How to remove your IP from the black list of Gmail

If your users are redirecting mail to Gmail, then they probably redirect and spam. Gmail doesn't care if the mail has been redirected. Their systems see that your server sends spam, and put it in the black list.

Problems with the Gmail blacklist? You came to the address.

Using the process described below, we successfully resolved almost all cases of Gmail blacklisting that we encountered.

Gmail Blacklist Removal Process

If you apply this approach, you can also remove your IP from the Gmail blacklist.
')
We'll consider:

Gmail Blacklist Criteria
Why was I blacklisted?
Our investigation process
Gmail SMTP errors
Gmail Blacklist Removal Instructions
Getting help

If you don’t know how to read mail logs, check DNS or service headers of letters, this article is not for you. Send it to your hosting provider or system administrator to solve the problem.

Do not forget to see our instructions for removing other mail providers from the black lists . If Gmail blocks you, others can.

Gmail Blacklist Criteria

Gmail does not disclose the details of its filtering process. If they did, then spammers would quickly find a way around the filters.

But we’ve learned some typical reasons why Gmail can reject mail from your server.

The most common causes are as follows:

Mailing a large number of letters.
Sudden changes in the volume of letters sent.
Sending a letter to the spam trap address.
Sending letters to unknown users.
Inclusion of server IP address in public blacklist
Gmail users have tagged your email as spam.
Use a new IP address when sending emails.
Incorrect DNS settings.

If your server does any of the above, then you seem to send spam. As a result, Gmail can block the IP addresses of your server.

The ReturnPath survey, our own experience and the opinions of other letter delivery experts indicate that Google can use signals from these public blacklists:

pbl.spamhaus.org - the black list contains dynamic and non-server IP ranges. Getting to the server is difficult.
sbl.spamhaus.org - the blacklist contains emails that Spamhaus has marked as spam.
xbl.spamhaus.org - the blacklist contains bots and exploit agents.
cbl.abuseat.org - the black list contains emails sent to spam traps or that users have marked as spam.

You can use the Multi-RBL search to check these and other lists. Inclusion in these lists is an obvious indicator that there is a problem with spam on your server.

Why have I been blacklisted by Gmail?

When I deal with a server that is on the Gmail blacklist, I usually find one of the following three reasons:

Spammers exploit the web application (> 90%).
Compromised password or client computer (~ 5%).
Incorrect e-mail practices, such as blindly forwarding mail to Gmail (~ 5%).

In more than 90% of cases, hackers use unprotected web applications to send spam.

In such cases, the volume of spam, user complaints, or other reasons lead to the triggering of Gmail blacklist filters. They start blocking your server to protect their users from spam. We have seen spammers send spam through SSH tunnels .

Even in the absence of security problems, your server may still look like a spam system.

If you redirect mail from your server to Gmail, and there is spam there, it looks like the server is sending spam. As a result, Gmail may block your server.

If you want to solve the problem and get out of the black list, then you need to delve into the server and understand what the problem is. If you do not do this, all efforts will be futile.

Our Gmail blacklist investigation process

Here is the process that we use in our paid Gmail blacklist service:

Check server logs for 500 errors.
Check the mail logs for blocking by other mail providers and public blacklists.
Look for Excessive SMTP Authentications, especially from changing IP for the same user.
If you have PHP scripts, configure PHP to log mail calls using mail.log ini .
Check your IP with your favorite tools for checking IP in blacklists.
Check your email server reputation at SenderScore.org .
Check that users don’t redirect bulk mail to Gmail and related domains.
Check for any newsletters or mailing lists that are sent from the server.
Make sure that the records related to DNS ( PTR , DKIM , SPF ) are correct.
Look at the old logs and compare whether the volume of letters has grown.

This process can take time, especially on a busy server. I recommend to start with checking the compromise of users. Although such cases are relatively rare, they are much easier to identify than problems with a web application.

For example, on Plesk / Postfix configurations, you can put together shell commands in this way:

 grep sasl_username /var/log/maillog|awk {'print $NF'} |sort |uniq -c |sort -n

Such a string will immediately return the list of authenticated users by user name. If you see a large number of authentications, then this user can be studied in more detail.

Similar commands are suitable for extracting any useful statistics about the use of the mail server.

Studying the history of the mail server, pay attention to the following:

New bugs 500 and 421 from other mail providers
Entering IP into public blacklists
Gmail Blacklist Response Code Changes
Your SenderScore

Typically, such an investigation reveals a compromised web script or user password. The situation can be corrected by changing or deleting the script or simply changing the user password.

When you have fixed the root cause of the problem, start tracking mail volume from the server and response codes from Gmail. If you are not removed from the black list, you can send a request to Google.

In most situations we have encountered, such a request has never been sent. Correcting the root cause and DNS problems usually results in exclusion from the blacklist within 3-5 days.

Gmail SMTP errors

Blacklists block your mail, and it does not go to the Spam folder (see our article on why mail goes to the Spam folder ).

If you are on the black list, your mail provider will give a bouncing SMTP with the code 421 or 550.

They can be found in the server log:

Error Example 550

Remote_host_said:_550-5.7.1 Our_system_has_detected_an_unusual_rate_of
unsolicited_mail_originating_from_your_IP_address.
_To_protect_our users_from_spam,_mail_sent_from_your_IP_address_has_been_blocked.
Please_visit_http://www.google.com/mail/help/bulk_mail.html
_to_review_our_Bulk_Email_Senders_Guidelines

Error Example 421

421-4.7.0 unsolicited mail originating from your IP address.
To protect ourn421-4.7.0users from spam, mail sent from your IP address has been temporarilyn4
21-4.7.0 rate limited. Please visit http://www.google.com/mail/help/bulk_mail.n421 4.7.0 html
to review our Bulk Email Senders Guidelines. l41si55243084eef.158 - gsmtp

If you see any of these errors, then you are blacklisted and need to get out of there.

Below is a complete list of Gmail error codes.

Gmail SMTP Error Codes

Please resend your message at a later time. If your user is able to receive mail at that time, your message will be delivered. Try again later.

IP address has been temporarily blocked. Review our Bulk Email Senders Guidelines. This error occurs when your Google Apps domain is registered. IP address has been blocked.

^{421, “4.4.5”, Server busy, try again later.}
^{421, “4.7.0”, IP not in whitelist for RCPT domain, closing connection.}	^{421, “4.7.0”, our IP address.}
^{421, “4.7.0”, Temporary System Problem.} ^{Try again later.}
^{421, “4.7.0”, TLS required for RCPT domain, closing connection.}
^{421, “4.7.0”, Try again later, closing connection.}	^{450, “4.2.1” is receiving mail too quickly.}
^{450, “4.2.1”, you’re not satisfied.} ^{Please resend your message at a later time.} ^{If your user is able to receive mail at that time, your message will be delivered.}
^{451, “4.3.0”, Mail server temporarily rejected message.}
^{451, “4.3.0”, Multiple destination domains per transaction is unsupported.} ^{Please try again.}
^{451, “4.4.2”, Timeout - closing connection.}
^{451, “4.5.0”, SMTP protocol violation, see RFC 2821.}
^{452, “4.2.2”, you tried to reach is over quota.}	^{452, “4.5.3”, please try this recipient in a separate transaction.}	^{452, “4.5.3”, Your message has too many recipients.}
^{454, “4.5.0”, SMTP protocol violation, no commands allowed to pipeline after STARTTLS, see RFC 3207.}
^{454, “4.7.0”, Cannot authenticate due to the temporary system problem.}
^{454, “5.5.1”, STARTTLS may not be repeated.}
^{501, “5.5.2”, Cannot Decode response.}
^{502, “5.5.1”, Too many unrecognized commands, goodbye.}	^{502, “5.5.1”, Unimplemented command.}	^{502, “5.5.1”, Unrecognized command.}	^{503, “5.5.1”, “EHLO / HELO first.}	^{503, “5.5.1”, MAIL first.}	^{503, “5.5.1”, RCPT first.}	^{503, “5.7.0”, No identity changes.}
^{504, “5.7.4”, Unrecognized Authentication Type.}
^{530, “5.5.1”, Authentication Required.}
^{530, “5.7.0”, Must issue a STARTTLS command first.}
^{535, “5.5.4”, Optional Argument not permitted for that AUTH mode.}	^{535, “5.7.1”, Application-specific password required.}	^{535, “5.7.1”, Please try again.}	^{535, “5.7.1”, Username and Password not accepted.}
^{550, “5.1.1”, tried to reach does not exist.} ^{Please try to double-check the spaces for unnecessary spaces.}
^{550, “5.2.1”, you tried to reach is disabled.}	^{550, “5.2.1”, you are not satisfied.}	^{550, “5.4.5”, Daily sending quota exceeded.}	^{550, “5.7.0”, Mail relay denied.}	^{550, “5.7.0”, Mail Sending denied.}	^{550, “5.7.1”, Email quota exceeded.}	^{550, “5.7.1”, Invalid credentials for relay.}	^{550, “5.7.1”, unsolicited mail IP address.}
^{550, “5.7.1”, unsolicited mail.} ^{To reduce the amount of spam sent to Gmail, this message has been blocked.}
^{550, “5.7.1”, it is not authorized to send emails directly to our servers.} ^{Please use the SMTP relay at your service provider instead.}
^{550, “5.7.1”, This is what you’ve sent.} ^{Please contact your domain administrator for further details.}
^{550, “5.7.1”, Unauthenticated email is not accepted from this domain.}
^{552, “5.2.2”, you tried to reach is over quota.}
^{552, “5.2.3”, Your message exceeded Google’s message size limits.}
^{553, “5.1.2”, We can’t be able to find the recipient domain.} ^{Please check for any spaces you’re typing after the recipient’s email address.}
^{554, “5.6.0”, Mail message is malformed.} ^{Not accepted.}
^{554, “5.6.0”, Message exceeded 50 hops, this may indicate a mail loop.}
^{554, “5.7.0”, Too Many Unauthenticated commands.}
^{555, “5.5.2”, Syntax error.}

Try to limit the use of links in the letters, unusual characters and not send messages only with pictures. These are the usual spamming tactics. If you behave like a spammer, then Gmail may consider you as such.

Gmail Blacklist Removal Instructions

Before sending a request to Gmail, you should stop the behavior that looks like spam. If you have not done so, your efforts and time will be wasted.

If you have stopped the flow of spam from your server, Gmail will usually automatically unlock your IP within 3-5 days.

If not, you may need to contact them for help.

In this case, use this form to contact . Remember to log in to your Gmail / Google account before submitting the form.

Instructions for completing the form to remove from the black list Gmail

I strongly recommend to fill all the fields, although they are not required. It is in your interest to give the Gmail Blacklist removal team members as much information as possible and to show that you are not a spammer.

Short description

Be precise and concise. For example, I usually use this text:

A web application that sent spam to Gmail was compromised on the server. We removed this application from the server. After removing the application, we no longer see unauthorized mail being sent to Gmail.

Full headers

Make sure that the headings are given in full and in text format. Only one example is needed. In general, I am trying to find a simplified example. Such a message, which is sent directly from your server to Gmail. If the message has passed through third-party servers, the headers may be hidden.

Use a text file (.txt) if possible. Avoid specific Windows and Mac formats.

Server logs

Copy only the necessary part of the server log. Just two or three entries will be enough. They should look like the error examples 550 and 421 above.

MX search

Although this is an optional field, it is a key indicator that the DNS on your server is working. A successful outcome will look like this:

&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br data-mce-bogus="1"&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
[jeffh@office ~]$ host -t mx gmail.com
gmail.com mail is handled by 40 alt4.gmail-smtp-in.l.google.com.
gmail.com mail is handled by 5 gmail-smtp-in.l.google.com.
gmail.com mail is handled by 10 alt1.gmail-smtp-in.l.google.com.
gmail.com mail is handled by 20 alt2.gmail-smtp-in.l.google.com.
gmail.com mail is handled by 30 alt3.gmail-smtp-in.l.google.com.

Telnet connection

Make a test from the problem server using one of the records obtained by searching the DNS above. A successful outcome will look like this:

&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br data-mce-bogus="1"&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
[jeffh@office ~]$ telnet alt4.gmail-smtp-in.l.google.com 25
Trying 2800:3f0:4003:c01::1a...
Connected to alt4.gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP c68si3349613vkd.85 - gsmtp

Ping request

An example of a ping test. Please note that if your firewalls block ICMP traffic, the test may fail. Then just do not include the result in the application.

&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br data-mce-bogus="1"&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
[jeffh@office ~]$ ping -c5 alt4.gmail-smtp-in.l.google.com
PING alt4.gmail-smtp-in.l.google.com (64.233.190.26) 56(84) bytes of data.
64 bytes from ce-in-f26.1e100.net (64.233.190.26): icmp_seq=1 ttl=43 time=169 ms
64 bytes from ce-in-f26.1e100.net (64.233.190.26): icmp_seq=2 ttl=43 time=169 ms
64 bytes from ce-in-f26.1e100.net (64.233.190.26): icmp_seq=3 ttl=43 time=169 ms
64 bytes from ce-in-f26.1e100.net (64.233.190.26): icmp_seq=4 ttl=43 time=169 ms
64 bytes from ce-in-f26.1e100.net (64.233.190.26): icmp_seq=5 ttl=43 time=169 ms
--- alt4.gmail-smtp-in.l.google.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4175ms
rtt min/avg/max/mdev = 169.448/169.487/169.600/0.523 ms

Additional Information

This field is not limited in size, but be concise. I usually list some unusual problems here or indicate that the client used to send a request for deletion from the black list, but didn’t clean the server before that.

Submit Form

After filling in all the fields you can send the form. You should see the following:

Usually the update occurs within five business days.

Keep in mind that in an easy way to solve everything will not work. If you immediately hurry to the page of the form for removal from the black list, without cleaning the server, most likely you will be added to the list again.

In July 2015, Google launched Gmail Postmaster Tools . They look like webmaster tools, but only for email. If you manage e-mail for your domain or clients, you may want to register.

Getting help

Using this process, we solved all the * problems with the Gmail blacklist that we encountered.

* In fact, there were several cases where the problem could not be solved. Problem? The client led a paid mailing list without confirming email addresses. If you are acting as a spammer, then Gmail will consider you a spammer and blacklist you.

Source: https://habr.com/ru/post/328490/

All Articles