Eight Quick Ways to Get Your Site Blacklisted

Page 3 of 3

Even More Tips

5. Piss off your technically knowledgeable staff.

If someone is on the inside, and they have been nodding along at each of the points I've already made, it's not all that difficult for them to get a company blacklisted. (I'll avoid examples here, because I don't want to make the job too easy for any disgruntled employees who might be reading this article.)

I'm sure that you treat all your employees well, that they are qualified for their jobs and that you have trained them on acceptable use policies for e-mail (you do have them, don't you? Please tell me you do). Yes, sure you treat every employee with unrelenting positive regard and gobs of respect -- and I am the Queen of the May.

Someone, somewhere in your organization will eventually decide that he is being pushed to the limit -- and then you'll end up in a situation like the City of San Francisco's rogue network administrator. What technology do you have in place to make it difficult (it'll never be impossible) for an upset insider to give his manager a Very Bad Day?

6. Run a sloppy mail server.

Mail servers that don't follow the rules have a myriad of ways to get their feet caught in a spam-trap, some of which were enumerated in other CIO.com articles. Some of them are technical, under the purview of your e-mail admin, such as "The HELO/EHLO string should ideally match the full domain name."

Bottom line, here: follow the standards.

For more down-and-dirty details, see An Introduction to E-mail Management, An Introduction to E-mail Technology and Getting Clueful: Five Things You Should Know About Fighting Spam.

7. Ignore the security on devices which may be compromised by spambots.

Your e-mail server may be pristine in its behavior, but if one of your end-user's computers has been taken over by a virus which is sending spam, your domain is still responsible for polluting the Internet. Pay attention to software installed on your desktops and servers, either by staff (using social engineering or deliberate malfeasance) or when users visit compromised websites.

Don't cast your hairy eyeball only at standalone PCs. One e-mail admin told me he once flagged an open relay that turned out to be an electron microscope at a Belgian university. HP printers have been used as zero-day warez (pirated software) FTP servers. The more gizmos that are connected to the Internet, the greater the possible venues for spam and viruses. (Doesn't that thought just brighten your day?)

8. If you do land on a blacklist, threaten to sue and make angry demands.

It is possible to find your site on a blacklist because of an innocent mistake. But when you go to resolve the situation, assume that it was your error or ignorance that caused the problem, not someone else's fault. Do not threaten. You may find yourself on the "permanent block list" with no chance to be removed. One e-mail admin says he blacklists for life anyone who tries to sue, including legal firms handling the cases. "Since they support Internet abuse, they really don't need to have the privilege of using it," he adds.

Matthias Leisi, project leader at dnswl.org, a "whitelist" of known legitimate e-mail servers, says, "We once had a guy threatening to sue us at dnswl.org if we would not immediately list all his IP addresses with highest trust score. When we told him that this is not the way we operate, he went into ALL CAPS MODE, telling us what a bunch of incompetent losers we are, and that he still insists to be listed, "or else...".

In point of fact, there is no "or else." Like a baseball player who disagrees with an umpire: the umpire may be wrong, but his decision is final. If you argue, you'll just be thrown out of the game.

This story, "Eight Quick Ways to Get Your Site Blacklisted" was originally published by CIO.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
| 1 2 3 Page 3
Shop Tech Products at Amazon