Why Domain Reputation Monitoring Is Important

When was the last time you Googled your own name? Knowing what’s out there about your own name, your company name, and more, is a simple way to gauge if your marketing is working, what you are known for, and if your messaging as a business owner or marketer is effective. But monitoring the reputation of your domain name takes a slighly different approach.

What does “domain reputation” really mean?

Just like your real-world reputation, the reputation of your domain name as a source of quality content affects whether other sources allow that content to be shared. In an age where transparency is king, all we have are our reputations. Is your content being shared across a variety of social platforms, in your email communications, and being indexed by search engines? Often, filters at the highest levels will reference your domain name against various reputation catalogues and databases. These sources check if there is a history of phishing content, misleading links, or other reasons to block content from being displayed in a prominent and accessible way.

Companies like Yahoo and Verizon maintain a few of these services, and various organizations (like your local telecom provider, or other email account providers like Gmail, Hotmail, Yahoo, and others) rely on them to recommend whether a domain is known as a “clean” source. Their job is to protect their email clients from viruses, spam, and much worse. If a domain has a history of being hijacked, or used for things like a source of trojans, infected downloads, spam, phishing links, or other undesirables, this will be listed.

A listed domain may have content blocked from being indexed by Google, or have email blocked at the server level from reaching your customers. This is commonly known as “blacklisting”, and it happens more often than you may realize.

How does a domain reputation become compromised?

While it’s typically, and frustratingly, difficult to determine the exact moment and how a domain becomes compromised, there are a few common weaknesses that tend to be exploited by those bad actors that we keep hearing about. These include things like a lack of spam prevention for comments on blog posts, lack of firewalls at the web host level, and things like open server ports, weaknesses in content platforms, and other complex ways. It could mean that a tiny self-contained program can be implanted on a site with a weakness. It could mean that a website that is on the same shared hosting plan with your site became infected, and this migrated to other sites on the same server. It could even mean that a link was implanted during a software update – again, it’s surprising how often any of these things happen.

You might rationalize, “But, my site is too small to be noticed. Why would I be targeted?”

Interestingly, being small might be *exactly* why a site may become infected. Smaller sites tend to be less protected, perhaps due to lack of expertise, budget, or other reasons. Many small fish can lead to a big catch.

It’s also not neccessarily the case that you were “targeted”. Virtually all malware is spread via automation, not a human directly targeting code to a specific website. The self-propelled viral spread of malware, be it spyware, phishing links, and so on, does not require the intervention of a person who determines a viable target.

Once this sort of malware is present, it takes very little time to be blacklisted, because the tracking databases are also fully automated. This tracking is uncannily quick and accurate.

What can happen if your domain’s reputation has been compromised?

Mail, RSS feeds (as in the subscription to a series of articles or posts from a website) and other data that is shared either manually or automatically from an infected site that has been listed, is likely to be rejected. Sometimes, social posts from a listed site (such as a shared article or image) may be rejected on major social platforms. Links included in an email may cause the email to be rejected by the recipient. And worst of all, bulk email – such as your email newsletter – will likely be filtered and blocked altogether.

For example, if you typically send out an email marketing newsletter to your 1000 most valuable clients about once a month, and perhaps 50% of those client recipients have their email addresses at an @gmail, @yahoo, @outlook, or @telecom provider email address, those emails are likely to be filtered and rejected out of hand. They will never even know that you sent the email in the first place.

Considering the volume of subscribers who use this type of email address, rejection rates from an unprotected or listed domain can be anywhere between 30% and 80%. Not many businesses can afford to waste roughly half of their marketing dollars or efforts.

On top of that, listed domains can lose visitors to their websites, because they become blocked by anti-virus software on the client’s computer or mobile device. Even 10% of the traffic lost to a website can mean serious costs to any business – let alone 30% to 80%.

How do you perform a quick check on your domain’s reputation?

We recommend the following tools to get an idea of your domain’s reputation. Don’t use just one, use them all.

How do you monitor your domain’s reputation on an ongoing basis?

You can simply run the above checks regularly, some of which will give you a few tools that are clear and easy to read, and some which are more detailed, technical, and complex. As long as you have the ability to make corrections on your own, or if you have staff or a reliable contractor to solve the problems, that may be enough. (We do offer a managed monitoring service, included in our DMARCDoneRight service.)

If you have a WordPress site, we also strongly suggest the use of a plugin such as Sucuri Scanner (free and paid versions) plus Jetpack (also free and paid options) and Jetpack Protect in combination to help trap problems immediately.

What do you do if you find your domain’s reputation is less than squeaky clean?

There’s no nice way to say it, but getting removed from a blacklist can be a lengthy and tedious process. (Although, it need not be expensive.) It requires you to remove the malware and check your site after repairs (Sucuri Scanner works very well) and then request de-listing from blacklists. We strongly suggest starting by contacting your web host, and see if they have recommendations.

There is a possibility that your request for removal may be denied, but if you have done your homework, the chances of that are relatively slim. If you feel confident making adjustments to your own website, DNS records, and so on, this may be something that you can do yourself. (If not, we can definitely help! Please reach out via our contact page.)

Protection is cheaper than starting over

It’s always less costly to hide the matches than to rebuild the house. Protection need not be expensive, but it should be taken as a priority. If you have an ecommerce site that forms the bulk of your business, if you use email to communicate with clients or for your marketing, or if you spend money on ads to drive traffic to your website, a simple protection approach can go a long way to shielding your business for many years to come!