My recent experience with my email being flagged as spam may seem minor or even unrelated to the realm of ecommerce and shopping cart software. However the success of your email delivery can be a significant factor in the reception of your estore… both actual and perceived. Imagine you are following up with a customer, soliciting new customers or providing support via email and your emails never reach their intended recipients. Or they do get them but they are relegated to the user’s spam box or filter. Not exactly the impression you are working so hard to achieve.

Assuming you have not taken any part in bad e-mail practices you would think this would not apply to you, right? Not so. Perhaps they have been flagged as spam by commonly used services like Spamhaus or SORBS.

Let me explain. I recently had an issue where my email was getting flagged as spam and I had no idea how to resolve the issue. Like many web developers I have a web site that is hosted with a web host (HostGator) which offers POP/SMTP email. I then use MS Outlook to access that account in order to send and receive email using my website’s domain. This is common practice and allows you to have an address something like YourName@YourStoreDomain.com instead of YourName2008xyz@yahoo.com. I’ve done this for years with no problems. However, since I have many sites and thus many e-mails which tend to make their way out into the web I also get my fair share of spam. Solution? I activate SpamAssasin via my web host to allow me to flag and filter my emails and reduce my spam.

Things go well for a time with this solution. It’s is now easier to weed out the good from the bad and though the solution is not perfect it seems reasonable. That is until email from my own domain begins to get flagged as spam. At first I assume it is a fluke but then I test it by simply sending an email to myself and there it is again! So I view the details as reported by SpamAssasin.

Content analysis details: (6.4 points, 6.0 required)

pts rule name description
—- ———————- ————————————————–
5.0 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
[69.253.111.111 listed in zen.spamhaus.org]
3.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
[69.253.111.111 listed in dnsbl.sorbs.net]
0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 RDNS_DYNAMIC Delivered to trusted network by host with
dynamic-looking rDNS
0.3 DYN_RDNS_SHORT_HELO_HTML Sent by dynamic rDNS, short HELO, and HTML
-2.6 AWL AWL: From: address is in the auto white-list

If you are like me then this probably seems like mostly gibberish to you. However, I’m a reasonably smart guy. I’ve been using email for years and I haven’t made any changes. However, my email goes through the mail server with my web host so perhaps they have made some changes to the IP that I see listed in that gibberish above. I contact my web host and they are patient with my ignorance on the matter and inform me that the IP in question is my ISP’s which happens to be Comcast.

OK, so I probably should have done a tracert on the IP do see who it actually belonged to before pestering support but too late now. But I’d like to have a bit more info to provide to Comcast support in order to plead my case and get some resolution. I check my IP against SORBS and get the following details.

Dynamic IP Space (LAN, Cable, DSL & Dial Ups)
Netblock: 69.253.0.0/16 (69.253.0.0-69.253.255.255)
Record Created: Mon Apr 7 13:27:21 2008 GMT
Record Updated: Mon Apr 7 13:27:21 2008 GMT
Additional Information: [#193969 Comcast Supplied list - 07/04/08] Dynamic/Generic IP/rDNS address, use your ISPs mail server or get rDNS set to indicate static assignment.
Currently active and flagged to be published in DNS

Now armed with real info I muddle through the support pages of Comcast and quickly realize I’ll have to contact support. After a number of unrelated, automated and useless responses from them on how to configure my Outlook and connect to POP email I decide I’ll spend a little more time investigating in the hopes that I don’t need a real live support person from Comcast to help.

Let’s see what Spamhaus has to say…

Ref: PBL191960

69.253.0.0/16 is listed on the Policy Block List (PBL)

So far this is of no help either so I take a look at their FAQ and there I begin to understand my problem… and solution.

The first thing to know is: THE PBL IS NOT A BLACKLIST. You are not blacklisted for spamming or for anything you have done. The PBL is simply a list of ALL of the world’s dynamic broadband IP space, i.e: IP space normally assigned to broadband/ADSL customers. It is perfectly normal for dynamic IP addresses (DSL, DHCP, cable, dialup) to be listed on the PBL. In fact all dynamic IP addresses in the world should be on the PBL.

The PBL does not prevent you sending email unless your email program is not authenticating properly when it connects to your ISP or company’s mail server. This can happen if you have forgotten to turn on ‘Authentication’ or if you have switched ‘Authentication’ off by mistake.

If you are using a normal email program, such as Outlook, Entourage, Thunderbird, Apple Mail, and you are being blocked by a Spamhaus PBL listing when you try to send email, the reason is simply that YOU NEED TO TURN ON ‘SMTP AUTHENTICATION’ in your email program’s account settings.

Great! Now we are getting somewhere. I go to my outlook and setup SMTP authentication and it works. Here are the basics if you have MS Outlook.

Start Outlook 2000 or Outlook Express. From the menu, select Tools, then Accounts. Click once on the appropriate account from the Mail tab. Select Properties. From the account properties dialog box, choose the Servers tab. Put a check in the box for “My server requires authentication”. Click on the “Settings” button. In the ‘Outgoing Mail Server’ dialog box, make sure “Use same settings as my incoming mail server” is selected. Press “OK”. Back at the “Properties”, click “Apply”, then “OK”. Click “OK” to close out of all dialog boxes.

Turns out my listings in Spamhaus and SORBS were normal for my type of ISP connection and the solution was quite simple for me. My e-mails are now finding their way back into inboxes. However, had I not been using SpamAssasin it may have taken me much longer to become aware of the situation.

I hope my small mishap can help others avoid or correct for this issue in their personal or business e-mail. Ecommerce tends to depend upon e-mail communications. Yet it seems that even legitimate e-mail is harder to get past the gatekeepers these days. Be diligent in testing and protecting your email service. Your customers expect this!