May 12, 2017 at 12:10

How to remove your IP from the Gmail blacklist

Original author: Jeff Huckaby
  • Transfer
  • Tutorial

If your users redirect mail to Gmail, then they probably redirect spam as well. Gmail doesn't care that mail has been redirected. Their systems see that your server sends spam and blacklist it.

Gmail blacklist issues? You have come to the address.

Using the process described below, we have successfully resolved almost all of the Gmail blacklisting cases we encountered.

Gmail blacklist removal process


If you use this approach, you can also remove your IP from the Gmail blacklist.

We'll consider:

  • Gmail blacklisting criteria
  • Why have I been blacklisted?
  • Our investigation process
  • Gmail SMTP Errors
  • Gmail blacklist removal instructions
  • Getting help

If you do not know how to read mail logs, check DNS or service headers of letters, this article is not for you. Send it to your hosting provider or system administrator to solve the problem.

Be sure to check out our instructions for removing other email providers from blacklists . If Gmail blocks you, then others can too.

Gmail blacklisting criteria


Gmail has not disclosed the details of its filtering process. If they did, spammers would quickly find a way around the filters.

But we found out some typical reasons Gmail might reject mail from your server.

The most common causes are as follows:

  • Sending a large number of letters.
  • Sudden changes in the volume of emails sent.
  • Sending a letter to the spam trap.
  • Sending letters to unknown users.
  • Including the server IP address in the public blacklist
  • Gmail users have flagged your emails as spam.
  • Using the new IP address when sending emails.
  • Incorrect DNS settings.

If your server does any of the above, it’s as if you were sending spam. As a result, Gmail can block the IP addresses of your server.

A study by ReturnPath, our own experience and the opinions of other email delivery experts indicate that Google may use signals from these public blacklists:

  • pbl.spamhaus.org - the blacklist contains ranges of dynamic and non-server IP. Getting here is difficult for the server.

  • sbl.spamhaus.org - the blacklist contains letters that Spamhaus has flagged as spam.

  • xbl.spamhaus.org - the blacklist contains bots and exploit agents.

  • cbl.abuseat.org - the blacklist contains letters sent to spam traps or which users have marked as spam.

You can use the Multi-RBL search to check these and other lists. Inclusion in these lists is a clear indicator that there is some kind of spam problem on your server.

Why have I been blacklisted in Gmail?


When I deal with a server that is blacklisted in Gmail, I usually find one of the following three reasons:

  • Spammers run a web application (> 90%).
  • A compromised password or client computer (~ 5%).
  • Inappropriate email practices such as blindly redirecting mail to Gmail (~ 5%).

In more than 90% of cases, hackers use insecure web applications to send spam.

In such cases, the amount of spam, user complaints, or other reasons will trigger Gmail blacklist filters. They begin to block your server to protect their users from spam. We have seen spammers send spam through SSH tunnels .

Even in the absence of security problems, your server may still look like a spam system.

If you redirect mail from your server to Gmail, and there is spam, it looks like the server sends spam. As a result, Gmail may block your server.

If you want to solve the problem and get out of the black list, then you need to delve into the server and understand what the problem is. If you do not, all efforts will be futile.

Our Gmail Blacklist Investigation Process


Here is the process we use in our paid Gmail blacklist removal service:

  • Check server logs for 500 errors.
  • Check mail logs for blocking by other mail providers and public blacklists.
  • Look for Excessive SMTP Authentications, especially from IP change for the same user.
  • If you have PHP scripts, then configure PHP to log calls mailusing mail.log ini .
  • Check your IP with your favorite IP blacklisting tools.
  • Check the reputation of your mail server at SenderScore.org .
  • Verify that users are not redirecting bulk mail to Gmail and related domains.
  • Check for any newsletters or mailing lists that are sent from the server.
  • Verify that the DNS related entries ( PTR , DKIM , SPF ) are correct .
  • Look at the old logs and compare if the volume of letters has increased.

This process may take some time, especially on a busy server. I recommend starting with checking user compromise. Although such cases are relatively infrequent, they are much easier to detect than problems with the web application.

For example, on Plesk / Postfix configurations, you can connect shell commands in this way:

grep sasl_username /var/log/maillog|awk {'print $NF'} |sort |uniq -c |sort -n

Such a string will immediately return a list of authenticated users by username. If you see a large number of authentications, then this user can be studied in more detail.

Similar commands are suitable for extracting any useful statistics about the use of the mail server.

When studying the history of the mail server, pay attention to the following:

  • New errors 500 and 421 from other mail providers
  • IP blacklisting
  • Gmail Blacklist Response Code Changes
  • Your senderScore

Typically, such an investigation reveals a compromised web script or user password. The situation can be corrected by changing or deleting the script or simply changing the user password.

When you have eliminated the root cause of the problem, start tracking the amount of mail from the server and the response codes from Gmail. If you are not removed from the black list, then you can send a request to Google.

In most situations we encountered, such a request never had to be sent. Correction of the root cause and problems with DNS usually leads to exclusion from the black list within 3-5 days.

Gmail SMTP Errors


Black lists block your mail, and it does not fall into the Spam folder (see our article on why mail falls into the Spam folder ).

If you are on the black list, the mail provider will give SMTP shit with code 421 or 550.

They can be found in the server log:

Example of error 550 Example of error 421 If you see any of these errors, you are blacklisted and you need to get out . Below is a complete list of Gmail error codes.
Remote_host_said:_550-5.7.1 Our_system_has_detected_an_unusual_rate_of
unsolicited_mail_originating_from_your_IP_address.
_To_protect_our users_from_spam,_mail_sent_from_your_IP_address_has_been_blocked.
Please_visit_http://www.google.com/mail/help/bulk_mail.html
_to_review_our_Bulk_Email_Senders_Guidelines


421-4.7.0 unsolicited mail originating from your IP address.
To protect ourn421-4.7.0users from spam, mail sent from your IP address has been temporarilyn4
21-4.7.0 rate limited. Please visit http://www.google.com/mail/help/bulk_mail.n421 4.7.0 html
to review our Bulk Email Senders Guidelines. l41si55243084eef.158 - gsmtp





Gmail SMTP Error Codes


Please resend your message at a later time. If the user is able to receive mail at that time, your message will be delivered. Try again later.

To protect our users from spam, mail sent from your IP address has been temporarily blocked. Review our Bulk Email Senders Guidelines. This error occurs if the sender account is disabled or not registered within your Google Apps domain. To protect our users from spam, mail sent from your IP address has been blocked.

421, “4.4.5”, Server busy, try again later.
421, “4.7.0”, IP not in whitelist for RCPT domain, closing connection.421, “4.7.0”, Our system has detected an unusual rate of unsolicited mail originating from your IP address.
421, “4.7.0”, Temporary System Problem. Try again later.
421, “4.7.0”, TLS required for RCPT domain, closing connection.
421, “4.7.0”, Try again later, closing connection.450, “4.2.1” The user you are trying to contact is receiving mail too quickly.
450, “4.2.1”, The user you are trying to contact is receiving mail at a rate that prevents additional messages from being delivered. Please resend your message at a later time. If the user is able to receive mail at that time, your message will be delivered.
451, “4.3.0”, Mail server temporarily rejected message.
451, “4.3.0”, Multiple destination domains per transaction is unsupported. Please try again.
451, “4.4.2”, Timeout - closing connection.
451, “4.5.0”, SMTP protocol violation, see RFC 2821.
452, “4.2.2”, The email account that you tried to reach is over quota.452, “4.5.3”, Domain policy size per transaction exceeded, please try this recipient in a separate transaction.452, “4.5.3”, Your message has too many recipients.
454, “4.5.0”, SMTP protocol violation, no commands allowed to pipeline after STARTTLS, see RFC 3207.
454, “4.7.0”, Cannot authenticate due to temporary system problem.
454, “5.5.1”, STARTTLS may not be repeated.
501, “5.5.2”, Cannot Decode response.
502, “5.5.1”, Too many unrecognized commands, goodbye.502, “5.5.1”, Unimplemented command.502, “5.5.1”, Unrecognized command.503, “5.5.1”, “EHLO / HELO first.503, “5.5.1”, MAIL first.503, “5.5.1”, RCPT first.503, “5.7.0”, No identity changes permitted.
504, “5.7.4”, Unrecognized Authentication Type.
530, “5.5.1”, Authentication Required.
530, “5.7.0”, Must issue a STARTTLS command first.
535, “5.5.4”, Optional Argument not permitted for that AUTH mode.535, “5.7.1”, Application-specific password required.535, “5.7.1”, Please log in with your web browser and then try again.535, “5.7.1”, Username and Password not accepted.
550, “5.1.1”, The email account that you tried to reach does not exist. Please try double-checking the recipient's email address for typos or unnecessary spaces.
550, “5.2.1”, The email account that you tried to reach is disabled.550, “5.2.1”, The user you are trying to contact is receiving mail at a rate that prevents additional messages from being delivered.550, “5.4.5,” Daily sending quota exceeded.550, “5.7.0”, Mail relay denied.550, “5.7.0”, Mail Sending denied.550, “5.7.1”, Email quota exceeded.550, “5.7.1”, Invalid credentials for relay.550, “5.7.1”, Our system has detected an unusual rate of unsolicited mail originating from your IP address.
550, “5.7.1”, Our system has detected that this message is likely unsolicited mail. To reduce the amount of spam sent to Gmail, this message has been blocked.
550, “5.7.1”, The IP you're using to send mail is not authorized to send email directly to our servers. Please use the SMTP relay at your service provider instead.
550, “5.7.1”, The user or domain that you are sending to (or from) has a policy that prohibited the mail that you sent. Please contact your domain administrator for further details.
550, “5.7.1”, Unauthenticated email is not accepted from this domain.
552, “5.2.2”, The email account that you tried to reach is over quota.
552, “5.2.3”, Your message exceeded Google's message size limits.
553, “5.1.2”, We weren't able to find the recipient domain. Please check for any spelling errors, and make sure you didn't enter any spaces, periods, or other punctuation after the recipient's email address.
554, “5.6.0”, Mail message is malformed. Not accepted.
554, “5.6.0”, Message exceeded 50 hops, this may indicate a mail loop.
554, “5.7.0”, Too Many Unauthenticated commands.
555, “5.5.2”, Syntax error.

Try to limit the use of links, unusual characters in letters and not send messages with pictures only. These are common spamming tactics. If you act like a spammer, then Gmail may consider you to be one.

Gmail blacklist removal instructions


Before sending a request to Gmail, you should stop the behavior that looks like spam. If you have not done so, your efforts and time will be wasted.

If you stopped the spam stream from your server, Gmail usually automatically unblocks your IP within 3-5 days.

If not, you may need to contact them for help.

In this case, use this form to contact . Remember to log in to your Gmail / Google account first before submitting the form.



Instructions for filling out a form to remove from the Gmail blacklist


I strongly recommend that you fill out all the fields, although they are not required. It’s in your best interest to give your Gmail blacklist removal team members as much information as possible and to show that you are not a spammer.

Short description


Be precise and concise. For example, I usually use text like this:

The web application that sent spam to Gmail was compromised on the server. We removed this application from the server. After uninstalling the application, we no longer see unauthorized mail sent to Gmail.

Full Headers


Make sure the headings are in full and in text format. Only one example is needed. In general, I am trying to find a simplified example. This is a message that is sent directly from your server to Gmail. If the message passed through third-party servers, the headers may be hidden.

Use a text file (.txt) if possible. Avoid specific Windows and Mac formats.

Server logs


Copy only the necessary part of the server log. Just two or three entries will be enough. They should look like the examples of errors 550 and 421 above.

MX search


Although this is an optional field, it is a key indicator that DNS is working on your server. A successful result will look like this:

<br data-mce-bogus="1">
[jeffh@office ~]$ host -t mx gmail.com
gmail.com mail is handled by 40 alt4.gmail-smtp-in.l.google.com.
gmail.com mail is handled by 5 gmail-smtp-in.l.google.com.
gmail.com mail is handled by 10 alt1.gmail-smtp-in.l.google.com.
gmail.com mail is handled by 20 alt2.gmail-smtp-in.l.google.com.
gmail.com mail is handled by 30 alt3.gmail-smtp-in.l.google.com.

Telnet Connection


Make a test from the problem server using one of the records obtained by looking up the DNS above. A successful result will look like this:

<br data-mce-bogus="1">
[jeffh@office ~]$ telnet alt4.gmail-smtp-in.l.google.com 25
Trying 2800:3f0:4003:c01::1a...
Connected to alt4.gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP c68si3349613vkd.85 - gsmtp

Ping request


Ping test example. Please note that if your firewalls block ICMP traffic, the test may fail. Then just do not include the result in the application.

<br data-mce-bogus="1">
[jeffh@office ~]$ ping -c5 alt4.gmail-smtp-in.l.google.com
PING alt4.gmail-smtp-in.l.google.com (64.233.190.26) 56(84) bytes of data.
64 bytes from ce-in-f26.1e100.net (64.233.190.26): icmp_seq=1 ttl=43 time=169 ms
64 bytes from ce-in-f26.1e100.net (64.233.190.26): icmp_seq=2 ttl=43 time=169 ms
64 bytes from ce-in-f26.1e100.net (64.233.190.26): icmp_seq=3 ttl=43 time=169 ms
64 bytes from ce-in-f26.1e100.net (64.233.190.26): icmp_seq=4 ttl=43 time=169 ms
64 bytes from ce-in-f26.1e100.net (64.233.190.26): icmp_seq=5 ttl=43 time=169 ms
--- alt4.gmail-smtp-in.l.google.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4175ms
rtt min/avg/max/mdev = 169.448/169.487/169.600/0.523 ms

Additional Information


This field is not limited in size, but be concise. I usually list some unusual problems here or indicate that the client used to send a request for removal from the black list, but did not clean the server before that.

Submit form


After filling in all the fields, you can send the form. You should see the following:



Usually, an update occurs within five business days.

Keep in mind that it’s not easy to solve everything. If you immediately rush to the form page to remove from the black list without cleaning the server, most likely you will be added to the list again.

In July 2015, Google launched Gmail Postmaster Tools . They are similar to webmaster tools, but only for email. If you manage email for your domain or customers, you may want to register.

Getting help


Using this process, we solved all the * problems with blacklisting Gmail that we encountered.

* In fact, there were several cases where the problem could not be solved. Problem? The client kept a paid mailing list without confirming email addresses. If you act as a spammer, then Gmail will consider you a spammer and blacklist it.
Tags:

Also popular now: