Email bounces give a clue to the mail problem. At times, the exact reason may not be elaborate in the bounce message. One such mail error is “554 blacklisted“.

The SMTP 554 error primarily happens when the recipient server blocks the mail due to IP blacklisting.

At Bobcares, we help customers to solve mail errors as part of our Server Support for web hosts.

Today, we’ll see the top reasons for the 554 blacklisted error and how our Server Engineers fix them.

What causes “554 blacklisted” error?

These days, email spamming is a major problem in internet. Therefore, most mail servers add several security mechanisms to defend the spammers.

And, some server owners even use custom mail server software that supports advanced filtering methods. They block mails from IP addresses notorious for spam. Also, there is a database that contains servers involved in frequent spamming.

Ideally, the recipient mails server will accept mails only if they are sent from a clean server. Or, they reject mails with a bounce message.

A recent bounce that we saw in a server using customized mail server software Mailtraq is:

The following recipient(s) could not be reached:
Sarah Lewis on 8/25/2018 8:17 AM
554 blacklisted (athomas@domain.com)

In this example, Andy Thomas (athomas) was sending email from a machine with blacklisted IP address and so the mail server rejected the message to Sarah Lewis.

How to fix “554 blacklisted”?

We saw that the SMTP “554 blacklisted” error mainly happens due to mail server IP blacklisting.

We’ll now see how our Support Engineers fix the problem and make mail working again.

1. Blacklist check

As the first step to resolve, we check the server IP address in popular blacklist databases. This helps us to identify the databases in which server IP shows as listed.

For example, the image shows the blacklisting status of a server IP 154.xx.x1.2 in 4 major blacklists.

Here, our Support Engineers further check the reason for each blacklisting. We primarily note down the exact date and time of the listing.

2. Suspending malicious account

Normally, the reason for spamming would be a hacked account or compromised email account. So, the next step is to identify this account. For this, our Server Engineers track the mail server logs at the time of listing.

And, if it is a web-based attack, with the web server logs check, we can easily find out the hacked website. Then, we immediately suspend the account to stop further spamming. In the case of compromised email account, we change  the password immediately.

Ideally, we need to avoid the possibility of spamming. For this, in the servers that we manage, we do periodic scan of all accounts to identify malicious contents.

3. Delisting IP address

Ok. Now we have stopped spamming, suspended malicious account too. It’s time to request a delist of IP address. Most real time blacklists allow to remove the server IP address from the blacklists when sufficient action is taken to stop spamming. Therefore, we submit delist request and wait for IP address removal from the blacklist.

4. Replacing mail server IP

Usually, the process of delisting may take 24 to 48 hours. And, it is rather impossible to leave the mail problem as it is for a longer time. Customers would like to get mail functional at the earliest.

That’s why, our Support Engineers restore mail functionality by replacing a clean IP for mail server. And, this involves checking of new IP against blacklists, adding proper reverse dns for new IP, etc.

[Trouble with sending mails? We can make mails work.]

5. ISP IP blacklist

Again, users can see this “554 blacklisted” error in mail clients like Outlook, Thunderbird, etc. when Internet Service Provider (ISP) IP address  gets blacklisted. Unfortunately, there is no ready made fix here.

To make the mail working, we’ll have to work with ISP.  The challenge here is to get an IP with good reputation.

Also, when we see this problem while sending from Gmail, our Support Engineers fix it by whitelisting Gmail’s sending IP addresses in the mail server.

Conclusion

“554 blacklisted” is an error that happens when recipient mail server rejects mail due to IP blacklisting. Today, we’ve seen how our Support Engineers fix the IP blacklisting and make mail working again.