Managing domain reputation

Managing domain reputation

This article describes best practices for managing your domain reputation to ensure that your email is considered to be trustworthy.


Applies to: Administrator
Difficulty: Easy
Tools required: DNS host admin access

Manage domain reputation

Domain reputation, in terms of email, is a measure of how trustworthy others believe your domain’s email to be. Every email recipient maintains their own specific measure of reputation, but there are many industry-accepted recommendations that domain owners can follow to build a solid reputation. As more and more email providers are strengthening their rules for what is considered untrustworthy, failure to follow these recommendations might lead to your mail being considered spam, rate limited, or rejected.

The three pillars of any domain reputation strategy are Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC). These features are designed to provide two basic things:

A method of verifying that the email comes from a legitimate source specified by the domain owner.
A way for you, as the domain owner, to tell email providers what to do with messages that do not meet those legitimacy requirements.

Individually, these three pillars are limited in how much they can do, but together they form a fairly clear process for identifying legitimate email from your domain. Providing these clear indicators is fundamental to establishing a good domain reputation. Rackspace recommends the following 1, 2, 3 approach to establish domain reputation:

  1. Create an SPF record. SPF is a DNS record that tells the world where your email is authorized to come from. This record typically contains entries for your email hosting provider and any email services you use, such as ticketing systems, Customer Relationship Management systems (CRMs), and bulk sending services.
  2. Enable DKIM. DKIM applies an encrypted signature that is specific to your domain on every message sent from your domain. Most email service providers offer DKIM as a feature of their service. Typically, each sending service listed in your SPF record has its own DKIM signature that it adds to your email.
  3. Create a DMARC policy. DMARC is built on SPF and DKIM. It combines the validation results from both SPF and DKIM, and adds a “sender alignment check” to protect against many forms of spoofing. The policy part of DMARC is what allows you, as the domain owner, to specify what to do with email that fails these checks. It also includes a reporting aspect that is critical to long-term management of your domain’s reputation. This reporting gives you visibility into the email being sent as your domain: where it’s coming from (SPF), whether or not it’s properly signed (DKIM), and whether or not it is passing your DMARC policy.

Because many companies have multiple domains and use many services that require email, managing reputation across several domains can become complicated. Here are some general recommendations for managing your business email needs across many domains. The following sections offer some general recommendations for managing your business email needs accross many domains.

Separate your email needs

You should always separate mail by purpose and class (marketing, sales, transactional, person-to-person, and so on) by using specific subdomains wherever possible. The following table shows different email purposes and their suggested domain naming conventions:


In addition to separating email by purpose, the following recommendations help to properly manage your domain’s reputation:

  • Never share DKIM keys between services. Each source should have its own DKIM key. Most services offer this as a feature. If a subdomain has multiple sending sources, then it has multiple SPF includes and DKIM keys. This is perfectly normal.
  • Segregating emails enables you to lock down each mail stream, as well as isolate each mail stream from any issues the others might have. This is important when it comes to managing the sending reputation of your different email sources. When it comes to managing your domain’s (and subdomain’s) reputation, different classes of email have different considerations.
  • Configure SPF, DKIM, and DMARC for each subdomain.
  • Keep your sending sources segregated and manageable for both SPF and DKIM records.

Person-to-person corporate mail is special

For person-to-person corporate mail, consider the following best practices:

  • Reserve your primary domain for only person-to-person email (your employees).
  • Don’t use vanity addresses on your primary domain for automated systems, such as for your ticketing system.
  • Configure an umbrella DMARC policy on the root domain, and create subdomain-specific DMARC policies based on the specific requirements and class of mail it represents.

    For example, you might use p=quarantine on your primary domain (person-to-person email), but p=reject on your outbound-only transactional email (support tickets).
    Taking this step also ensures that the root domain catches all DMARC reporting that might be missed or misconfigured at the subdomain level, as well as catching any unauthorized subdomains attempting to spoof your brand.

How to fix the reported Attack Page by Google

How to fix the reported Attack Page by Google

Google is policing the content presented in its search engine results. The “Reported Attack Site!” warning page you see on your site is because Google has detected malicious content on your site. In short, your site has been hacked.

To find out the details of what Google found, click on the button titled “Why was this site blocked?“. A new page will display a breakdown of questionable content, including a list of affected web pages and the infections on those pages.

To learn more, please visit:

Fixing the Problem

Change your Password

The first thing you need to do is change your cPanel/FTP password. Since the Google warning might also block access to your cPanel, you should try accessing the site via the server’s hostname.

To open a support ticket, please log in to your Trafficpullz Please login to your Galaxy Dashboard::

Send the ticket to the Support department, and include the primary domain name on your account as well as the request to reset your cPanel password. Please indicate you are doing this because your site was hacked and you need a *new* password, not the original cPanel password reinstated.

Remove Affected Files

You will need to remove the affected web pages (and other files) by:

  1. Deleting or cleaning the pages/files
  2. Uploading uninfected copies of the pages/files to your site via FTP.  Despite the Google block, you should still have FTP access to your site.
  3. If you need assistance with the cleanup we would recommend you look at our SiteLock Service:

NOTE: If you are using Soholaunch, WordPress, Joomla or a Content Management System that requires you to log into an Admin section of your website, you may not be able to restore your site until after Google removes the warning (you will not otherwise be able to use the proper tools).

If you want to be absolutely sure all the malicious content is gone, you can request an “account reset”. This will erase *everything* on your account: web pages, emails, databases, settings, etc. You may then upload a new copy of your site and recreate your email addresses.  Please make sure that you have a backup for your site before requesting this.

To request an account reset, please submit a ticket.

To open a support ticket, please log in to your Trafficpullz Galaxy Dashboard:

The ticket should go to the Support department, and should specifically state that you want an account reset. Following that, you will receive an email asking you to confirm that you want your account reset and you will need to reply to this email to confirm some information. Once confirmed, our Tech Support department can proceed with your request.

Request a Review

From Google:

You can request that Google take another look at your site. You will need to do this from a Google Webmaster Tools account. If you do not have one, you can create a new one for free here:

You will need to upload a web page with a special code that will allow Google to verify that you are the legitimate owner of the account.  Once that’s been done, you can request a review from inside your Webmaster Account by following these steps:

On the Webmaster Tools Home page, select the site you want.
Click “Diagnostics” and then click “Malware.”
Click “Request a review.”

The review will be done within the next 24 hours. If nothing malicious is found on your site, Google will remove the warning. If more malicious content is found, the warning will remain in place and the report page will be updated to reflect the new discoveries.

From StopBadware:

The advantage to using StopBadware is that you do not have to create a Google Webmaster account in order to have the warning removed. To request an independent review by StopBadware (instructions copied from

  1. Search for your site in the Badware Website Clearinghouse:
  2. Find your site in the search results and click the link for your site. You will be taken to the report page for your site.
  3. Click the “Request an independent review of partners’ findings” button underneath the “Current Activity” section of the report.
  4. Fill out and submit the review form.

Please note: As part of the review process, information submitted in the review form will be shared with Google.

Change All Remaining Passwords

Once the warning is removed, please log in to your cPanel and change any other passwords you have. For scripts like Soholaunch, WordPress, Joomla, etc., you will need to log in to the website’s Admin area to change the passwords.

      1. Log in to your Trafficpullz dashboard:
      2. Click on “My cPanel”. If you have more than one domain associated with your HostPapa account, click on the appropriate domain link, then enter your cPanel password if required.

Ignoring The Google Warning:

We strongly suggest you do not select this option.
There is a tiny text link on the Google Warning page that states: “Ignore this warning”. If you click on it, you may be able to access your site but you will expose your computer to whatever has infected your site. If it is a new form of malicious software, there is no guarantee that your anti-virus software will protect you.

Need Help? Chat with us