Gmail blacklist problems? You are in the right place.
Using the process below, we successfully resolve nearly every Gmail blacklisting we encounter.
If you don’t know how to complete this process on your server, consider our email blacklist removal service.
Gmail Blacklist Removal Process
If you use this approach, you too should be able to remove your IP from Gmail’s email blacklist.
I cover:
If you don’t know how to read your mail logs, check DNS or email headers, then this article is not for you. Forward it over to your hosting provider or system admin, so they can get started (or contact us for help).
Don’t forget to check out our blacklist removal instructions for other email service providers (ESP). If Google is blocking your email, other ESPs may be as well.
Gmail Blacklist Criteria
Gmail does not disclose the details of their filtering process. If they did, spammers would quickly find a way around their filters.
However, we’ve learned about some common reasons why Gmail may reject email from your server.
The most common reasons are:
- Sending large volumes of email.
- Sudden changes in email volume.
- Sending email to “spam trap” addresses.
- Sending email to unknown users.
- Inclusion of your server’s IP on public blacklist.
- Gmail users marking your messages as spam.
- Using a new IP address to send email.
- Incorrect DNS Settings
If your server is doing any of these things, then you appear to be sending spam. As a result, Gmail may block your server’s IP address.
Research by ReturnPath, our investigations and other email delivery experts, suggests that Google may use signals from these public blacklists:
pbl.spamhaus.org – This blacklist includes dynamic and non mail server IP ranges. For a server to be listed in here would be unusual.
sbl.spamhaus.org – This blacklist includes emails that Spamhaus has identified as spam.
xbl.spamhaus.org – This blacklist includes bots and exploit agents.
cbl.abuseat.org – This blacklist includes emails sent to spam traps or reported by their users as spam.
You can use the Multi-RBL lookup tool to check these and other lists. Inclusion on these lists is a good indication that you have some type of spam issue on your server.
Why Was I Blacklisted by Gmail?
When I dig into a server that has been blacklisted by Gmail, I usually find one of these three causes:
- Spammers exploiting web applications (>90%).
- Customer’s password or computer compromised (~5%).
- Poor email practices such as blindly forwarding email to Gmail (~5%).
In over 90% of cases, hackers use insecure web applications to send spam.
When they do this, spam volume, user complaints and other issues trigger the Gmail blacklist filters. They start blocking your server to protect their users from spam. We’ve seen spammers send email using SSH tunnels.
Even in the absence of security issues, your server may still look like a spamming system.
If you have users forwarding email from your server to Gmail and they forward spam, then your server looks like it is sending the spam. As a result, Gmail may block your sever.
If you want to get off and stay off the blacklist, you must dig into your server and understand why your server was blacklisted. If you do not, then your removal effort will be wasted.
If your users are forwarding email to Gmail, then they are likely forwarding spam. Gmail does not care that the email is forwarded. Their systems will see your server as the one sending the spam and blacklist you.
Our Gmail Blacklist Investigation Process
This is the process we use in our paid Gmail blacklist removal services:
- Check email server logs for 500 errors.
- Check email logs for blocks to other ESPs and public blacklists.
- Look for Excessive SMTP Authentications, especially from varying IPs for the same user.
- If you have PHP scripts, configure PHP to log mail using the mail.log ini entry.
- Lookup your IP in your favorite blacklist lookup tool.
- Check your server’s sending reputation at SenderScore.org.
- Check for users bulk forwarding email to Gmail.com and related domains.
- Check for any newsletters or newsgroups that originate from the server.
- Identify any bulk marketing campaigns that may be on the server.
- Verify that DNS related entries (PTR, DKIM, SPF) are correct.
- Look at historical logs and determine if the email volume to Gmail has increased.
This process can be time consuming, especially on a busy server. I recommend you start by checking for user compromises, while these account for relatively few cases, they are much easier to diagnose than web application issues.
For example, on Plesk/Postfix setups, you can string together shell commands like:
|
1
|
grep sasl_username /var/log/maillog|awk {'print $NF'} |sort |uniq -c |sort -n
|
This quickly returns a list of user authentications by user name. If you see high values, that user may be worth a more detailed look.
You can use similar commands to pull out all sorts of email summary information on your server.
While digging into the server’s email history, keep a watch on:
- New 550 and 421 errors from other email providers
- IP listings in public blacklists.
- Changes in the Gmail Blacklist response code
- Your SenderScore.
Usually, this investigation turns up a compromised web script or email user’s password. You can then fix this issue by updating or removing the script or simply resetting the user’s password.
Once you fix the underlying issue, monitor the server’s email volume and response codes from Gmail. If things do not clear up, then you can submit a removal request to Google.
In most cases we handle, we actually never have to submit a request. Cleaning up the issue and fixing any DNS problems will usually resolve the listing in 3-5 days.
Gmail SMTP Errors
Blacklists block your email they do not route it to the spam folder. (See our post on why email is going to the spam folder).
If you are blacklisted, your email will be rejected with a 421 or 550 SMTP error.
You can spot this in your email server’s logs:
Example of a 550 Error:
|
1
2
3
4
5
|
Remote_host_said:_550-5.7.1 Our_system_has_detected_an_unusual_rate_of
unsolicited_mail_originating_from_your_IP_address.
_To_protect_our users_from_spam,_mail_sent_from_your_IP_address_has_been_blocked.
Please_visit_http://www.google.com/mail/help/bulk_mail.html
_to_review_our_Bulk_Email_Senders_Guidelines
|
Example of a 412 Error:
|
1
2
3
4
|
421-4.7.0 unsolicited mail originating from your IP address.
To protect ourn421-4.7.0users from spam, mail sent from your IP address has been temporarilyn4
21-4.7.0 rate limited. Please visit http://www.google.com/mail/help/bulk_mail.n421 4.7.0 html
to review our Bulk Email Senders Guidelines. l41si55243084eef.158 - gsmtp
|
If you see either of these errors, then you are blacklisted and you can work on getting off the list.
Here’s the full list of Gmail error codes:
Gmail SMTP Error Codes
Please resend your message at a later time. If the user is able to receive mail at that time, your message will be delivered. Try again later.
To protect our users from spam, mail sent from your IP address has been temporarily blocked. Review our Bulk Email Senders Guidelines. This error occurs if the sender account is disabled or not registered within your Google Apps domain. To protect our users from spam, mail sent from your IP address has been blocked.
| 421, “4.4.5”, Server busy, try again later. |
| 421, “4.7.0”, IP not in whitelist for RCPT domain, closing connection. |
421, “4.7.0”, Our system has detected an unusual rate of unsolicited mail originating from your IP address. |
| 421, “4.7.0”, Temporary System Problem. Try again later. |
| 421, “4.7.0”, TLS required for RCPT domain, closing connection. |
| 421, “4.7.0”, Try again later, closing connection. |
450, “4.2.1” The user you are trying to contact is receiving mail too quickly. |
| 450, “4.2.1”, The user you are trying to contact is receiving mail at a rate that prevents additional messages from being delivered. Please resend your message at a later time. If the user is able to receive mail at that time, your message will be delivered. |
| 451, “4.3.0”, Mail server temporarily rejected message. |
| 451, “4.3.0”, Multiple destination domains per transaction is unsupported. Please try again. |
| 451, “4.4.2”, Timeout – closing connection. |
| 451, “4.5.0”, SMTP protocol violation, see RFC 2821. |
| 452, “4.2.2”, The email account that you tried to reach is over quota. |
452, “4.5.3”, Domain policy size per transaction exceeded, please try this recipient in a separate transaction. |
452, “4.5.3”, Your message has too many recipients. |
| 454, “4.5.0”, SMTP protocol violation, no commands allowed to pipeline after STARTTLS, see RFC 3207. |
| 454, “4.7.0”, Cannot authenticate due to temporary system problem. |
| 454, “5.5.1”, STARTTLS may not be repeated. |
| 501, “5.5.2”, Cannot Decode response. |
| 502, “5.5.1”, Too many unrecognized commands, goodbye. |
502, “5.5.1”, Unimplemented command. |
502, “5.5.1”, Unrecognized command. |
503, “5.5.1”, “EHLO/HELO first. |
503, “5.5.1”, MAIL first. |
503, “5.5.1”, RCPT first. |
503, “5.7.0”, No identity changes permitted. |
| 504, “5.7.4”, Unrecognized Authentication Type. |
| 530, “5.5.1”, Authentication Required. |
| 530, “5.7.0”, Must issue a STARTTLS command first. |
| 535, “5.5.4”, Optional Argument not permitted for that AUTH mode. |
535, “5.7.1”, Application-specific password required. |
535, “5.7.1”, Please log in with your web browser and then try again. |
535, “5.7.1”, Username and Password not accepted. |
| 550, “5.1.1”, The email account that you tried to reach does not exist. Please try double-checking the recipient’s email address for typos or unnecessary spaces. |
| 550, “5.2.1”, The email account that you tried to reach is disabled. |
550, “5.2.1”, The user you are trying to contact is receiving mail at a rate that prevents additional messages from being delivered. |
550, “5.4.5”, Daily sending quota exceeded. |
550, “5.7.0”, Mail relay denied. |
550, “5.7.0”, Mail Sending denied. |
550, “5.7.1”, Email quota exceeded. |
550, “5.7.1”, Invalid credentials for relay. |
550, “5.7.1”, Our system has detected an unusual rate of unsolicited mail originating from your IP address. |
| 550, “5.7.1”, Our system has detected that this message is likely unsolicited mail. To reduce the amount of spam sent to Gmail, this message has been blocked. |
| 550, “5.7.1”, The IP you’re using to send mail is not authorized to send email directly to our servers. Please use the SMTP relay at your service provider instead. |
| 550, “5.7.1”, The user or domain that you are sending to (or from) has a policy that prohibited the mail that you sent. Please contact your domain administrator for further details. |
| 550, “5.7.1”, Unauthenticated email is not accepted from this domain. |
| 552, “5.2.2”, The email account that you tried to reach is over quota. |
| 552, “5.2.3”, Your message exceeded Google’s message size limits. |
| 553, “5.1.2”, We weren’t able to find the recipient domain. Please check for any spelling errors, and make sure you didn’t enter any spaces, periods, or other punctuation after the recipient’s email address. |
| 554, “5.6.0”, Mail message is malformed. Not accepted. |
| 554, “5.6.0”, Message exceeded 50 hops, this may indicate a mail loop. |
| 554, “5.7.0”, Too Many Unauthenticated commands. |
| 555, “5.5.2”, Syntax error. |
Try to limit links, odd characters and avoid sending only images in your email. These are common tactics of spammers. If you act like a spammer, then Gmail may treat you like you.
Gmail Blacklist Removal Instructions
You must stop the spam-like behavior before submitting a request to Gmail. If you do not, your efforts and their time will be wasted.
If you have stopped the spam coming from your server, Gmail will usually remove your IP automatically in 3-5 days.
If not, then you may need to contact them for assistance.
To do so, you need to use this form. Be sure to be logged into your Gmail/Google account before you start the process.
Gmail Blacklist Removal Form Instructions
I highly recommend you complete all areas though they are not required. You want to give the Gmail blacklist removal team as much information as possible to decide the you are not a spammer.
Brief Summary
Keep it brief and to the point. For example, I commonly use this text:
The server had a compromised web application that was used to send spam to Gmail. We have removed this application from the server. Since removing the application, we no longer see unauthorized email being sent to Gmail.
Full Headers
Make sure your headers are complete and in text format. You only need to include one example. In general, I try to find an example that is simplistic. Such as a message going directly from your server to Gmail. If the message was relayed through a third party, the headers can be obscured.
Try to use a text (.txt) file if possible. Avoid Windows or Mac specific formats.
Server Logs
Only copy the relevant portion of the server logs. Just 2-3 entries will suffice. They should look like the examples 550 and 421 examples above.
MX lookups
While not required, this is a key step to show that your server’s DNS is working. Successful results will look similar to:
|
1
2
3
4
5
6
7
|
<br data-mce-bogus="1">
[jeffh@office ~]$ host -t mx gmail.com
gmail.com mail is handled by 40 alt4.gmail-smtp-in.l.google.com.
gmail.com mail is handled by 5 gmail-smtp-in.l.google.com.
gmail.com mail is handled by 10 alt1.gmail-smtp-in.l.google.com.
gmail.com mail is handled by 20 alt2.gmail-smtp-in.l.google.com.
gmail.com mail is handled by 30 alt3.gmail-smtp-in.l.google.com.
|
Telnet Test
Make sure you do this from the impacted server using one of the records from your DNS lookup. Successful results will look similar to:
|
1
2
3
4
5
6
|
<br data-mce-bogus="1">
[jeffh@office ~]$ telnet alt4.gmail-smtp-in.l.google.com 25
Trying 2800:3f0:4003:c01::1a...
Connected to alt4.gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP c68si3349613vkd.85 - gsmtp
|
Ping Test
Example of a ping test. Note that if you have firewalls blocking ICMP traffic, this test may fail. If it fails, just do not include it in the removal request.
|
1
2
3
4
5
6
7
8
9
10
11
|
<br data-mce-bogus="1">
[jeffh@office ~]$ ping -c5 alt4.gmail-smtp-in.l.google.com
PING alt4.gmail-smtp-in.l.google.com (64.233.190.26) 56(84) bytes of data.
64 bytes from ce-in-f26.1e100.net (64.233.190.26): icmp_seq=1 ttl=43 time=169 ms
64 bytes from ce-in-f26.1e100.net (64.233.190.26): icmp_seq=2 ttl=43 time=169 ms
64 bytes from ce-in-f26.1e100.net (64.233.190.26): icmp_seq=3 ttl=43 time=169 ms
64 bytes from ce-in-f26.1e100.net (64.233.190.26): icmp_seq=4 ttl=43 time=169 ms
64 bytes from ce-in-f26.1e100.net (64.233.190.26): icmp_seq=5 ttl=43 time=169 ms
--- alt4.gmail-smtp-in.l.google.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4175ms
rtt min/avg/max/mdev = 169.448/169.487/169.600/0.523 ms
|
Additional Information
This is an open-ended field but keep it short. I usually use this to note any unexpected issues or if a customer had previously sent a removal request but did not clean up the server.
Submit the Form
Once you have all of the data complete, you can submit the form. You should see:
Usually, we see and update within 5 business days.
Just be warned that there are no quick fixes. If you rush off to the removal page without fixing the issue, you will likely just be listed again.
In July 2015, Google launched Gmail Postmaster Tools. This is similar to webmaster tools but for email. If you managed email for your domain or your customers, you may want to sign up.
Getting Help
Using this process, we resolve all* of our Gmail blacklist removal cases; but if you’ve tried and failed or this just seems to be too much, then contact us.
We offer one-time server support packages and have one specifically designed to address Gmail blacklist issues as well as other ISPs.
Most cases are $350/case and work begins within a business day. Typically, you will see email delivery improve within 3-5 business days.
*Actually, we had a couple of cases where we could not fix the situation. The problem? The customer was operating a mailing list with paid, unconfirmed list. If you act like a spammer, the Gmail blacklist will treat you like a spammer.