Email blacklists are everywhere. There are so many of them, chances are your server’s IP address is listed on one of them right now. In fact, some of our own IPs are on some email blacklists as I write this. Am I worried? No.
Many email blacklists tools try to impress you with a long list DNS-Based Realtime Blacklists (DNSRBL). I’ve seen a few tools check nearly 100 lists. In fact, our own email blacklist monitoring service checks 100+ list.
While some smaller list may prove useful on occassion, there are only 8 email blacklists you really need to care about.
The rest of them are so rarely used that your email is not likely impacted by them. So try to resist that human compulsion to get that clean slate on your favorite check tool and focus on the eight most important email blacklists.
You may notice that the Gmail Blacklist and Yahoo Blacklist are not on the list below. Many of your major email service providers do not make their blacklists public. You only know about a blacklist because you get an email bounce.
The 8 Critical Email Blacklists
If your server’s IP lands on these email blacklists, you will almost certainly have delivery issues.
1. Composite Blocking List (CBL)
This list is maintained by Spamhaus. The CBL only blacklists IPs that exhibit malicious behavior, such as spam bots, dictionary attacks, open proxies and similar attacks. We often see IPs on this list after a web application compromise. Many hackers run dictionary or open proxies after hacking web sites. If they hit servers monitored by the CBL, the server’s IP will be added to the list.
CBL Removal Process: Easy
Use the CBL Lookup Utility to check if your IP is listed. If it is, you will be given the option to request removal.
You just have to submit your IP for removal but if your system is still spamming, you will be listed again very quickly.
2. Spamhaus Block List (SBL)
The SBL Spamhaus list includes email from know spam operations, sources and services. They also use spamtraps – email addresses which do not belong to real users. If your server or web site is hacked, spammers will often flood 10,000’s of emails from your system. If these hit an SBL spamtrap, expect your server’s IP to be listed.
SBL Removal Process: Varies
You can use the Spamhaus Blocklist Removal Center to get more details on the removal process. The exact process depends on which lists (SBL, XBL, PBL) that you are on. In some cases, only your service provider who controls the IP range can request removal.
3. XBL Exploits Block List
The XBL mainly lists hijacked IP addresses. While these are typically PCs and not servers, we do see servers listed. If a PC is hacked but uses your server as the SMTP gateway or if your server itself is used as a spam gateway, your server’s IP may land in the XBL.
XBL Removal Process: Easy
You can use the Spamhaus Blocklist Removal Center to get more details on the removal process.
Spamcop primarily uses spamtraps and spam reports to generate a reputation score. If your score drops too low, your IP will be included in their list. They balance spam reports with your reputation points to try to avoid just one or two reports triggering the list. Generally, if your IP is in this list, you have a security issue. A web site or user send out 100’s or 1000’s of spam messages.
Spamcop Removal Process: Automatic
Unlike other providers, there is no manual removal process from Spamcop. Since they use a scoring mechanism, they will automatically remove your IP once you stop the spam source. In our email blacklist removal work, we usually see removals happen within 48 hours after the spam is stopped.
5. Passive Spam Block List (PSBL)
They call the PSBL they easy-on, easy-off blacklist. They do not do the traditional testing and scoring but simply rely on spamtraps. If you server emails their spamtrap, your server’s IP will be blacklisted. You can then easily request removal.
PSBL Removal Process: Very Easy
Just submit your IP to the PSBL removal form and your IP is removed. Note that it may take 24-48 hours for other systems to pick up the change.
Invluement runs a number of lists, ivmURI (domain-based), ivmSIP (ip-based) and ivmSIP/24 (network-based). The ivmSIP is the IP-based blacklist that mainly list IPs with a high spam percentage. If your server is on this list, you likely have an email compromise. ivmSIP/24 is a network based blacklist designed to target spammers who spread their emails over a large number of IPs, so-called snowshoe spammers. While they try to avoid false positives, if your server has bad IP neighbors, you may find your IP in this list.
ivmSIP Removal Process: Very Easy
Just fill out their delist request form and follow the instructions. You will usually see results in 24-48 hours.
This is the blacklist resource that powers the popular Barracuda Anti-spam appliances. They also make their list available for others to use via BarracudaCentral. Many web-hosting systems, such as cPanel use this list by default. Most IP addresses are listed by sending spam directly to Barracuda Reputation System’s detectors. These are honeypots, spamtraps and other systems that allow Barracuda to identify spam sources. As with other lists, your inclusion in their blacklist is often due to a security issue on your server. Check out our Barracuda Blacklist Removal page for more details.
Barracuda Blacklist Process: Very Easy
This is Return Path’s sender reputation system. SenderScore is used by a number of large email service providers, corporate email systems, email marketing service providers and others to score emails. If your score in their system drops below 85, you will likely have delivery issues. Unlike email blacklists, no blocking is done directly based on your SenderScore. Instead, the score is fed into spam identification systems to help determine if your email should be blocked or not. Low scores can also result in your email being routed to the spam folder.
Sender Score Reset: None
Only in exceptional cases will Return Path reset your score. In general, we see improvements within 2-3 days after stopping the spam. In cases of very high spam volumes, a long recovery period may be needed.
Why These Email Blacklists?
Based on research by Return Path, Sendgrid, Proofpoint and other major email service providers, these email blacklists have been shown to influence email delivery to Yahoo!, Gmail, Microsoft and other major providers. If your IP lands on of of the lists, especially Spamhaus’ lists, you will have wide spread delivery issues.
Spamcop & CBL are used by default in many shared hosting control panels like cPanel. If you are dealing with small businesses, they may have their email with a shared host using these email blacklists. WHM/cPanel supports Spamcop and Spamhaus Zen lists. The Zen list is an aggregate list of all Spamhaus list which also includes the CBL.
Barracuda is used by a number of larger businesses and cloud-based email security services. If you are doing business with larger companies, they may be protecting their email with a Barracuda anti-spam appliance. Barracuda also makes their list available to others, so even if the recipient server is not using their appliance, they could still be using their data.
Return Path’s sender score reputation system is used by a number of other filtering technologies. In general, when we see scores below 85, we start to see email delivery issues at a large number of providers, especially Yahoo!, MSN and Gmail. Keeping a healthy sender score is key to good email delivery. I
The Invaluent and PSBL are thought to be feeder tools used by other systems. Some research indicates that Google may take clues from the PSBL.
Are you Listed?
If your server IP is listed, if so, you can use any number of popular blacklist check tools. We regularly use:
If you are listed, you may find that your IP is on the Gmail Blacklist or the Yahoo Blacklist. Both of these email service providers, as well as ATT’s Blacklist, take signals from Spamhaus and SenderScore.
If your IP is not on any of these blacklists and you don’t have email bounces from other lists, don’t worry about it.