These are the steps needed to remove your IP from Gmail’s email blacklist:
Gmail does not disclose the details of their filtering process. If they did, spammers would quickly find a way around their filters.
However, some common reasons why Gmail may reject email from your server include:
If your server is doing any of these things, then you appear to be sending spam. As a result, Gmail may block your server’s IP address.
Google may use signals from these public blacklists:
You can use the Multi-RBL lookup tool to check these and other lists. Inclusion on these lists is a good indication that you have some type of spam issue on your server.
Usually one of these three causes:
In over 90% of cases, hackers use insecure web applications to send spam.
When they do this, spam volume, user complaints and other issues trigger Gmail’s blacklist filters. They start blocking your server to protect their users from spam. Spammers often send email using SSH tunnels.
Even in the absence of security issues, your server may still look like a spamming system.
If you have users forwarding email from your server to Gmail and they forward spam, then your server looks like it is sending the spam. As a result, Gmail may block your sever.
If you want to get off and stay off the blacklist, you must dig into your server and understand why your server was blacklisted. If you do not, then your removal effort will be wasted.
This is the process to investigate the blacklisting:
This process can be time consuming, especially on a busy server. It is recommended that you start by checking for user compromises, while these account for relatively few cases, they are much easier to diagnose than web application issues.
For example, on Plesk/Postfix setups, you can string together shell commands like:
grep sasl_username /var/log/maillog|awk {'print $NF'} |sort |uniq -c |sort -n
This quickly returns a list of user authentications by user name. If you see high values, that user may be worth a more detailed look.
You can use similar commands to pull out all sorts of email summary information on your server.
While digging into the server’s email history, keep a watch on:
Usually, this investigation turns up a compromised web script or email user’s password. You can then fix this issue by updating or removing the script or simply resetting the user’s password.
Once you fix the underlying issue, monitor the server’s email volume and response codes from Gmail. If things do not clear up, then you can submit a removal request to Google.
In most cases a removal request is never needed to be submitted. Cleaning up the issue and fixing any DNS problems will usually resolve the listing in 3-5 days.
Blacklists block email but they do not route it to the spam folder. (See our post on why email is going to the spam folder).
If you are blacklisted, your email will be rejected with a 421 or 550 SMTP error.
You can spot this in your email server’s logs:
Example of a 550 Error:
Remote_host_said:_550-5.7.1 Our_system_has_detected_an_unusual_rate_of unsolicited_mail_originating_from_your_IP_address. _To_protect_our users_from_spam,_mail_sent_from_your_IP_address_has_been_blocked. Please_visit_http://www.google.com/mail/help/bulk_mail.html _to_review_our_Bulk_Email_Senders_Guidelines
Example of a 412 Error:
421-4.7.0 unsolicited mail originating from your IP address. To protect ourn421-4.7.0users from spam, mail sent from your IP address has been temporarilyn4 21-4.7.0 rate limited. Please visit http://www.google.com/mail/help/bulk_mail.n421 4.7.0 html to review our Bulk Email Senders Guidelines. l41si55243084eef.158 - gsmtp
If you see either of these errors, then you are blacklisted and you can work on getting off the list.
Here’s the full list of Gmail error codes:
421 | 4.4.5 | Server busy |
421 | 4.7.0 | IP not in whitelist for RCPT domain. Closing connection. |
421 | 4.7.0 | Our system has detected an unusual rate of unsolicited mail originating from your IP address. To protect our users from spam mail sent from your IP address has been temporarily blocked. Review our Bulk Email Senders Guidelines. |
421 | 4.7.0 | Temporary System Problem. Try again later. |
421 | 4.7.0 | TLS required for RCPT domain. Closing connection. |
421 | 4.7.0 | Try again later . Closing connection. |
450 | 4.2.1 | The user you are trying to contact is receiving mail too quickly. Please resend your message at a later time. If the user is able to receive mail at that time your message will be delivered. |
450 | 4.2.1 | The user you are trying to contact is receiving mail at a rate that prevents additional messages from being delivered. Please resend your message at a later time. If the user is able to receive mail at that time. Your message will be delivered. |
451 | 4.3.0 | Mail server temporarily rejected message. |
451 | 4.3.0 | Multiple destination domains per transaction is unsupported. Please try again. |
451 | 4.4.2 | Timeout – closing connection. |
451 | 4.5.0 | SMTP protocol violation. See RFC 2821. |
452 | 4.2.2 | The email account that you tried to reach is over quota. |
452 | 4.5.3 | Domain policy size per transaction exceeded. Please try this recipient in a separate transaction. |
452 | 4.5.3 | Your message has too many recipients. |
454 | 4.5.0 | SMTP protocol violation. No commands allowed to pipeline after STARTTLS. See RFC 3207. |
454 | 4.7.0 | Cannot authenticate due to temporary system problem. Try again later. |
454 | 5.5.1 | STARTTLS may not be repeated. |
501 | 5.5.2 | Cannot Decode response. |
502 | 5.5.1 | Too many unrecognized commands. Goodbye. |
502 | 5.5.1 | Unimplemented command. |
502 | 5.5.1 | Unrecognized command. |
503 | 5.5.1 | EHLO/HELO first. |
503 | 5.5.1 | MAIL first. |
503 | 5.5.1 | RCPT first. |
503 | 5.7.0 | No identity changes permitted. |
504 | 5.7.4 | Unrecognized Authentication Type. |
530 | 5.5.1 | Authentication Required. |
530 | 5.7.0 | Must issue a STARTTLS command first. |
535 | 5.5.4 | Optional Argument not permitted for that AUTH mode. |
535 | 5.7.1 | Application-specific password required. |
535 | 5.7.1 | Please log in with your web browser and then try again. |
535 | 5.7.1 | Username and Password not accepted. |
550 | 5.1.1 | The email account that you tried to reach does not exist. Please try double-checking the recipient’s email address for typos or unnecessary spaces. |
550 | 5.2.1 | The email account that you tried to reach is disabled. |
550 | 5.2.1 | The user you are trying to contact is receiving mail at a rate that prevents additional messages from being delivered. |
550 | 5.4.5 | Daily sending quota exceeded. |
550 | 5.7.0 | Mail relay denied. |
550 | 5.7.0 | Mail Sending denied. This error occurs if the sender account is disabled or not registered within your Google Apps domain. |
550 | 5.7.1 | Email quota exceeded. |
550 | 5.7.1 | Invalid credentials for relay. |
550 | 5.7.1 | Our system has detected an unusual rate of unsolicited mail originating from your IP address. To protect our users from spam. Mail sent from your IP address has been blocked. |
550 | 5.7.1 | Our system has detected that this message is likely unsolicited mail. To reduce the amount of spam sent to Gmail. This message has been blocked. |
550 | 5.7.1 | The IP you’re using to send mail is not authorized to send email directly to our servers. Please use the SMTP relay at your service provider instead. |
550 | 5.7.1 | The user or domain that you are sending to (or from) has a policy that prohibited the mail that you sent. Please contact your domain administrator for further details. |
550 | 5.7.1 | Unauthenticated email is not accepted from this domain. |
552 | 5.2.2 | The email account that you tried to reach is over quota. |
552 | 5.2.3 | Your message exceeded Google’s message size limits. |
553 | 5.1.2 | We weren’t able to find the recipient domain. Please check for any spelling errors and make sure you didn’t enter any spaces periods or other punctuation after the recipient’s email address. |
554 | 5.6.0 | Mail message is malformed. Not accepted. |
554 | 5.6.0 | Message exceeded 50 hops . This may indicate a mail loop. |
554 | 5.7.0 | Too Many Unauthenticated commands. |
555 | 5.5.2 | Syntax error. |
You must stop the spam-like behavior before submitting a request to Gmail. If you do not, your efforts and their time will be wasted.
If you have stopped the spam coming from your server, Gmail will usually remove your IP automatically in 3-5 days.
If not, then you may need to contact them for assistance.
To do so, you need to use this form. Be sure to be logged into your Gmail/Google account before you start the process.
It is highly recommend all areas are completed although they are not all required. You want to give the blacklist removal team as much information as possible to decide the you are not a spammer.
Keep it brief and to the point. For example, I commonly use this text:
The server had a compromised web application that was used to send spam to Gmail. We have removed this application from the server. Since removing the application, we no longer see unauthorized email being sent to Gmail.
Make sure your headers are complete and in text format. You only need to include one example. In general, try to find an example that is simplistic. Such as a message going directly from your server to Gmail. If the message was relayed through a third party, the headers can be obscured.
Try to use a text (.txt) file if possible. Avoid Windows or Mac specific formats.
Only copy the relevant portion of the server logs. Just 2-3 entries will suffice. They should look like the examples 550 and 421 examples above.
While not required, this is a key step to show that your server’s DNS is working. Successful results will look similar to:
<br data-mce-bogus="1"> [jeffh@office ~]$ host -t mx gmail.com gmail.com mail is handled by 40 alt4.gmail-smtp-in.l.google.com. gmail.com mail is handled by 5 gmail-smtp-in.l.google.com. gmail.com mail is handled by 10 alt1.gmail-smtp-in.l.google.com. gmail.com mail is handled by 20 alt2.gmail-smtp-in.l.google.com. gmail.com mail is handled by 30 alt3.gmail-smtp-in.l.google.com.
Make sure you do this from the impacted server using one of the records from your DNS lookup. Successful results will look similar to:
<br data-mce-bogus="1"> [jeffh@office ~]$ telnet alt4.gmail-smtp-in.l.google.com 25 Trying 2800:3f0:4003:c01::1a... Connected to alt4.gmail-smtp-in.l.google.com. Escape character is '^]'. 220 mx.google.com ESMTP c68si3349613vkd.85 - gsmtp
Example of a ping test. Note that if you have firewalls blocking ICMP traffic, this test may fail. If it fails, just do not include it in the removal request.
<br data-mce-bogus="1"> [jeffh@office ~]$ ping -c5 alt4.gmail-smtp-in.l.google.com PING alt4.gmail-smtp-in.l.google.com (64.233.190.26) 56(84) bytes of data. 64 bytes from ce-in-f26.1e100.net (64.233.190.26): icmp_seq=1 ttl=43 time=169 ms 64 bytes from ce-in-f26.1e100.net (64.233.190.26): icmp_seq=2 ttl=43 time=169 ms 64 bytes from ce-in-f26.1e100.net (64.233.190.26): icmp_seq=3 ttl=43 time=169 ms 64 bytes from ce-in-f26.1e100.net (64.233.190.26): icmp_seq=4 ttl=43 time=169 ms 64 bytes from ce-in-f26.1e100.net (64.233.190.26): icmp_seq=5 ttl=43 time=169 ms --- alt4.gmail-smtp-in.l.google.com ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4175ms rtt min/avg/max/mdev = 169.448/169.487/169.600/0.523 ms
This is an open-ended field but keep it short. I usually use this to note any unexpected issues or if a customer had previously sent a removal request but did not clean up the server.
Once you have all of the data complete, you can submit the form. You should see a message informing that the request will be investigated.
Usually, this is resolved within 5 business days.
Just be warned that there are no quick fixes. If you rush off to the removal page without fixing the issue, you will likely just be listed again.
In July 2015, Google launched Gmail Postmaster Tools. This is similar to webmaster tools but for email. If you managed email for your domain or your customers, you may want to sign up.