Hi everyone! Two weeks ago, we had two ranges of IP blocked by GMail and since they are a black box, we were in the dark about what would happen with the ban.
We made some progress since then and I wanted to share with you what happened, what we did, and what resulted from it because it might help others have their IP unblocked by Gmail. About two weeks ago, we started receiving abuses reports because somehow our emails were used as spam. At first, I thought they were occasional and discarded them (we get a few from time to time), but they kept arriving, and we had more and more reports every day (up to around 50 abuses reports per day). I started retracing the emails back (we add some headers that help us identify the whole flow) and discovered that many reports were originating from the same email. The abuse reports included a spamcop.net report with the entire email (but with the destination recipient removed). My initial assumption, then, was to believe that OVH (our hosting provider, sending us the abuse reports) and/or Spamcop.net weren't checking for duplicates, and someone sending many abuse reports from the same email triggered the notifications, every time. After a discussion with OVH about this potential issue, I discovered that the problem was worst than that. By comparing all the emails from Spamcop.net reports, I discovered that they were from a few emails, but then, they had new headers added on top. This included a new "To", "Subject" and "Date" header. An email sent 4 days ago was sent again, with an updated date. The initial "Subject" was basic things like "hello" and the new Subject added at the top was more spammy (the typical horny stuff). Clearly, someone used the reputation of ImprovMX.com to deliver emails by forging them before delivery. It took us a few days to realize this whole situation, which caused our domain and IP reputation to take a serious hit. As soon as we uncovered it, we started blocking all the domains that were doing this. We also were able to retrace other accounts created by the same user and blocked all the domains. All of these domains were free ones (ending in .ml, .cf, .gq, .ga, etc) so we also decided to stop accepting these domains. But the harm was done, for 50% of all our IPs, Gmail stopped accepting them and was returning "*Our system has detected that this message is likely suspicious due to the very low reputation of the sending domain. To best protect our users from spam, the message has been blocked*". We started to panic. We know that Gmail is impossible to reach out to, and we had absolutely no idea if these IPs were blocked forever, or, if not, for how long. The first thing we did was to stop running these IPs for a while. We also went to this URL ( https://support.google.com/mail/contact/bulk_send_new) and submitted everything we could, by being the most verbose possible. And we waited... We tried restarting the IP the next day, but they were still being refused so we disabled them. After around a week, we restarted the IP and they were accepted by Gmail! We haven't received any responses from the form we submitted, nor from anywhere else. Our domain reputation is still in the "bad" from the Postmaster tool ( https://gmail.com/postmaster/) and we are trying to find ways to reverse it (still haven't figured that one) but the IPs are now working again. My key takeaway here in case your IPs are banned by Gmail is: - First - and most importantly - find and stop the root cause of the problem - If you can, stop sending with these IPs (after fixing the issue, otherwise you'll get your other IP listed too!) - Reach out to Gmail via https://support.google.com/mail/contact/bulk_send_new - Try restarting your IP from time to time. Someone working at Google told us that their Spam Ops were easily removing the flags on the IPs when it was the first time, so if you get your IP frequently blocked at Google, maybe this won't apply to you. I hope this will help some of you. Being blocked by Gmail is hard, and facing a black box makes it even harder. You don't know where to look, you don't know what to do, you don't know who to reach out to. My associate sent a message on this mailing list regarding our issue, trying to have feedback on what to do and if someone else already faced this, and we had some awesome help and feedback from people (thank you so much) but the general feeling was clearly that Gmail is not on this world. May your IPs stay out of DNSBLs. Best, Cyril
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop