The Spamhaus Project


ESPs: Why IP and Domain Reputation Matter and How to Manage Them

by The Spamhaus TeamMay 29, 20246 minutes reading time

Jump to


As an email service provider (ESP), your aim is to maintain a safe and trustworthy network for email senders (and their recipients) while ensuring they achieve high deliverability rates. A task that is no mean feat when you're servicing a bank of customers with hundreds of thousands of IPs and domains - each with a reputation associated. A reputation that can influence both you and your customers.

IP and domain reputation signal

These are an indicator of if, when, and how to engage with an IP or domain. They should be leveraged to minimize the risk of potential security incidents and to drive customer success. Ensuring that each customer on your platform has a strong reputation and considers all the elements that influence it, is paramount. This includes understanding when reputation is at risk, what is causing it, and how to fix it.

But there’s more.

IP and domain reputation also have a much broader application and are intrinsically linked to your brand reputation and overall business success. But, how? Maintaining a neighborhood of customers with positive reputation, means fewer security incidents, resulting in fewer complaints and, ultimately, happy customers.

With a safe and trustworthy network and highly satisfied customers, your email service becomes more appealing to new customers driving business growth. Therefore, it makes business sense to implement as many best practices as possible upfront before launching a service.

IP and domain reputation best practices

To manage IP and domain reputation effectively, ESPs should follow these key principles:

1 - Invest in experts

Your top priority should be to invest in individuals who really understand reputation. They need to understand the entire ecosystem. This includes the intricate nuances of reputation, the sending infrastructure and configurations, the language of deliverability and reputation—also, an understanding of global laws, best practices, and, of course, the data.

You can have all the data in the world, but if you don’t have the knowledge or expertise to interpret it, it is useless.

2 - Implement infrastructure best practices upfront

First and foremost, a solid infrastructure is key to launching a successful email platform. Your platform is the foundation and it is typically the first visible part in terms of reputation. If your platform does not follow all best practices you will begin with a negative reputation. This means you will not be successful sending email for any client. Adhering to infrastructure best practices is essential for any entity that has a platform that allows email to be sent, including:

  • following authentication protocols,
  • securing Port 25,
  • preventing open proxies,
  • configuring rDNS properly,
  • setting up bounce processing, and,
  • implementing outbound virus and spam filtering.

3 - Establish a pre-customer process

Before a customer even steps foot through the virtual door, several factors must be considered. First, it’s essential to set pricing levels that don’t attract “undesirable” customers while at the same time prevent customers from jumping ship.

The next step is vetting. This process should be reviewed and followed closely to help filter out any high-risk customers. Consider: What is the potential customer’s current digital footprint? Have they provided data to review? How is their brand perceived in the marketplace?

Then, focus on everything you can do to minimize risk before the customer is let loose. Have policies and procedures that lay the groundwork and clearly outline what is unacceptable. An acceptable use policy and stringent setup rules should be a priority. However, don’t just set them up; enforce them.

4 - Invest in reputation monitoring tools and signal

Invest in the tools and signals necessary to understand your reputation, your customers' reputation and, more importantly, to be notified if there are any changes from a risk perspective. The data you have on your own infrastructure is just one perspective of what is happening. A combination of sources is required to build understanding and a more complete view.

Furthermore, investing in external reputation data, like Spamhaus’ industry-leading IP and domain reputation datasets, provides a more holistic view so you can act accordingly. There are also several services that help to monitor reputation, including Validity’s Sender Score, Barracuda Central, Postmaster Tools at Google, and Microsoft SNDS to name a few. By monitoring a number of reputation services, you will be able to gain a broader perspective on the health of your platform.

5 - Monitor customer activity

Once onboard, carefully monitor new customers’ activities. This is important as it helps catch those “undesirable" customers that you may have missed in the initial vetting process, and allows the review of customer data to establish a standard customer baseline. With a line drawn in the sand, it’s much easier to identify and investigate customers experiencing issues that could pose a risk to the wider network. This includes both low-risk and high-risk customers—victims can be anyone.

Alerts and attention to data trends are vital for catching customers needing improvement. In most situations, those with the highest reputation will remain consistent, sending the same emails using the same domain, from the same IPs. Furthermore, Spamhaus and other anti-abuse services will not immediately trust a new domain or IP!

6 - Be responsive

And be proactive. Contact customers displaying significant behavioural changes - a sudden spike in bounced emails, or in complaint metrics could be the first sign of trouble! Security incidents require swift action, where every minute counts. Where abuse is identified, terminate services without haste and offer support to customers in resolving encountered issues.

7 - Do proactive analysis

Using IP and domain reputation data points for analyzing customer behaviour is key to identifying anomalies and pinpointing problems before something goes wrong. It also allows time for remediation and risk management. Your analysis should include but not limited to the following:

  • Spam Rates
  • Low engagement
  • High bounces
  • Excessive deferrals

If there is a change to these metrics, it’s a signal to review the client closer.

Nevertheless, incidents will occur, and a goldmine of data will follow: spam complaints will increase, bounces will increase and overall negative metrics will increase. Use it and dig deep into historical data to understand attribution and context. As the saying goes, “every cloud”.

8 - Educate and support senders

Education is the single most effective tool to manage IP and domain reputation. Continuously educate customers on how to build and maintain a positive reputation, for example:

  • maintaining clean email lists through confirmed opt-in,
  • setting up a sunset policy,
  • implementing a permission pass campaign,
  • compliance with regulations, laws, and industry standards
  • best practices for email marketing, and,
  • guidance on IP and domain warm-up strategies.

Knowledge is power, and the more your customers understand, the easier it is to maintain a positive reputation.

ESPs—These key principles equip you with the tools you need to manage and protect your IP and domain reputation effectively. Your IP and domain reputation is your brand reputation; make it a priority.