Did the Spamhaus Blacklist (SCBL) block your email?

If yes, then you likely have serious email delivery issue.  As one of the oldest blacklists, a large number of email service providers and anti-spam tools depend upon Spamhaus.   If Spamhaus blocks your email, you will have wide-spread delivery issues.

The Spamhaus Block List (SBL)  lists IP addresses that send unsolicited bulk email.  The consider an email spam if it is both unsolicited and bulk:

  • Unsolicited Email is normal email
    (examples: first contact enquiries, job enquiries, sales enquiries)
  • Bulk Email is normal email
    (examples: subscriber newsletters, customer communications, discussion lists

In addition to the SBL, Spamhaus also maintains several other lists:

sbl.spamhaus.org

  • Exploits Block List (XBL : xbl.spamhaus.org)
    This is a realtime database of IP addresses of hijacked IPs, botnets, open proxies and similar spam engines.
  • Policy Block List (PBL pbl.spamhaus.org)
    This is a database of end-user IP address ranges which should not be delivery email.   Typically, these are dynamic IPs assigned by ISPs that should never be used to send email directly.
  • Domain Block List (DBL dbl.spamahaus.org)
    This is a list of domains with poor sending reputation.
  • Zen Block List (Zen zen.spamhaus.org)
    This is a composite list that includes results from SBL, XBL, PBL and the Composite Block List.

Regardless of the specific list you are on, you can use the same five step procedure to request removal.

Ready to remove your IP from the Spamhaus Blacklist? 

Here’s how:

    1. Check your IP at the Blocklist Removal Center.
    2. Discover why your IP is on the block list.
    3. Complete the Spamhaus Blacklist Removal Form.
    4. Verify Blacklist Removal.
    5. Summary
TL;DR
Make sure your server is not sending spam, that you authenticate your email, and then submit the Spamhaus Blocklist Removal Form.

1. Spamhaus Blacklist Check

Typically, you will first discover you are on the block list by receiving a bounce with an error similar to this:

Jan 30 14:07:36 psa001 postfix/smtpd[31677]: NOQUEUE: reject: RCPT from unknown[185.143.223.97]: 554 5.7.1 Service unavailable; Client host [185.143.223.97] blocked using zen.spamhaus.org; https://www.spamhaus.org/sbl/query/SBL420772 / https://www.spamhaus.org/sbl/query/SBL442610; from=<spammer@spam.com> to=<someone@somewhere.com> proto=ESMTP helo=<[185.143.223.160]>

The exact error in the email bounce varies as the recipient’s server can set custom messages, but usually, you will see a reference to the http://www.spamhaus.org site or mention of the specific list, usually zen.spamhaus.org.

To confirm your IP is on the blocklist, you need to run a Spamhaus Blacklist check.  If your IP is on the list, you will see the following:

spamhaus blacklist removal

You can see which list contains your IP.   If you click on the records, you will see some important details about the listing and additional removal instructions.

2.  Identify the Spam Source

While Spamhaus may list an IP for many reasons, inclusion is the SBL or XBL is usually do to a security breach.

The #1 reason for Spamhaus blacklisting your server is a security breach, either a compromised user account or web application that is sending spam.

The primary sources of the spam are:

  • Compromised user accounts.
  • Insecure contact forms.
  • Compromised web applications.

Compromised users accounts usually send 1000’s of emails.  Check your server logs for unusual activity.

While security has improved, web contact forms remain a constant source of spam.  If your form sends a reply to the submitter, spammers may target the form.   Some forms have open text fields and send a copy of the message to both the form submitter’s email as well as the notification address.  Spammers abuse these forms by using bots to fill out these forms, so make sure your forms are secure.

Lastly, web applications, especially WordPress, are popular targets.  By exploiting web sites, attackers can either send email via the application or even upload their own spam tools to your system.  You can use malware scanners and log analysis to try to identify these security problems.

Regardless of the exploit method used, you will want to stop the spam before requesting removal.

3. Spamhaus Blacklist Removal Form

Spamhaus requires that the removal request be sent from your system administrator.   The removal process differs based on the list and severity of the listing.   Spamhaus listings do expire, but the expiration can be as long as six months.  If your IP is on the list, you need to contact Spamhaus.

Example Removal Instructions:

Example Removal Procedure
Removal Procedure To have record SBL476037 (141.105.69.51/32) removed from the SBL, the Abuse/Security representative of hostkey.ru (or the Internet Service Provider responsible for supplying connectivity to 141.105.69.51/32) needs to contact the SBL Team by email (use this link) to explain how the abuse problem has been terminated (we need to know exactly how the issue has been dealt with and that this abuse problem is fully terminated). If the abuse problem that caused this listing has been terminated we will normally remove the listing from the SBL without delay.

Problematic IPs

If your IP or your IP range frequently triggers the Spamhaus Blacklist,  you will not be able to expedite removal.  You will need to contact the manager of the larger netblock and have them work with Spamhaus.

4. Verify Spamhaus Blacklist Removal

Send an email — that’s the easiest way to check for removal.
You can run the Spamhaus Blocklist lookup tool  again. The tool should show your IP is not listed.

spamhaus blacklist removal

All green is good!

5. Summary

Removing your IP address from the Spamhaus blacklist is usually easy, but if you fail to stop the spam, your IP will be relisted.  If re-listed multiple times, you may find it difficult to get your IP removed and have to get your ISP or web host to fix the issue.

Blacklisted elsewhere?  See our email blacklist removal posts on for details on how to remove your server IPs from other email block list.

Menu
add_action('init', 'use_jquery_from_google');