Gmail treats Netlify Loadbalancer IP as Spam

Hi there,

My netlify site name is watchful.netlify.app and our domain is watchful.io. We’ve been dealing with our e-mails being flagged as spam for a little while now - and after adding SPF & DKIM records we moved back into good standing with other spam lists. Our domain is no longer listed anywhere for spam yet our e-mails still get sent to Gmail spam folders.

Today, I chatted with Google Support and they indicated that the reason why our e-mails are being sent to spam is because our domain lists an A record for 104.198.14.52 (the Netlify Loadbalancer) which is blacklisted by Google. Google Support specifically mentioned that there were no other issues with our domain other than this A record.

What are our next steps to fix this? This is a huge blocker for us

I think you may have misheard google - they aren’t “blacklisting” their own IP (we use google’s cloud for our load balancer). I think they were saying it is blacklisted elsewhere, and that this is causing the poor reputation.

As I asked in the helpdesk, if you can get them to tell you where that IP is on a list, we should be able to work with the listing agency to get ourselves and thus you, removed.

If you want to take a different tack, and avoid using our load balancer, the only way to host with us & do that is to either not host your bare domain with us, or to use our DNS - the only place you’ll use that IP is on a bare domain that is not hosted in our DNS. Bare domains hosted in our DNS, and subdomains pointing with a CNAME will not use that IP.

Just following up here as we continued working with Google support through this. 104.198.14.52 shows up on a couple of different blacklists which Google uses to calculate domain reputation for e-mail senders. You can see which blacklists specifically here: http://multirbl.valli.org/lookup/104.198.14.52.html

Note: this is the tool the Google support agent suggested I use, and they said that if the IP is removed from the blacklists our reputation should return to normal.

While I understand that this is a LB run by Google itself, my understanding is that the way they calculate domain reputation is blind to who owns the infrastructure in question and likely fits heavily on outside signals that might indicate abuse.

I’m happy to try Netlify DNS, but I wanted to flag this anyway so the root issue can be solved.

Thanks so much!

I’ve requested delisting where it makes sense, at two of the listed locations. As mentioned before, spfbl does not allow unlisting and should not be used, so I couldn’t do anything about that one. This one was also impossible to contact (their contact form does not work), so couldn’t do anything about it either: https://polspam.pl/kont.php

Further, at least one of the listings will specifically NOT affect email deliverability, at abusix.ai - the last line is especially relevant.

This blacklist lists all IP addresses that are unlikely to be used by a legitimate mail server. Legitimate mail servers should use a static IP address with a non-generic PTR record and that reflect the host and domain name of the mail server and ideally should match the forward lookup for the same name (FCrDNS).

It is designed to catch botnet traffic, compromised hosts, hijacked IP space and compute/VPS hosts.

Being listed in this zone will not affect your ability to send email unless there is a mail server running on it.

Hopefully those submissions will help out! If not, Netlify DNS is the best recommendation I have.

Hello,

I have the same problem with DNSBL. If you could contact to unlist I would be very grateful. This is the information I have:

Domain: solaw.lt
Server: 52.14.198.104.bc.googleusercontent.com
Type: A
IP: 104.198.14.52
Information: IP 104.198.14.52 is UCEPROTECT-Level 1 listed. See http://www.uceprotect.net/rblcheck.php?ipr=104.198.14.52

It was listed on September 15, 2020.

I don’t see any details which I can use to contest the listing. There is no mailserver on that host, so the listing seems wrong, but presumably they have some details about what caused the listing. Did you see anything in that listing that gives more clues other than “we don’t like this IP” ?

1 Like

Thank you for your fast reply. No, they don’t give more information (all info below). So I guess I just ignore this one. Thank you for your time.

What does it mean to be listed at the UCEPROTECT-Level 1?
It means abusive activity was seen from IP 104.198.14.52 directly within the last 7 days.

Concrete allegation:
Portscans or hacking attempts were seen against an UCEPROTECT-System from IP 104.198.14.52.

Who is responsible for this listing?
It is POSSIBLE that it’s not you which caused the problem, because you are visiting this website from a different IP now.

If you know the administrator of the listed IP, you should contact them and report that suspicous things are originating from their IP.
Mostly infected PC’s but also possible an hacker that has broken into their system are the reason in this case.
They should check all systems behind their IP with an actual Ant-ivirus/Anti-Trojan/Anti-Rootkit tool.