# Unblock IP addresses (SPAM and HACK)

#### Overview

We register and operate public IP ranges for customer services. When an address sends mail or traffic that looks like <span class="font-semibold" data-streamdown="strong">spam</span>, <span class="font-semibold" data-streamdown="strong">bulk abuse</span>, or <span class="font-semibold" data-streamdown="strong">compromised-system behaviour</span>, blocklists and peers can flag <span class="font-semibold" data-streamdown="strong">our whole network</span>, not just one server.

So we run <span class="font-semibold" data-streamdown="strong">automatic protections</span> and sometimes <span class="font-semibold" data-streamdown="strong">restrict outgoing mail</span> (for example, blocking <span class="font-semibold" data-streamdown="strong">SMTP on port 25</span> from that address) until the problem is understood and fixed. That protects you, our other customers, and deliverability for everyone on our platform.

<span class="font-semibold" data-streamdown="strong">**SPAM**-type blocks</span> usually mean our filters saw <span class="font-semibold" data-streamdown="strong">messages leaving your server</span> that scored like junk: content, volume, bad list hygiene, weak authentication, or a <span class="font-semibold" data-streamdown="strong">compromised</span> mailbox/script relaying mail you did not intend.

<span class="font-semibold" data-streamdown="strong">**HACK**-type blocks</span> mean the traffic pattern looks like <span class="font-semibold" data-streamdown="strong">abuse from a broken or attacked machine</span>: malware, open relay abuse, scanning, brute-force egress, or similar — not “we didn’t like your newsletter wording” alone.

#### Before you click “Unblock”

Unblocking is <span class="font-semibold" data-streamdown="strong">not</span> a reset button. If the cause is still there, you will often be <span class="font-semibold" data-streamdown="strong">blocked again</span>, sometimes <span class="font-semibold" data-streamdown="strong">longer</span> or with <span class="font-semibold" data-streamdown="strong">stricter</span> review.

[![NoCIPDetails.png](https://docs.f2h.cloud/uploads/images/gallery/2026-04/scaled-1680-/nocipdetails.png)](https://docs.f2h.cloud/uploads/images/gallery/2026-04/nocipdetails.png)

##### If this were flagged as SPAM

1. <span class="font-semibold" data-streamdown="strong">Stop mail leaving that server</span> — stop or disable the MTA (Postfix, Exim, Sendmail, etc.) until you know what happened.
2. <span class="font-semibold" data-streamdown="strong">Drain the queue</span> — inspect and clear stuck mail so nothing fires out the moment you lift the restriction.
3. <span class="font-semibold" data-streamdown="strong">Trace the Message-ID</span> (from our alert email, if we sent one) in your logs to see <span class="font-semibold" data-streamdown="strong">which</span> messages triggered the block.
4. <span class="font-semibold" data-streamdown="strong">Fix the cause</span> — compromised account, misconfigured site form, newsletter tool without unsubscribe, open relay, weak authentication, missing PTRs, etc.
5. <span class="font-semibold" data-streamdown="strong">Only then,</span> use <span class="font-semibold" data-streamdown="strong">Unblock SPAM</span> in the NOC.

##### If this were flagged as security abuse

1. <span class="font-semibold" data-streamdown="strong">Stop the abusive activity</span> — isolate the host if needed.
2. <span class="font-semibold" data-streamdown="strong">Patch, rotate passwords/API keys, remove malware</span>, close exposed services, and review firewall rules.
3. <span class="font-semibold" data-streamdown="strong">Only then</span> use <span class="font-semibold" data-streamdown="strong">Unblock HACK</span> (or the equivalent security unblock action) in the NOC.

#### Unblock in the NOC (IP Address Management)

1. Sign in to the NOC and open <span class="font-semibold" data-streamdown="strong">IP Address Management</span>.
2. Find the IPv4 (search, filters, or quick search).
3. Expand the row.
4. Choose <span class="font-semibold" data-streamdown="strong">Unblock SPAM</span> or <span class="font-semibold" data-streamdown="strong">Unblock HACK</span> as appropriate.
5. Wait a few minutes; network changes are not always instant.

You can only unblock addresses that <span class="font-semibold" data-streamdown="strong">belong to your account</span>. If a button is missing or the request fails, the IP may not be in your inventory, or the block type may require a <span class="font-semibold" data-streamdown="strong">support ticket</span> with evidence of remediation.

#### What you should do so you don’t get blocked again

##### <span class="font-semibold" data-streamdown="strong">Mail authentication &amp; identity</span>

- Set correct <span class="font-semibold" data-streamdown="strong">SPF</span>, <span class="font-semibold" data-streamdown="strong">DKIM</span>, and <span class="font-semibold" data-streamdown="strong">DMARC</span> for the domains you send from.
- Set <span class="font-semibold" data-streamdown="strong">PTR (reverse DNS)</span> to a hostname that <span class="font-semibold" data-streamdown="strong">matches</span> forward DNS (A/AAAA) for the same IP — see your PTR guide.
- Prefer authenticated submission (<span class="font-semibold" data-streamdown="strong">587</span> / <span class="font-semibold" data-streamdown="strong">465</span>)\*\* with real credentials\*\*, not anonymous relay paths.

##### <span class="font-semibold" data-streamdown="strong">Content &amp; sending behaviour</span> (why “legitimate” mail still trips filters)

- Avoid spammy patterns: <span class="font-semibold" data-streamdown="strong">all caps</span> subjects, heavy <span class="font-semibold" data-streamdown="strong">promo</span> language, <span class="font-semibold" data-streamdown="strong">many links</span> vs little real text, embedded scripts, “too good to be true” offers.
- For any bulk or marketing mail: <span class="font-semibold" data-streamdown="strong">clear From</span>, honest <span class="font-semibold" data-streamdown="strong">Subject</span>, and a working <span class="font-semibold" data-streamdown="strong">unsubscribe</span> for people who didn’t ask or changed their mind.
- Warm up new IPs and don’t blast cold lists from a fresh server.

##### <span class="font-semibold" data-streamdown="strong">Volume &amp; operations</span>

- Very high outbound volume: use <span class="font-semibold" data-streamdown="strong">dedicated sending IPs</span>, keep <span class="font-semibold" data-streamdown="strong">abuse@</span> (or similar) monitored on that domain/range, and don’t mix many unrelated brands on one sending identity unless you know the risk.

##### <span class="font-semibold" data-streamdown="strong">After you unblock</span>

- Send a <span class="font-semibold" data-streamdown="strong">small test</span> and check headers and blocklist/diagnostic tools.
- If you’re blocked again quickly, assume remediation was incomplete — <span class="font-semibold" data-streamdown="strong">do not</span> unblock in a loop without fixing logs and queue first.

#### If you think it’s a mistake

If you’re sure the traffic was legitimate and authentication and content follow normal standards, open a <span class="font-semibold" data-streamdown="strong">support ticket</span> with:

- The <span class="font-semibold" data-streamdown="strong">IP</span>
- <span class="font-semibold" data-streamdown="strong">Approximate time</span> of the block
- <span class="font-semibold" data-streamdown="strong">Sample message headers</span> (or Message-ID from our alert) for the mail we classed as problematic

We’ll review whether it was a <span class="font-semibold" data-streamdown="strong">false positive</span> and what to adjust.