Why are my IPs listed on Spamhaus CSS despite passing DMARC, DKIM, and SPF?

Email marketer from EmailToolTester shares that factors such as low engagement, spam complaints and spam trap hits can override authentication. Also highlights that even if your email passes authentication it will still be marked as spam.

Email marketer from SendGrid responds that being blacklisted despite proper authentication may point to issues beyond technical setup. They mention content issues, list hygiene problems, and low sender reputation as contributing factors, even when DMARC, DKIM, and SPF are correctly implemented.

Email marketer from GlockApps shares that a Spamhaus listing, despite passing authentication, can occur if your sending practices are perceived as spammy by their algorithms. This may include low engagement, high complaint rates, or sending to outdated/unclean lists. Furthermore, even legitimate transactional emails can trigger filters if the overall sending reputation is poor.

Email marketer from Email Geeks shares they found accounts with domains listed on the DBL and will prevent DBL-listed domains from being added to the system.

Email marketer from MailerCheck shares that maintaining a good domain reputation is critical for deliverability. Blacklists such as Spamhaus consider factors, beyond authentication, such as complaint rates, engagement metrics, and spam trap hits. Low engagement and high complaint rates can lead to a listing regardless of authentication.

Email marketer from Mailjet explains that even with proper authentication (DMARC, DKIM, SPF), IPs can be listed on Spamhaus CSS due to factors like sending spam-like content, sudden volume spikes, or being associated with compromised accounts. They also point out that shared IP reputation can be affected by other users' sending habits.

Email marketer from StackExchange shares that your email content is what is triggering spam filters, even if your email is authenticating properly. Make sure not to use 'spammy' words and to correctly format the content as this may be what is causing the issue.

Email marketer from StackOverflow shares that Spamhaus and other blocklists often use reputation scoring systems. Factors such as message content, link destination, and sender history are considered. A sudden shift in sending patterns can negatively impact reputation, even if authentication is properly configured.

Email marketer from Reddit shares that even with authentication in place, CSS listings can stem from negative recipient engagement. This includes low open rates, high unsubscribe rates, and spam complaints. Also highlights the importance of monitoring feedback loops and promptly addressing complaints.

Email marketer from Blogger shares that Spamhaus also tracks your users to see where they are coming from and going too. It also monitors if they are engaging and reporting your emails as spam. If users are not engaging with your emails then that could trigger the listing.

Email marketer from Email Geeks states that they are working to onboard large senders to reject emails to common typos and toxic domains.

Email marketer from Quora shares that one of the largest causes of blacklisting and deliverability issues is low engagement. Ensuring your emails get high engagement is important for having emails landing in peoples inboxes.

Expert from Email Geeks says to look at who the customers are, what mail they're sending and how they acquired the addresses. The behavior observed is typical of mail perceived as spam.

Expert from Email Geeks explains that spam filters are designed to recognize bad actors spreading traffic across multiple sources and that reputation damage can spread across shared infrastructure.

Expert from Email Geeks suggests reviewing hostname PTR records to be obvious that it should send mail, rather than looking like a compromised server.

Expert from Word to the Wise explains that if you are on a shared IP, other users' behavior can impact your reputation and lead to Spamhaus CSS listings, even with proper authentication. It's a shared responsibility to maintain good sending practices.

Expert from Email Geeks explains that CSS listings are often content related and suggests checking if customers are sending spam through the system and advises to address compliance issues.

Expert from Spamresource states that Spamhaus CSS listings can result from sending mail that appears similar to spam even if you aren't sending spam, this may include certain words or subjects that are more akin to spam than transactional emails.

Expert from Email Geeks shares that a 0.5% bounce rate for OTP emails is high and could indicate customers are not sending to opt-in addresses.

Documentation from RFC explains that while SPF prevents sender address forgery, it does not guarantee deliverability or prevent blacklisting. Blocklists like Spamhaus consider a wide variety of factors beyond the scope of SPF.

Documentation from DigitalOcean explains that email blacklists, like Spamhaus, often consider factors beyond authentication, such as sending volume, complaint rates, and spam trap hits. Having correct authentication helps, but it's not the only determinant for avoiding blacklists.

Documentation from DMARC.org explains that DMARC primarily protects against direct domain spoofing, but it doesn't guarantee inbox placement or prevent all forms of abuse. A poor sender reputation or low engagement rates can still lead to blacklisting, regardless of DMARC compliance.

Documentation from Spamhaus explains that the CSS (Composite Spam Score) listing focuses on identifying IP addresses that exhibit characteristics similar to known spam sources. Listing criteria may include spam content, spam traps hits, or malware distribution, regardless of authentication.

Documentation from Microsoft explains that having a poor domain reputation can lead to emails going to the junk folder. Having a good domain reputation can take time and effort to get right and requires maintaining it.