Ah, the whitelist… A widely used, but misunderstood term. Many people believe that an email whitelist is a permanent, direct path to the inbox at an ISP, with no filtering applied. That may have been true at one point, long long ago, when mail systems were less sophisticated. Today, for the most part, whitelists are a little more flexible and have varied benefits. They are certainly worth understanding and considering, but they may not be the magic bullet you are hoping for.

What is a whitelist?

A whitelist is a list of IPs or domains associated with a good sending reputation. It is employed by ISP mail systems (generally after the gateway) to provide benefits associated with increased trust in the mail coming from the IPs or domain in question.

Why do whitelists exist?

Whitelists were initially developed back when systems receiving email (ISPs) were less sophisticated. As we know, the majority of the email out there is spam (I’ve read statistics between 85% and 95%), so anti-spam systems were overly aggressive in order to protect email users. Having a whitelist in place is a way to give your system a leg-up on correctly categorizing mail that people want.

What are the benefits of being on a whitelist?

There are various types of whitelists out there and the benefits vary depending on the 3rd party provider or ISP. While at one point, a whitelist might have placed your mail directly in the inbox with zero filtering, that is not very common today. Whitelist benefits might include some of the following:

  • Increased throughput limits (ability to send more mail faster)
  • Fewer levels of filtering
  • A bump up during the calculation of reputation

How do you get added to a whitelist?

Not just any sender can get themselves whitelisted. You have to meet the criteria of the whitelist provider, which generally align with email best practices:

  • Low complaint rates
  • Low/no spam trap hits
  • Low percentage of invalid addresses
  • Authenticated mail
  • Etc.

If you meet the criteria for being added to a whitelist, you must then apply for approval.

What are the available whitelists?

Here is a list of the more commonly known whitelists:

  1. Yahoo Bulk Sender (free)
  2. AOL Whitelist (free)
  3. Return Path Certification (paid, 3rd party)
  4. Certified Senders Alliance (paid, 3rd party)

Do you need to be on a whitelist?

As I mentioned above, to get on a whitelist, you have to meet (and maintain) certain standards and follow best practices. As a result, the argument is generally made that if you are a good sender and you are in tune with what your subscribers want, you shouldn’t need to be whitelisted.

At SparkPost, we consider it a standard practice to subscribe to the free, publicly available whitelists (AOL, Yahoo) as a precautionary measure. The decision of whether or not to pay for the 3rd party whitelisting services (Return Path and CSA) is a personal decision for our customers.

As I alluded to earlier, mail receiving systems have gotten more sophisticated over the years, and it’s easier for them to determine whether or not you are a legitimate sender based on the way users interact with your mail. Therefore, they largely no longer employ whitelists in a blanket, “direct to inbox” fashion. Some providers, like Gmail, don’t offer a whitelist at all as they are so confident in their system’s ability to correctly categorize the mail based on user behavior.

Things to note…

Even though you may have been accepted onto a whitelist, ISPs and 3rd party providers are constantly monitoring your traffic and you can be kicked off if you break the rules (e.g. You decide to mail to users who haven’t engaged in a very long time, resulting in tons of complaints, invalid address, and spam trap address hits.) You don’t always get notified when this happens, so it’s important to maintain good sending practices.

While the whitelists I’ve been talking about here apply to domain/IP level filtering at the ISP level, there is also personal whitelisting, which takes place at the user level, and can have a positive impact on your mail program… Stay tuned for a blog on personal whitelisting coming up.
Confused on how to be a good sender? SparkPost has Deliverability experts that can help.

Clea Moore
Deliverability Lead

9 Things ISPs Really Want Email Marketers to Know

Our team gets a lot of questions about the blacklisting of shared pools of IP addresses. While we are constantly working to keep our IP pools clear of any and all blacklists, there will be times when an address pool does land on a blacklist. Here’s what you should know about blacklists, and how they might affect shared and dedicated IP addresses.

There are literally thousands of blacklists for thousands of reasons— most of which do not affect the average sender. Most large ISPs have their own internal blacklists and scoring systems. The primary independent blacklist in use today is Spamhaus.

We monitor blacklists and immediately work to resolve any blacklisting that affects our customers. We also monitor our IP pools and terminate or suspend and educate any sender found to have caused a blacklisting. This is in order to ensure that the blacklisting is delisted at the earliest opportunity.

Causes of Blacklisted IP Addresses (And What to Do About Them)

Many blacklists are temporary and resolve themselves while not without providing an option for early delisting. If you have a recipient domain returning a bounce citing with a blacklist (called out or even just the word blacklist in the bounce response), first check to see if 100% of that domain is blocked. If not, it may be a temporary block or even a personal blacklist created by the subscriber themselves. In either case, no action is necessary.

Mailing to spam traps is the single most common cause for blacklisted IP addresses. Therefore, if you want to ensure your messages are delivered and delivered to the inbox, you should avoid hitting spam traps. You can do this by following best practices and sending to only directly opted in subscribers that are actively engaged with your mail stream. In addition, periodically removing unengaged subscribers will help to avoid spam traps.

A good rule of thumb is that actively engaged subscribers will open and/or click on your daily messages at least once in a 30 day time frame and at least once on your weekly messages within 90 days. Therefore, you should adjust sending frequency to subscribers that are not actively engaging with your mail stream.

After six to nine months of no engagement, you can run a re-engagement or win-back campaign. From there, you should permanently remove any recipients that don’t engage with your mail after a maximum of three attempts. Ultimately any subscriber that has not opened or clicked on your messages in the past ten months should be permanently removed from your list as they run the risk of becoming a spam trap.

It also is imperative that you migrate your suppression list from your previous email provider. This ensures that you don’t re-enable an inactive subscriber’s email address that has been recycled into a spam trap.

You should also make sure that your sign-up page and forums have anti-abuse measures in place such as captcha or link verification. A good way to avoid typos is to simply require that subscribers type their email address into your form twice. This is all to avoid high rates of complaints, unknown email addresses, spam traps and low read rates. All of these factors cause poor delivery and high spam filtering, which affect everyone else sending and following best practices in your shared environment.

Blacklists on Shared IP Pools

SparkPost’s deliverability team monitors and requests delisting when possible for any blacklist on our shared IP pools. However, we know that many minor blacklists do not affect our users, and we prioritize our efforts accordingly. If you look up your shared IP, it’s possible you might see blacklistings. However, you can rest assured that either a resolution is in progress or they do not affect our users.

However, if you do have a blacklist that shows up in your bounce logs causing a bounce rate above 1%, please open a support case with the following information so we may investigate. Here’s how:

  1. Bounce log with name of blacklist called out in it. If the block doesn’t have the name of the blacklisting, it’s likely an internal temporary blacklist for that ISP. However, feel free to send the bounce log with the domain included.
  2. Email address you were attempting to mail to.
  3. Your sending domain.
  4. Number of subscribers affected per total number of subscribers mailed. (ie #blocked/#sent)
  5. Date and time of occurrence.

Blacklists on Dedicated IPs

If you have a dedicated IP, but you haven’t subscribed to SparkPost’s Premium add-on plan (which offers dedicated technical account management and deliverability support), you will need to monitor and request delisting for your own blacklistings.

When you see a bounce calling out a blacklist, and the bounce rate is above 5%, you should first investigate and remove any subscriber that has not opened or clicked on your message in the past three months. Then, follow the link in the bounce message to request delisting. It is best to inform them of what actions you have taken as well as request information about the cause, so that you can investigate further when requesting delisting so that the blacklister will understand that you are serious about following best practices.

Finally, if you want to truly separate your sending reputation, remember to set up a custom bounce domain. In addition, you can setup custom click tracking (if you use our click tracking).


PS: Other questions on blacklisted IP addresses or deliverability topics? Leave them below, find us on Twitter or post them in our community slack.

9 Things ISPs Really Want Email Marketers to Know

Blacklists 101 - stairs leading to do not enter sign


It’s that time of year again. Marketers are planning for the holidays; looking at how they can drive more revenue through email. It’s very common to see people mailing a little deeper into their files than they normally do, in an effort to reengage the people who haven’t purchased or interacted in a while. It’s easy to overstep the bounds of email best practices, and get yourself into trouble. That trouble commonly comes in the form of a blacklisting.

What is a blacklist?

A blacklist is essentially a list of bad actors. Those bad actors are generally spammers, but any legitimate mailer who doesn’t adhere to best practices can be impacted. Blacklists can be domain-based, URL-based, or more commonly, IP-based. They are generally run by independent operators, or organizations whose customers are ISPs, hosting companies, or corporate mail managers.

How do you get listed?

Blacklist operators most commonly use networks of spam traps to catch spammers and marketers behaving badly. (Check out the series I wrote about spam traps earlier this year for more info.) Mailing to spam trap addresses is a signal that you have poor list hygiene practices, since those addresses don’t belong to real users. Depending on the type of trap you mail to (or hit) and the number, you may get flagged as a bad actor and end up on a blacklist. In some cases this is an automated process, in others (generally in more severe cases) it’s manual.

What happens when you get “listed” on a blacklist?

A blacklist is commonly used by mail receivers (ISPs, hosting companies, etc.) to block unwanted mail from bad actors. The amount of mail blocked depends on which blacklist listed you. Some are more impactful than others, based on which mail receivers use them. Spamhaus, for example, is the most widely known blacklist and is used by some of the major mailbox providers. So a Spamhaus listing will have a big impact on your program.

What can you do to resolve a blacklisting?

Each blacklist has it’s own removal process, which can be automated or manual. Either way, it’s important to understand what caused you to get listed in the first place. Did it happen right after you mailed to an old, inactive file? Are you working with a new affiliate? Is a suppression process broken? Once you have identified and resolved the issue that caused the listing, the next step is to reach out to the blacklist operator via their process to request removal.

What should you do to avoid blacklists in the first place?

The best way to avoid the blacklist is to mail to recently engaged users. We recommend those who have opened or clicked in the last 90 days. It’s understandable that marketers want to leverage their email programs to increase sales during the holidays, so a 90-day activity window isn’t always doable. If you do end up reaching deeper into your list, you shouldn’t be including anyone who hasn’t engaged in over a year. Past that time, you run the risk of hitting recycled spam traps (once engaged users, now long-dormant accounts). In addition to a short activity window, double opt-in (or COI) is a great way to avoid mailing repeatedly to spam trap addresses, since they won’t click the confirmation link. We also highly recommend that you use a reCAPtCHA at sign-up to mitigate malicious signups.

Things to keep in mind…

Having a way to monitor your IPs and domains for blacklistings is always a good idea. At Sparkpost, we proactively monitor listings for our Premium and Enterprise customers using the 250ok platform. Also, as I alluded to above, not all blacklists have the same impact on your program. If you see a listing through a monitoring service or in your logs, check your stats in the Sparkpost UI (blocked messages) to gauge the severity of the listing. While you might not see a big impact from some smaller blacklists, they can be a good signal to let you know something is off with your program that might turn into a bigger headache down the road if you don’t address it.

— Clea

avoiding spam traps

First, a recap of Spam Traps: Part 2. In the last post, I talked about who uses spam traps and how they can impact your mail program. We established that mailing to traps can result in blacklistings and blocks, which limit your ability to reach your active, engaged subscribers. In the final part of this series, we’ll explore avoiding spam traps in the first place, and what to do if they have already made their way into your database.

There are two main reasons that spam traps end up on your list:

  1. Poor address acquisition practices.
  2. Poor list maintenance (commonly known as “hygiene”).

The easiest way to avoid mailing to traps in the first place is to have a well-structured subscription process. This means subscribers are giving clear consent, understand what they will receive, and from whom they will receive it upon sign-up. It goes without saying here, that purchasing a list is a terrible idea. The industry standard best practice is to have the user confirm their subscription, by clicking a link in an email sent to that address. This allows you as the marketer to verify that they entered the correct address, and to be certain they wish to receive your mail. For various reasons, not every program allows for this confirmation process (known as Confirmed Opt-In or COI). So, what can you do to protect your program? Practice good list hygiene.

Good list hygiene means monitoring engagement for all the addresses in your database (via opens and clicks), and regularly removing those who are inactive after a period of time. Guess what? Spam traps will not engage with your mail, so if they made their way onto your list – because a subscriber accidentally or intentionally entered the wrong address when they signed up – you will be removing them through this process. That means that you should start this culling of inactive addresses as soon as possible.

Savvy marketers will have a soft-COI process set up for new users, where they will send a series of welcome emails, which encourage the user to engage with their brand. If the subscriber doesn’t engage with any of these welcome messages, they are automatically unsubscribed from the program. In this case, a spam trap would only receive a small number of messages. In addition to this, but especially for senders who don’t have a soft-COI program, you should be removing subscribers who do not engage after a period of time. That timeframe will depend on your content, mailing frequency, and other program specifics, but a general rule of thumb is 6 months maximum with no engagement. Addresses falling outside that engagement window should be removed from your database on an automated, on-going basis.

Proper list hygiene, combined with a clear opt-in process, will reduce and prevent any negative impact that spam traps might have on your program. But wait! There’s a bonus! These practices are part of a strong foundation for a good sending reputation, so you will also see better delivery and inbox placement at the ISPs. We know that all major ISPs look at user engagement and inactivity as important signals about you as a sender, so why not set yourself up for success?

Okay, now let’s tie all 3 parts together:

  1. Spam traps have no value to you as marketer, because they don’t belong to a real user.
  2. Mailing to spam traps can cause big problems for your program by way of blacklistings and blocks, which stops you from reaching your active subscribers.
  3. Avoiding spam traps in the first place can be accomplished by having a clear, well-structured sign-up process, and maintaining your list regularly based on engagement. This will also result in a better sending reputation and better delivery.

There you have it! Everything you need to know about spam traps.

At SparkPost, we work closely with all of our Elite customers to ensure they are following email best practices, and are successful as a result. Find out more on our product page.

— Clea

Other posts in the Spam Traps series:

  1. Spam Traps Part 1: What Are They?
  2. Spam Traps Part 2: How They Impact Your Mail Program

9 Things ISPs Really Want Email Marketers to Know

spam traps part 2

Before we get into “Spam Traps Part 2: How they Impact Your Mail Program” first a recap of Spam Traps: Part 1. Last week, I talked about the types of addresses that are considered spam traps: pristine and recycled. We established that trap addresses don’t belong to real users, and are therefore not of value to you as a marketer. In part 2 of this blog series, we’ll explore who uses spam traps and how they can impact your mail program.

Spam traps are carefully created and cared for by blacklist providers (Spamhaus, SpamCop, etc.), filtering providers (Cloudmark, Proofpoint, etc.), and ISPs. They each maintain their own network (or group) of trap addresses. Each address is valuable to these providers, because it takes a lot of time and resources to build a quality trap network. What this means for you is that they will never share a trap address with you. Once that address is known, it’s considered burned and the provider has lost a valuable monitoring resource.

So, why do these providers maintain trap networks? They use them as a tool to measure the quality of a marketers mail program, and as a way to catch spammers. If you have poor list hygiene and collection practices, spam traps are a great way for blacklists, ISPs, and filtering companies to identify those problems. What they do with that data once they have it varies, but it generally takes hitting (sending to) an egregious threshold of trap addresses before they will take action against you as a sender. That threshold may vary depending on the type of address – remember, mailing to pristine traps is a more severe problem than mailing to recycled addresses.

What can happen if you mail to spam trap addresses? The main result is blocked mail. A blacklist provider may list your IPs and/or domain, resulting in blocks at various ISPs who consume that list. An ISP may block your mail as a result of a blacklisting on a public list, or as a result of that sender hitting traps in their internal network. A filtering provider may categorize your mail as spam, resulting in their ISP consumers placing your mail in the junk folder or blocking your mail.

The bottom line is: Once these addresses make it on to your list, they can cause serious trouble. So, what can you do to avoid or solve problems related to hitting spam traps? I hope you enjoyed Spam Traps Part 2, stay tuned for “Spam Traps Part 3”…

At SparkPost, we work closely with all of our Elite customers to ensure they are following email best practices, and are successful as a result. Find out more on our product page.

— Clea


9 Things ISPs Really Want Email Marketers to Know

What you need to know about spam traps

If you’ve been in email marketing long enough, you’ve heard the mention of “spam traps”, but what are they and why should you care about them? In Spam Traps Part 1 of this three part blog series, we’ll explore the following topics related to spam traps:

  1. What are they?
  2. How can they impact your mail program?
  3. How do you avoid mailing to them?

Ok, let’s dive right in…

What are spam traps?

To put it simply, a “spam trap” (or commonly known as a “trap”) is an address that accepts mail, but does not belong to a real user. There are two main types of traps: pristine and recycled.

Pristine spam traps are addresses that never belonged to a real user, and never signed up for any mail. Mailing to (or “hitting”) this type of trap address is very serious because it means that the address was “scraped” from the Internet. You generally end up with these addresses on your list as a marketer if you have purchased a list of addresses or a naughty affiliate of yours engages in purchasing lists or scraping addresses. Any way you slice it, it’s very bad to mail to those addresses and is indicative of poor acquisition practices.

Recycled spam traps are previously active addresses, which potentially belonged to a real user, but have been repurposed as a trap address after 6 or more months of inactivity and “conditioning” (meaning they returned a hard bounce error for a reasonable amount of time). It’s easy to end up with this type of trap address in your mailing list as a marketer if you don’t practice good list hygiene by removing inactive and invalid accounts regularly.

The bottom line is: These addresses have no value to you as a sender since no one is on the other end reading your email. No good will come from mailing to spam traps, but what happens if you do? Stay tuned for “Spam Traps Part 2”…

At SparkPost, we work closely with all of our Elite customers to ensure they are following email best practices, and are successful as a result. Find out more on our product page.

— Clea


Beyond the click blog footer 600x150 unsubscribers