4 Causes of e-mail Blacklisting and How to fix it (Part 1 of 2):
(If you think you’ve been blacklisted, see this blog first: What to do when your e-mail is blacksited)
Over the years, we’ve had clients get “blacklisted” which means they can no longer send e-mail out freely. This is normally caused by viruses, Trojans or both, but there are other causes. This blog outlines four common causes to blacklisting and gives a broad framework of policies and technology to minimise your risk.
Why did I get blacklisted?
Your domain name appears on a “blacklist” if spam or viruses are originating from your e-mail. The most common root causes:
- Mistake. An errant marketing campaign that did not follow procedures and is sending out spam directly from your servers. Marketing should know how to avoid this by using purpose built e-mail and list services. (In general, sending out e-mail to existing clients or employees is not a source for blacklisting.)
- Trojan. Someone in the office clicked on a file from a source that looked reputable (aka see article on phishing). A program (aka executable file, .exe) gains access to your server via a Trojan method. The program takes control of part of your e-mail and sends out spam or viruses from your e-mail.
- Virus infection. Similar to above, but instead of a Trojan, the attachment puts a virus on the computer which spreads to the network and begins infecting files that you send out via e-mail.
- Hacking. Someone hacks your servers or website by getting through the filters/routers. This results in your e-mail being used for non-intended purposes which look suspicious.
How can I avoid getting blacklisted?
In short, you can establish security policies, keep your spam filters and virus protection software updated and improve your security architecture.
1) Establish Security Policies
Establishing security policies involves educating your staff and getting them into a habit on best practices. Why put security policies in place? Security policies give your staff guidelines to follow for passwords, tells them how to handle unsolicited e-mail (spam) and restricts them on the type of websites they should visit.
- Password policies for staff. Ensure all passwords are at least 10 characters and have a combination of numbers, capital letters and small letters. The better security around passwords, the less often you need to change them. For more information on best passwords, go here.
- Password policies for devices and generic accounts. Most people are either unaware or forget about email accounts that are not attached to staff. Trojans look for weak links in your e-mail passwords. And since there are often generic e-mails for printers, phone systems, websites and admin roles, Trojan know to check these as they are often forgotten. Similar to user passwords, device and generic account passwords need to be difficult for hackers and trojans to decipher.
- Opening emails and visiting websites. In short, if you do not know what it is or were not expecting it, don’t click.
2) Keep your Spam filters and Virus protection up to date
Most spam filters can be optimised to ensure you do not get much spam. If you make the rules too lax, you’ll get 100’s of unwanted mail. Make it to rigid and some of your best clients will go into the spam folder. Not all spam filters are equal so get your managed services provider to recommend what works best for you.
Viruses are contantly being written and released in the web. Good virus protection software is regularly updated based on the latest threats appearing across the internet. Keeping your virus protection updated and ensuring they are running regular scans will minimise your chances of getting infected.
Don’t set and forget. Keep your Spam and Virus protection updated.
3) Upgrade your security architectture.
Have you outgrown your current virus and spam filter software? See part 2 (“3 Security Tools to fight and manage blacklists”) In part 2 of this article, we’ll look at best security practices for small to medium businesses.
For best practices on Managed Services, contact us at 1300 797 838 or visit our website at http://www.EmpowerIT.com.au.
Other Security Blog References:
See blog post on safe passwords. Security Education Part 2: Safe Passwords
See blog post on phishing scams. Security Phishing Scams
See blog post on how to get delisted on blacklist. What to do when your e-mail is Blacklisted