Many senders believe they are doing everything right. Their domains are authenticated, their campaigns are permission-based, and their deliverability metrics appear stable. Yet sooner or later, some still find themselves facing blocklist issues, sudden filtering problems, or reputation damage.

That was the central theme of the latest CSA Live Webinar, “Why Legitimate Senders End Up on Blocklists — although they think they do everything right,” featuring Lauren Meyer (Founder, Send It Right) and Melinda Plemel (Senior Consultancy Specialist, Spamhaus).

If you would like to watch the full session, the webinar recording is available on YouTube.

Both speakers approached the issue from different sides of the email ecosystem — Lauren Meyer from the sender and ESP perspective, and Melinda Plemel from the blocklist and anti-abuse perspective. Despite these different viewpoints, both described seeing the same patterns repeatedly across the industry.

As Melinda Plemel summarised during the discussion:

“The world changes around you, and if you don’t change with it, you’re going to get caught.”

The Email Ecosystem Has Changed

One of the strongest themes throughout the webinar was how much the email industry has evolved over the past few years.

Authentication standards such as SPF, DKIM, and DMARC are now considered baseline requirements. At the same time, filtering systems, sender reputation models, and abuse detection mechanisms have become significantly more advanced.

According to the speakers, many senders still operate under the assumption that stable infrastructure and unchanged processes automatically lead to stable deliverability. However, mailbox providers and blocklist operators continuously adapt to new threats and abuse patterns.

From the sender perspective, Lauren Meyer explained that many organisations still focus heavily on traditional metrics and established workflows. From the blocklist perspective, Melinda Plemel highlighted that malicious actors have become increasingly sophisticated at blending into legitimate traffic patterns.

The result is an ecosystem where even legitimate senders can unintentionally trigger reputational risks.

Sophisticated Abuse Often Looks Legitimate

A particularly interesting part of the webinar focused on how modern spam operations have evolved.

Today’s abusive senders often imitate legitimate sending behaviour remarkably well. They use domain warming services, inbox rotation, lead scraping, residential proxy networks, account takeovers, and credential stuffing attacks to remain below enforcement thresholds and avoid detection.

Lauren Meyer noted that some spammers are “very good at staying under the radar,” carefully suppressing highly engaged users who are more likely to report messages as spam.

Melinda Plemel added that entire online communities now exist around bypassing filters and optimising cold email tactics:

“There are subreddits around how to do this type of mailing and how to get past filters.”

The speakers also discussed how credential stuffing and account takeovers have become increasingly common due to the enormous amount of leaked credentials available online after years of large-scale data breaches. Attackers use this data to test compromised credentials across email infrastructure and SMTP services, often through proxy networks and automated attacks.

This creates challenges not only for mailbox providers, but also for legitimate ESPs and senders sharing infrastructure with abusive actors.

Shared Infrastructure Means Shared Risk

Another key takeaway from the webinar was the growing complexity of shared sending infrastructure.

As ESPs consolidate and platforms grow larger, multiple sender types increasingly share the same systems, IP pools, and reputational environments. This makes it significantly harder to isolate problematic traffic and easier for reputational damage to spread across otherwise legitimate senders.

The speakers stressed that organisations should isolate sender reputation wherever possible through dedicated subdomains, clear sender identification, strong compliance processes, and careful customer vetting.

Melinda Plemel also emphasised that compliance and deliverability teams should not be viewed merely as operational cost centres. Strong abuse prevention and vetting processes ultimately help protect the long-term reputation and business value of an entire platform.

Are Senders Monitoring the Right Things?

One of the most valuable parts of the webinar explored whether senders are actually monitoring the right signals.

Traditional deliverability metrics such as open rates, click rates, complaint rates, and inbox placement tests still provide useful information — but they no longer tell the full story.

The speakers discussed how Apple’s Mail Privacy Protection (MPP) significantly changed the meaning of open rates, while mailbox providers increasingly rely on far more complex behavioural signals.

Lauren Meyer also challenged the industry’s heavy reliance on seed testing:

“People treat them like gospel.”

She explained that mailbox providers have spent years learning to distinguish seed accounts from real human behaviour, making seed tests a far less reliable proxy for actual inbox placement than many senders assume.

Mailbox providers now analyse much more sophisticated engagement patterns, including dwell time, reading behaviour, folder movement, long-term interaction trends, and user-level engagement consistency.

As the speakers repeatedly emphasised throughout the session, no single metric should ever be viewed in isolation.

Spam Traps Are a Warning Sign — Not the Root Cause

Spam traps were another major topic of discussion during the webinar.

According to Melinda Plemel, occasional spam trap hits can happen to almost any sender. What matters is the broader pattern surrounding those hits and what they reveal about underlying data quality.

Spam traps often indicate ageing data, weak list hygiene, poor validation processes, or problematic acquisition practices that have gradually developed over time. The webinar also highlighted how typo traps can expose operational weaknesses, particularly when organisations continue sending to obviously incorrect domains or addresses that should have been identified during normal hygiene processes.

Importantly, the speakers stressed that blocklist listings rarely happen because of one isolated signal. Instead, they result from an accumulation of concerning indicators over time.

Deliverability Problems Quickly Become Business Problems

One of the most memorable parts of the webinar was the discussion around the real business cost of blocklist incidents.

Lauren Meyer shared an anecdote about a large sender that ended up on a Spamhaus blocklist and attempted to schedule an eight-hour emergency call to resolve the issue. The situation escalated so far internally that senior leadership became involved simply to manage the operational disruption.

The story illustrated an important point: deliverability problems rarely remain isolated within technical teams.

A serious blocklist incident can quickly lead to customer support escalations, emergency IT involvement, leadership intervention, lost revenue opportunities, delayed projects, and damaged customer trust.

An especially honest moment during the webinar came when Lauren Meyer noted that, in some situations, a Spamhaus listing is the only thing that finally forces organisations to take deliverability issues seriously internally.

Melinda Plemel agreed, adding that during her time on the sender side, there were situations where she “was honestly praying for that Spamhaus listing” because it finally created enough urgency internally to address problematic sending practices.

Internal Education Matters

Another particularly practical section of the webinar focused on internal communication and stakeholder management.

Lauren Meyer explained that deliverability and compliance teams often struggle because they communicate in technical language, while other departments operate with completely different priorities. Sales teams focus on acquiring large customers, marketing teams focus on lead generation, and executives focus on revenue and growth.

Instead of simply blocking risky behaviour, Lauren encouraged teams to explain deliverability risks in terms each department understands. One practical example discussed during the webinar was giving sales teams lightweight compliance checklists early in the customer acquisition process, helping them identify problematic senders before significant resources are invested.

The speakers repeatedly emphasised that improving deliverability outcomes requires collaboration across departments — not just technical expertise.

Trusted Communities Matter More Than Ever

The webinar also addressed the growing amount of conflicting deliverability advice shared online, particularly on social media platforms and LinkedIn.

Both speakers encouraged senders to rely on trusted industry communities, conferences, and long-established experts rather than chasing quick fixes or unverified tactics.

One practical recommendation from the discussion was simple: pay attention to who is participating in the conversation. Are recognised industry experts engaging with the discussion, or are the comments filled with unverified opinions?

Resources mentioned during the session included:

• CSA resources and webinars
• Spamhaus educational material including: Why do reputable ESPs still get bad traffic?
• Word to the Wise
• Al Iverson’s Spam Resource
• Lauren Meyer’s Send It Right
• EmailGeek Slack communities
• industry conferences and deliverability events

The discussion reinforced how collaborative the email industry remains, particularly among experienced deliverability professionals willing to share knowledge and guidance.

Key Takeaways

Several important lessons emerged from the webinar:

• email best practices continue to evolve rapidly
• authentication alone is no longer enough
• abusive actors increasingly mimic legitimate sending behaviour
• shared infrastructure creates shared reputational risk
• traditional engagement metrics provide only part of the picture
• spam traps often indicate deeper data quality issues
• deliverability problems quickly become operational and financial problems
• strong compliance and abuse prevention processes are long-term business investments
• collaboration and trusted industry communities remain essential

Deliverability Requires Continuous Adaptation

One of the clearest conclusions from the webinar was that deliverability is no longer something organisations can simply “set and forget.”

Mailbox providers continue refining their filtering systems, abuse tactics continue evolving, and sender reputation signals continue becoming more sophisticated.

Legitimate senders who stop adapting may eventually find themselves facing problems — even when they believe they are following best practices.

Or, as Melinda Plemel succinctly summarised during the discussion:

“If you don’t change with it, you’re going to get caught.”