EE Turunen

EE Turunen

Exploring tech and security

SendGrid's Shared IP Problem

I have always liked SendGrid: they have a great API, good documentation, and decent support. It has been my go-to email service provider ever since GitHub introduced it to their Student Pack in 2014. Recently, though, I had an annoying problem with them.

Platforms such as SendGrid naturally attract users who abuse the service by sending spam or carrying out phishing attacks. This is problematic for other users on the platform since on most plans the emails sent out by scammers are delivered from the same IP addresses as the mails sent by legit businesses. Those IP addresses can be blacklisted by ISPs and mailbox providers.

One of our customers recently switched from custom SMTP servers to SendGrid and got to a situation where – despite their stellar reputation – the SendGrid IP address from which their mails were sent got blacklisted by Microsoft. This meant that none of the emails sent from the customer’s service were delivered to Outlook addresses. So, if a user of the service had a Hotmail, Live, or Outlook address, they couldn’t receive any transactional mails from the service. SendGrid just got blocked with the following error message:

550 5.7.1 Unfortunately, messages from [167.89.100.239] weren’t sent. Please contact your Internet service provider since part of their network is on our block list (S3140). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors.

Something had to be done, so I sent Microsoft a message concerning this and quickly got a response:

Microsoft Support

We have completed reviewing the IP(s) you submitted. The following table contains the results of our investigation.

Not qualified for mitigation: 167.89.100.232/29

Our investigation has determined that the above IP(s) do not qualify for mitigation. These IP(s) have previously received mitigations from deliverability support, and have failed to maintain patterns within our guidelines, so they are ineligible for additional mitigation at this time.

Please ensure your emails comply with the Outlook.com policies, practices and guidelines found here: http://mail.live.com/mail/policies.aspx.

Bummer.

At first I couldn’t quite believe this: many important services use SendGrid, so could it be possible that the IP addresses of SendGrid were blacklisted?

I then sent another message, this time to SendGrid Support, and got a timely response from them as well:

SendGrid Support

As you are aware, it appears that one or more of the IPs (167.89.100.238 and 167.89.100.239) on your shared IP pool is blacklisted. I’m very sorry about the experience you’re having with the IP being in a blacklist; I understand how frustrating that must be.

This blacklisting is due to your account sending from Shared IP pools. Since there are hundreds, sometimes thousands, of other senders using the same IP(s), unfortunately, ignorant sending can affect the whole IP pool. In addition, we do have a Compliance team dedicated to keeping bad senders off of our platform, but it is inevitable that some will slip through the cracks, so these blacklistings can be intermittent.

Please know that SendGrid is unable to move accounts to different shared IP pools, but our systems will programmatically move accounts to different pools based on reputation and internal logic.

SendGrid is also unable to move IPs in and out of pools because it gives the impression of Snowshoe Spamming; a strategy where spam is propagated over several domains and IP addresses to weaken reputation metrics and avoid filters, which can make things worse.

We do however proactively monitor our shared IP pools and attempt to mitigate all blacklisted IPs as soon as possible.

The most decisive way to address this problem is to upgrade your subscription to Pro, which uses a dedicated IP addresses to send mail. This would eliminate the possibility that other SendGrid users could negatively affect your sending IP’s reputation and thusly message deliverability.

All accounts that are on Pro and above packages utilize Dedicated IP addresses, and only accounts on Essentials and Free plans utilize Shared IP pools. Being grouped with others on a list of IPs can offer several benefits - it’s particularly affordable and the addresses are also kept warm by the volume of the shared users requesting mail through them. Unfortunately, unforeseen listings are a somewhat common issue when using an account utilizing shared IPs as your account is sharing IPs with many other SendGrid users. Regrettably, ignorant sending can affect the entire group’s deliverability. The benefit of a Dedicated IP includes the ability to control your own reputation, thereby avoiding blacklisting and deliverability issues.

So basically, if you want your transactional or marketing emails to be succesfully delivered, you must upgrade to the Pro plan and utilize a dedicated IP address. This, of course, makes sense, but I only wish that we would have done better research concerning the pros and cons of the plans before just choosing the plan with only the email quota in mind.

The Pro plan is really inexpensive, so it’s worth it. The support even offered us a discount for the first three months, which was a nice gesture.

I will be recommending SendGrid in the future as well, but if you care about deliverability, skip the Free and Essentials plans.