires that your email give recipients an opt-out method. You must provide a return email address or another Internet-based response mechanism that allows a recipient to ask you not to send future email messages to that email address, and you must honor the requests. You may create a "menu" of choices to allow a recipient to opt out of certain types of messages, but you must include the option to end any commercial messages from the sender.

Any opt-out mechanism you offer must be able to process opt-out requests for at least 30 days after you send your commercial email. When you receive an opt-out request, the law gives you 10 business days to stop sending email to the requestor's email address. You cannot help another entity send email to that address, or have another entity send email on your behalf to that address. Finally, it's illegal for you to sell or transfer the email addresses of people who choose not to receive your email, even in the form of a mailing list, unless you transfer the addresses so another entity can comply with the law.


*These 3 points has been discussed above.

? It requires that commercial email be identified as an advertisement and include the sender's valid physical postal address. Your message must contain clear and conspicuous notice that the message is an advertisement or solicitation and that the recipient can opt out of receiving more commercial email from you. It also must include your valid physical postal address.

*If you are sending advertisements or messages of commercial nature, you must include the above information in your email text message.

Hotmail has a special programme for senders. More information and subscription can be found here: http://postmaster.msn.com/Services.aspx

Yahoo!

? Remove email addresses that bounce.

*
As discussed above, this is a vital issue. See above for more information.


? Examine your retry policies.

Your retry policies are:
A. How often you resend email. Simply use common sense and do not send the same message to the same email twice unless it is essential to do so.
B. How often your server retries to send email. Since this is a server setting consult your server admin or your hosting co to make sure settings are correct.


? Pay attention to the responses from our SMTP servers.

*Responses from SMTP servers are sent as email to your bounce email address. Unfortunately vBulletin does not have functionality for this. I highly recommend installing Anti-Virus his EZ Bounced Email Management for Admins mod.

? Don't send unsolicited email. In this process, after you receive a subscription request, you send a confirmation email to that address which requires some affirmative action before that email address is added to the mailing list.

*vBulletin has this function built in.

? Provide a method of unsubscribing from your list in each mail you send.


*This is discussed above.

? Ensure that your mail servers are not open relays, and that your servers attempt to detect and deny connections to open proxies

*This is a vital issue as well. Although (if properly configured) vbulletin will not allow open relays, there are addons that allow bots & spammers to send email/spam through your site, there are hacks & mods that do allow third parties to use your site for a spamming spree. This should be avoided in any case. Often these problems will come to light by examining your catchall email address.

If a spammer is using your site?s functions to send spam, then study each problem and resolve the vulnerability. Please alert the creator of the mod, so that others will not encounter the same problems.

Explanation:
Normally an open relay would mean that your smtp mail server accepts requests without authorization. i.e. anybody can access it and send email from it. This can be tested through many online sites. Google it.

With vbulletin and its addons however, there are other open relay options, trough pages that have a function to send email. Make sure that guests can not use the 'Use Email to Friend' function anywhere on your site. I'd recommend turning this off for newbies as well.

Then go to your catchall email address. This is the standard email address where all bounced email arrives at. Often this is user@domain.com Ask your host if you do not know.

Have a look at the emails that got bounced and should not have sent by you. You may see spam sent from your server, that was then bounced back to your catchall address, because the addressee does not exist. This is where it gets interesting.
Review the message, the headers and the raw view. Find the path used to send the email and specifically the mail script that was used. The mail script often indicates that there is a script in one of your add-ons that allows spammers to send email through your site.

See if you can identify the script and the addon it is part of. If so, then first see if you can correct this by changing the setting of that addon. If yes, then post about it in the relevant thread / site to give others a heads up. If not, then let the coder know that there may be a problem with the addon.


Gmail:
Authentication & Identification
To ensure that Gmail can identify you:
? Use a consistent IP address to send bulk mail.
? Keep valid reverse DNS records for the IP address(es) from which you send mail, pointing to your domain.


*Please make sure your server admin has these settings right.

? Use the same address in the 'From:' header on every bulk mail you send.

*This speaks for itself.

We also recommend publishing an SPF record, and signing with DomainKeys.
For SPF see: http://www.openspf.org/


*SPF is a very interesting and handy concept. Basically you register how your email is sent. So if there is email sent from another email address, IP, domain, protocol, etc, then email providers will disregard the email. This can come in mighty handy if a spammer is using your email address or domain for spamming.

Subscription
Each user on your distribution list should opt to receive messages from you in one of the following ways (opt-in):
? Through an email asking to subscribe to your list.
? By manually checking a box on a web form, or within a piece of software.
We also recommend that you verify each email address before subscribing them to your list.


*As discussed above.

The following methods of address collection are not considered 'opt-in' and are not recommended:
? Using an email address list purchased from a third-party.


*Speaks for itself.

? Setting a checkbox on a web form or within a piece of software to subscribe all users by default (requiring users to explicitly opt-out of mailings).

*In other words;
adminCP -> vbulletin options -> User registration options -> default registration options
should not have ?automatic thread subscription? set to receive email notification.


Unsubscribing
A user must be able to unsubscribe from your mailing list through one of the following means:
? A prominent link in the body of an email leading users to a page confirming his or her unsubscription (no input from the user, other than confirmation, should be required).


*As described above.

? By replying to your email with the word 'unsubscribe' in the body of the message.

*This can be done by keeping an eye on your webmaster email address. It is my experience that virtually no one uses this method. If your experience is different, then please let me know by posting here.

To help ensure that your messages aren't flagged as spam, we also recommend that you:
? Automatically unsubscribe users whose addresses bounce multiple pieces of mail.


*As described above.

? Periodically send confirmation messages to users.

*Since members can unsubscribe in their userCP, this does not seem needed to me. There surely is no way for Gmail to check if you do this.

? Include each mailing list they are signed up for, and offer the opportunity to unsubscribe from those in which they are no longer interested.
? Provide a 'List-Unsubscribe' header which points to a web form where the user can unsubscribe easily from future mailings (Note: This is not a substitute method for unsubscribing).


*As described above.

It's possible that your users forward mail from other accounts, so we recommend that you:
? Explicitly indicate the email address subscribed to your list.


*In your email message text you need to describe which email address the email is sent to.

? Support a URL method of unsubscribing from your mailing list (this is beneficial if your mailing list manager can't tell who is unsubscribing based on the 'Reply-to:' address).

*Add a text to the email message that explains how to remove subscriptions by going to the userCP.
Reply With Quote
  #32  
Old 04-06-2010, 02:24 AM
Biker_GA Biker_GA is offline
 
Join Date: Oct 2004
Location: Where my hat is
Posts: 829
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

From what I've been reading, a better solution is to verify prior to accepting via SMTP, and then rejecting back to the originating server. That puts the NDR on that server, rather than your own. There have been some changes to the RFC and it's now suggested that NDRs not be sent under many conditions.

As for those bloody Microsoft pages, I'm very familiar with them. OH am I familiar with them. **banging head on desk** The email addresses dealing with SPF records are all outdated now, and I'm beginning to wonder if the pages themselves are really relevant. Once I finally get through to someone who knows what I'm talking about and get my issue resolved, I'll post the steps I had to take here.
Reply With Quote
  #33  
Old 04-08-2010, 12:18 AM
Hornstar Hornstar is offline
 
Join Date: Jun 2005
Location: Australia
Posts: 2,469
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I find yahoo to be my biggest problem. I even had to block yahoo for a while as it was just not worth the hassle. I still have far too many issues with them.
Reply With Quote
  #34  
Old 09-15-2010, 08:26 PM
Parture Parture is offline
 
Join Date: Aug 2005
Posts: 237
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

A month or two ago I had no problem, but after my forums were hacked into about a month ago, whenever a search bot or someone tried to access one of my forum pages (all my forum pages were down), it sent an email out to either gmail or yahoo to explain the error. Now that my forums are up and running again with a new host, I noticed that the verification email is not received for those who register with a Yahoo email or Gmail. But it is received by Hotmail.

So how do I solve this? For one I put a message in Notices for those who did not receive a verification email, saying a verification email is not received for Yahoo and Gmail because they must have my site on a blacklist. I don't do bulk emailings, so I am guessing why this happened was there was probably over 100,000 error reports sent out the past month when my forums were down so that is what created the blacklist.

Help.
Reply With Quote
  #35  
Old 09-15-2010, 09:08 PM
Alfa1's Avatar
Alfa1 Alfa1 is offline
 
Join Date: Dec 2005
Location: Netherlands
Posts: 3,537
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Have you followed the instructions in this article? If yes, then its a matter of time before everything goes back to normal.
Reply With Quote
  #36  
Old 09-16-2010, 01:26 AM
Parture Parture is offline
 
Join Date: Aug 2005
Posts: 237
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I believe none of the reasons in the article are why the blacklist occurred. The reason the blacklist occurred was because somewhere betweeen 100,000 and 1 million error reports were sent to my two emails, one at Yahoo an one at Gmail. Of course that has stopped since my forums are back up and running. Maybe overtime it will get reinstated?
Reply With Quote
  #37  
Old 09-16-2010, 09:08 AM
Alfa1's Avatar
Alfa1 Alfa1 is offline
 
Join Date: Dec 2005
Location: Netherlands
Posts: 3,537
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If those emails have not been sent from your server (IP address) but from gmail/yahoo then its best to just change your websites email account. That is likely an instant fix.
If not then it becomes a matter of time. If providers see no new problems with an account, then it will be reinstated in time. However, I do not know if the same goes for such massive amounts sent.
Reply With Quote
  #38  
Old 10-23-2010, 06:27 AM
SaN-DeeP's Avatar
SaN-DeeP SaN-DeeP is offline
 
Join Date: Jun 2002
Location: Mumbai, India
Posts: 1,195
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Very good article Alfa1
Reply With Quote
  #39  
Old 11-22-2010, 12:28 PM
asylum119 asylum119 is offline
 
Join Date: Oct 2010
Posts: 21
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Applaud your post

In vBulletin user banning options insert every email address and phrase that you can think of that might cause you being flagged as spam to the ban list, spam, postmaster, microsoft etc etc (because if a mod upsets a prick then a prick will sign up with the following to just be a prick)

I suggest assigning different email functions to different IP addressed and email addresses
newsletter=IP 1 : forum confirmation=IP 2 and so on, Now if you get marked as spam it shouldn't affect all your emails sent.

Now just pray that someone (that same prick) doesn't sign up using a honeypot address because most of the time these do not bounce and will result in your IP being flagged as spam.

If this happens then you will need even more IP addresses to do split email send outs to try and Isolate the bad email address. (start with the latest sign ups)

Before doing any mass sending I suggest sending a trial to spamcheck@sitesell.net making sure that in the subject line you put "TEST". The email will bounce straight back and give you a spam score. (if you don't put TEST in the subject and in capital letters your email will just be dropped from the server instead of bouncing back with the results)
Reply With Quote
  #40  
Old 12-17-2010, 12:19 PM
Alfa1's Avatar
Alfa1 Alfa1 is offline
 
Join Date: Dec 2005
Location: Netherlands
Posts: 3,537
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

For those of you that are using Photopost Pro: EZBounce does not remove subscriptions in Photopost Pro.

Another issue is that banned users continue to get their Photopost subscriptions. So until a solution is found, its best to turn off email functions for photopost completely.
Reply With Quote
  #41  
Old 12-27-2010, 03:04 PM
ageurtse ageurtse is offline
 
Join Date: Apr 2009
Location: almelo
Posts: 275
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

i'm having trouble sending emails to several email accounts.

when i send an activation email to hotmail or a lost password email to hotmail these aren't deliverd to that specified email adres.

the server indiates everithing went going right.

the problem occured 2 years ago at that time oure server whent hacked.
after discoverd this, the server went taken down. and we installed on a different server on a different hosting provider a newer vbulletin. next we are removed from the blacklists after emailing that whe wen't hacked and how we solved it.

but we still have some problems with several email adressen.
(hotmail.* kpn-mail.nl livemail.*) what could be wrong.

i read the above article but i don't know where or how to start.
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:15 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06395 seconds
  • Memory Usage 2,328KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_article
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (11)post_thanks_box
  • (1)post_thanks_box_bit
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete