IP Address blocking by MagicSpam

IP Address blocking by MagicSpam

MagicSpam is a subscription-based service from LinuxMagic that blocks spam. It has a different business model to the usual IP blacklist/spam filtering services. If your IP addresses get listed on the blacklist that powers MagicSpam, you will need more than 'abracadabra' to get you out of trouble.

Blacklisting - why it is important and how it works

Every computer and device has a unique IP address - a series of numbers that form a numerical fingerprint. A bad reputation is assigned to an IP address when it appears on one of the many 'blacklists' that are curated online.

An IP address can appear on a blacklist for a number of reasons, including being persistently reported for sending spam, either in mass mailings or by sending to spam traps. Bad server configuration that makes the server vulnerable to bot attack, trojans and virus instances and geographical location can all be triggers for blacklisting.

Many organisations and individuals gather details of IP addresses associated with bad actor behaviour online. Their tolerances are different, so there is no pattern or definition to describe exactly how an IP gets listed.

People share details of blacklisted IP addresses, usually for free in a community style, self-policing approach to keep the internet clean.  Selected lists are called up by software security and service providers. Security protocols on many networks include referring to IP blacklists and blocking emails from IP addresses that feature on a blacklist.

As a leading email validation company, we're familiar with blacklist triggers

Our systems can contact mail servers at high speeds with repeated queries, so sometimes email validation can be mistaken for a threat. It takes time and patience to get to know blacklist triggers and avoid being listed.

We often provide support for companies with email deliverability issues, so we signpost people to services that check IP reputation. We use  MXToolbox. It's the industry 'go-to' checking service., referring to over 100 blacklists when it performs IP checks for blocked addresses.

Main reasons why IP addresses get blocked

  • Spam report recency and frequency: e.g. the DNS Servicios lists IP addresses that send emails where 5 or more spam reports are listed within 6 hours
  • Geographical location / geographical action: Korean network IP addresses are listed by Korean Services.net and Calivent lists IP addresses that send spam to Peru.
  • Poor configuration on the server set up:  Numerous lists include details of servers that are not configured correctly, making them vulnerable to being used by bots, to send spam and viruses

What happens when an IP address is blacklisted

System managers refer to blacklists in order to filter incoming mail from banned IP addresses. This helps keep systems relatively safe from attack and spam free. The majority of blacklists are continually updated; listings expire over time as the behaviour or status that has caused them to be listed changes. An IP address can be good one minute and bad the next - depending on what it's doing or how it's configured. Some delisting is automatic, sometimes network managers have to get in touch with the list curator and ask for their IP address to be checked and removed from the list. Removal from blacklists is in almost every instance, free.

You shouldn't have to pay to get your IP address removed from a blacklist

On the MXToolbox directory of over 100 blacklists, there is only one that charges for removal, and it comes with a big warning from MXToolBox. It's a list called Backscatterer, which is associated with a company called UCEProtect.

Why MagicSpam and LinuxMagic's MIPSpace list is different

MagicSpam is a spam filtering tool from LinuxMagic. It's powered by a number of blacklists, including the SpamRats family and a blacklist called MIPSpace. Both of these sources are closely associated with LinuxMagic.

The MIPSpace list curators and the team at MagicSpam take a different view of the way that IP blocking works.

They take the stance that any 'commercial marketing company' performing any type of email marketing should be blocked. The IP addresses of companies seen to be carrying out email marketing are added to the list, so the addition of an IP to the blacklist isn't triggered by IP behaviour, it's triggered by opinion.

MIPSpace doesn't simply block individual IP addresses, it blocks entire ranges, so thousands of addresses are listed at a time - devices that have never been online can be on the MIPSpace blocking list. That's some kind of magic trick...

How to get an IP address off the MIPSpace blacklist

It seems the way to get an IP address unblocked is to pay the ransom and also convince the curators that your IP address isn't being used to perform any email marketing. That doesn't seem easy, especially as the MIPSpace definition of email marketing isn't based on spam alert triggers or email volume. For example, we've seen a blog article about a company being trapped on the MIPSpace list for sending bulk mail invoices to customers. In the MIPSpace world, sending any kind of bulk email is viewed as unwanted email marketing - even opt-ed in lists and sales confirmation emails...

The way to get around the MIPSpace listing is to have your IP address/address range whitelisted by the email provider of the people you're trying to email. Obviously, this won't work in all cases and it's a pain to administer. Ultimately it would be better if you could get them to stop being bewitched by the charms of MagicSpam!

Security issues are a huge threat, and it's easy to see why some system managers might feel reassured by MagicSpam. Unfortunately, it stops real companies dealing with real customers, and causes hassle to people who are running legitimate businesses. We think MIPSpace is a blacklist that ought to do a vanishing act!

What else can you do? The real trick for dealing with MagicSpam.

If you are sending legitimate emails compliant with current spam regulations and you have issues with MagicSpam/LinuxMagic blocking your messages, it is unlikely that the guys at MagicSpam/LinuxMagic will be helpful. Don't waste your time trying and don't pay them any money!

Instead, work with the companies that are using MagicSpam/LinuxMagic and point them to this article.  The chances are that anyone using MagicSpam/LinuxMagic WILL be experiencing deliverability problems with their inboxes.

Moving away from MagicSpam/LinuxMagic to decent and honest mail services (we recommend Google for Business) will solve deliverability issues instantly.

Links

Spamhaus - a credible internet blacklist pioneer

MXToolBox - an IP reputation checking service and all round useful resource

UCEProtect - Email Hippo blog article about Backscatterer and UCEProtect

This is not a link to MagicSpam - we'd rather not drive traffic in that direction!

What To Read Next