“Our emails are not getting through!”
That was the call Ronnie Thacker, engineer for 3Nines Technology received earlier this week from a 3Nines Managed Services client. The client was getting notifications that their outbound emails were bouncing and they didn’t know why.
After doing a bit of researching, Ronnie discovered the email record was fine, but client’s domain had been blacklisted because a spammer was spoofing the client’s domain. He contacted the web site developer and had them install an SSL certificate, which proved that the client owned the site and prevented the spammer from spoofing the site. Problem solved.
After receiving the call, Ronnie sprung into action. His first thought was that the client’s email IP address had been put on a spam list. This is common if an outbound SMTP mail server has been hacked and is sending out spam email on behalf of the client. Ronnie checked the client’s MX-record (the domain name server (DNS) entry that tells outside mail servers where to route mail for this client.
Email transmission explained
Email typically has two components. They are often – but not always – hosted on the same server. Outbound email is sent by an SMTP (simple mail transfer protocol) service to an inbound mail server. The sending server looks up the receiving server address by querying a DNS (domain name system) server to get the address (MX record) for the inbound server. For example, if Company A wants to send email to Company B, the Company A email server sends out a DNS request that says “hey, what is the email server address for Company B?” The DNS server replies back with the MX record for Company B. The email server for Company A then sends email to company B via the SMTP protocol.
Ronnie noted that their mail service was not hosted on their web site but instead on Microsoft Office 365. He knew from experience that Office 365 would most likely not be sending spam so he looked elsewhere. He started looking closely at the headers of the returned emails and eventually came to conclusion that the IP address source of the bouncing email was from the client’s web site, not from their email server. This was a good clue!
Web Site SSL certificate
Ronnie’s next step was to browse to the client’s web site. The first thing he noticed was that the web site was not using an SSL certificate. These cryptography certificates are used to prove web site ownership and can be used to encrypt traffic between a web server and a web client browser. He suspected that a spammer was spoofing the client’s server to bulk-send spam emails. Because of these spam emails sent using the client’s domain name, the client’s web site IP address had been “blacklisted.” This means their email was automatically getting blocked by email servers that monitored this blacklist. Even legitimate emails from the client were bouncing because the client’s domain was on this blacklist.
Ronnie logged into the client’s GoDaddy domain naming account and verified what he found. His next step was to contact both the client and the web site developer to let them know what he found, and to suggest that they order an SSL certificate for the domain name/web site. The web developer ordered and installed an SSL certificate, which then took the client’s domain off the blacklist.
Problem solved, email now going through.
Just another support call handled by a 3Nines Technologies engineer. Complex technology is what we do. So you don’t have to. You can concentrate on running your business.
Today’s business technology environment is complex. That is what we do, so you don’t have to. You can concentrate on running your business!Terry Suellentrop, CEO