Protecting Your Good Name: What to Do When Your Email or Website Flagged as “Dangerous”

Print Friendly


Was your website flagged for malware?

As a social media marketer, you know the importance of your company’s reputation. You spend a lot of time working to build up and maintain a good name through Twitter, Facebook and possibly your blog and website. You know that in the age of social media direct engagement is key to building customer trust and loyalty.

But sometimes you may think you’re doing all the right things and still experience a hit to your reputation. Unexpectedly, you may get word from one of your customers or contacts that your latest email campaign is being flagged as potential spam or that your website is being flagged as potentially dangerous. You haven’t done anything differently and yet all of a sudden you now have what feels like an accusation against your good name out there. Being concerned with your reputation, you want to clear that up as quickly as possible. Today, I’ll talk about what it means, what to do and how you can try to prevent this from happening.

Background Checks

Like it or not, we know that in the physical world we live in a time of near constant surveillance and background checks in the interest of better security. What you may not realize is that this extends to the online world as well. Just like employers perform regular background checks and the TSA maintains “watch lists”, so there are background checks and watch lists on the Internet. In this case, these focus primarily on the two things that criminals use to carry out attacks: email and websites.

As a regular person, you don’t need to understand the details of how this all works (and you don’t want to, trust me). The important thing to understand is that companies and organizations worldwide are constantly monitoring for malicious email and website activity and compile and share information when potentially dangerous activity is detected. To get an idea of how much work this is, at Trend Micro in just one day, we block 250 million threats against more than 16 billion requests. This is all happening behind the scenes and the only time you see anything is when email or websites are flagged as potentially dangerous.

This is great when this international cooperative framework protects you against spam or malicious sites, but it can be daunting and scary when you find yourself caught up in it. After all, you’re not a spammer or a scammer, so why is this happening to you?

Why me and what should I do?

The simplest answer as to why you’re being flagged is that there’s something about your site or email that seems or actually is (or was) malicious. Here it’s important to understand that legitimate websites are compromised all the time to serve up malware without the owners knowing it. You can even do a check and come up clean because attackers will set up shop on sites, serve malware and then leave. It’s part of the cat-and-mouse game between attackers and defenders. With email, even legitimate email can be seen as spam if it doesn’t conform to certain industry standards to help identify it as not-spam.

Really though, the specific why isn’t important to you: what is important is getting your site or your email off these lists as quickly as possible. And for that there IS a simple answer: contact your website or email provider right away and have them address the issue.

This may seem counter-intuitive: your first response naturally is going to be to go to whatever company or service you’ve found out is flagging your email or site. But this is the wrong way to go for a couple of reasons. First, if you’re being flagged by one company or service, the odds good are that whatever is causing you to be flagged by them is also being flagged by others. So approaching the reporting services directly can quickly turn into an exhausting game of whack-a-mole as you go from one to the next. Second, because of the highly technical nature of this problem, resolving it will happen more quickly if you have technical experts handle it. Third, resolving the issue may very well require some technical action: for instance your website may have a SQL Injection or cross-site scripting vulnerability or your email isn’t configured to use DKIM correctly. If you don’t know what those are and how to resolve them, you won’t be able to resolve the situation: best to leave it to the experts.

An Ounce of Prevention

Anytime you refer someone to support there’s natural resistance because support experiences can be poor. But because this is a serious issue, this is the kind of situation where you should expect a good level of service. And if you don’t get good service from your provider in this situation, that points to a problem in itself, and brings us to how you as a social marketer can best prevent these situations. Ensure that you’re trusting your online reputation to trusted, quality providers. The mark of a quality provider is they will help you. And if they don’t help you: that may actually be part of your problem.

One reason that seemingly innocent sites get caught up in these situations is that while they themselves aren’t malicious, they sometimes are using providers who have numerous sites that are malicious or clients engaged in spam. Whether it’s because they’re shady and happy to make money off of malicious actors or they’re simply incompetent and leave their infrastructure open to abuse, your site can suffer nonetheless. Think of it this way: if you open your store in a crime-ridden neighborhood, people are going to avoid your business. So to with your hosting and email: large blocks of sites on sketchy providers are regularly flagged because they’re in “bad neighborhoods”. And if you’re doing business with someone like that, you’re in a “bad neighborhood”.

Back in September, I talked about how it’s best for you to host your blog using a professional service. This is another area where it makes sense to go the professional route and invest in quality service. In my experience, there’s a direct relationship between the quality of the providers and issues like this. So the best way to avoid these problems is to ensure you’re getting good, quality hosting and email services. You may pay more in money, but you’ll save more in terms of your reputation. And as a social media marketer concerned with reputation, you know that keeping a good reputation really is priceless.

Christopher Budd
This monthly Social Media & Online Security column is contributed by Christopher Budd. Christopher works for Trend Micro, an Internet security company, and is an expert on communications, online security, and privacy. Christopher combines a former career as an Internet security engineer with his current career in communications to help people bridge the gap between the technical and communications realms and “make awful news just bad.” Before Trend Micro, he worked as an independent communications consultant and, prior to that, as a ten-year veteran of the security response group at the Microsoft Corporation. +Christopher Budd
Christopher Budd


Communications professional focused on online security/privacy, technology, social media and crisis communications.
@GavinDonovan @marknca @LinkedIn seems to always be trying to be more than it is. Reminds me of @google and Google+ - 1 month ago
Christopher Budd
MYS - Free Preview - JK


  1. says

    I agree Christopher. You’ll regret investing your money for unreliable company. I do believe that choosing the right company who makes good services really matters. Business is a risk, so why not opt for the best and have better and satisfying results with the right company. :)

Please Leave a Comment!