Thu, August 14, 2008 — CIO — We can't live without e-mail. Even though the Internet standards warn us not to depend on any given e-mail message ever arriving at its destination, every business executive knows how important it is for the mail to get there. But if your mail server's IP address is stuck in a blacklist—a list of addresses or domains identifying known spammers—your e-mail newsletters and individual e-mail messages will be blocked long before they get to their recipients.

Blacklists are distributed in a format which can be easily queried by Internet applications, particularly e-mail servers. Many (if not most) e-mail administrators use blacklists (sometimes called RBLs, for Real-time Blackhole Lists) as one step in their process of removing spam before it ever reaches an end user. If you discover that your site or e-mail server is included—even if it was all a terrible, terrible mistake—you will discover just how painful and time-consuming it is to get yourself off the list. And in the meantime, your e-mail traffic is cut off.

Nobody really wants this to happen—except, of course, to actual spammers. But it does happen, even to well-meaning people. Fortunately, ignorance is curable. Here are several common ways that companies find themselves blacklisted.

1. Buy an e-mail list from any random provider.

Marketers (and content-generators such as CIO.com! Did I mention we have some great newsletters of our own?) understandably want to disseminate the company's information to as wide an audience as possible, and as quickly as possible. One common way to extend a company's reach (a leftover of the print catalog era, but less effective online) is to buy a mailing list of qualified buyers or people who have expressed interest in similar services.

E-mail is expected to be opt-in; that is, someone must explicitly give permission to receive unsolicited commercial mail from a particular sender. Almost by definition, anyone who sells a list of e-mail addresses is distributing those IDs without the users' consent. Permission cannot be bought, sold, bartered or assumed; it must be acquired directly from the only person who can give it: the owner of an e-mail address. Savvy spam-fighters intentionally sign up for some lists with "spam-trap" IDs just to see if the e-mail ID will be abused.

If you're thinking of buying a list, you'd better be sure that the IDs were acquired properly—which is rare. (The SpamHaus website tells people to never buy a list of e-mail addresses for bulk distribution.) Otherwise: BAM! Straight shot to a blacklist.