Email blacklist
An email blacklist — more precisely a DNS-based blocklist or DNSBL — is a published list of IPs or domains that have been flagged for spam, abuse, or compromise, and that many receiving mail servers consult before accepting your mail.
- DNSBL, RBL, blocklist
- Sending IPs, sending domains, URLs in message body
- Spamhaus, Barracuda, SpamCop, SORBS, SURBL
mxtoolbox.com/blacklists.aspx
What it is
Email blacklists are a 1990s-era invention that has aged surprisingly well. Each list is published as a specially-formatted DNS zone: receivers can check whether an IP is listed simply by doing a DNS lookup, which is fast enough to run on every inbound message. If the lookup returns a hit, the receiver applies whatever policy it has configured — usually outright rejection.
The term "blacklist" is being phased out in favour of "blocklist," but the technical acronym DNSBL (DNS-based Blocklist) remains in wide use. A few hundred blocklists exist; perhaps two dozen carry real weight with the mailbox providers and corporate filters that matter.
The lists that matter
Spamhaus is the most consequential. Its Spamhaus Block List (SBL) targets confirmed spammers, the Exploits Block List (XBL) targets compromised machines, the Policy Block List (PBL) flags IP ranges that should not be sending mail directly, and the Domain Block List (DBL) targets bad domains. Microsoft, Yahoo, and a substantial portion of corporate filters consult Spamhaus on every inbound message.
Barracuda Reputation Block List (BRBL), run by Barracuda Networks, has wide deployment in mid-market corporate environments. SpamCop is complaint-driven — recipients report messages and IPs hitting a threshold get listed. SORBS focuses on dynamic IP ranges and open relays. SURBL and URIBL blocklist URLs that appear in message bodies rather than the IPs that sent them — listings on these can cause Gmail's content scanners to flag your mail even though your sending IP is clean.
How to check
The easiest way is MXToolbox's blacklist check at mxtoolbox.com/blacklists.aspx. Drop in an IP or domain and it queries roughly 80 lists at once. For deeper investigation each blocklist has its own lookup page — Spamhaus's at check.spamhaus.org is the canonical reference. You can also query directly with dig: a lookup of 1.2.3.4.zen.spamhaus.org that returns an answer means the IP 4.3.2.1 is listed.
How to delist
Every blocklist has a delisting process. Most accept a form submission from the IP owner asserting that the underlying problem has been fixed. Spamhaus is the strictest — they will not delist until they independently observe the abuse pattern has stopped, which usually takes a week of clean sending. Smaller lists are more forgiving and often delist within hours.
The hard part is the underlying fix. Before you submit a delist request, identify the cause: a hacked WordPress site sending spam, a compromised customer account, an unsuppressed hard-bounce list, or — most commonly for cold senders — a campaign that drew enough complaints to trigger Spamhaus's automated detection. Without a real fix the relist happens within days.
Why it matters
A Spamhaus listing on your sending IP or domain typically wipes out 30 to 70 percent of your delivery overnight, because so many receivers consult it. URI blocklist hits are subtler — your sending IP looks fine, but Gmail filters your mail to spam because a URL in your template is flagged. Watch URL listings as carefully as IP listings, especially when you swap link-tracking domains.
Related
- Spam trap — the most common reason for a listing
- Sender Score — drops sharply on listings
- Sender reputation — the broader concept
- Why cold emails go to spam
- How NeverSpam helps you stay off blocklists