Amazon EC2 adds features to combat email blacklisting

Carl Brooks, Senior Technology Writer
Amazon Web Services confirmed that it is testing changes to its DNS record system that will prevent email blacklisting for EC2 users. The changes likely include adding support for reverse DNS lookups, a way for providers to verify the validity of an email domain and originating IP address, and PTR records that users can implement to boost legitimacy.

More on blacklists and Amazon EC2:
Amazon EC2 email blocked by antispam group Spamhaus

Amazon EC2 email blackout raises concerns about security, reliability in the cloud

Spammers commonly spoof, or imitate fake domain names from IP addresses to send bogus email traffic, and community services often maintain blacklists of offending addresses to combat this problem. Amazon Web Services, plagued by spamming issues, routinely has its IP addresses blocked, effectively preventing its users from sending out emails.

"I can confirm that we are working on functionality to allow Amazon EC2 users to make small modifications to the DNS information associated with their Elastic IP addresses in order to more easily send email from Amazon EC2," said Amazon spokeswoman Kay Kinton in an email.

"Certain spam filtering organizations require changes in our reverse DNS information in order to white list user's Elastic IPs. The work we are doing is aimed at making this easy for Amazon EC2 users," she said.

The private beta announcement was made in a thread that originated in June 2009. Users complained again that they were being listed as spammers automatically just because they had an EC2 IP address. Amazon currently requires affected users to individually apply to both Amazon and the blacklister (in this case, the Mail Abuse Prevention System from Trend Micro) and request to be removed. Most hosters provide services to assist in this process, but Amazon has not.

In a related post, AWS staff said: "As each DNSBL (DNS-based Blacklist) service is unique and requires working with different organizations and technical system, progress is slower than we would like."

The exact nature of the records modifications were not made public, but Trend Micro's MAPS and the more widely used and feared Spamhaus have specific requirements for hosters to meet to confirm a valid IP address, which include accurate reverse DNS lookup and PTR records.

Backlash on blacklists
Critics of the blacklists say that the lists can be inaccurate and overbroad, along with the fact that they are not endorsed by the industry. They are, however, the primary line of defense against unsolicited email, a plague that was estimated to be 81% of all email traffic last year, according to uptime monitor Pingdom.

Amazon has previously said that it is not responsible for users getting blacklisted, but that statement has been widely criticized. The criticism has grown as the vast majority of hosters, cloud or not, have proven themselves proactive and experienced in handling inappropriate blacklisting.

A major blacklisting by Spamhaus in September 2009 affected both Amazon and Rackspace; Rackspace was able to remove its IP block and return email functionality to customers in a few hours, while Amazon struggled for several days.

Carl Brooks is the Technology Writer at Contact him at

Join the conversation Comment



    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.