How to Check If Your Sending IP Is Blacklisted

A single listing on the wrong reputation database can route your mail to the spam folder or get it rejected outright. The trick is figuring out which lists actually contribute to that decision, which ones you can ignore, and how to read what each one is telling you.

What an "email blacklist" really is

The technical name is DNSBL — a DNS-based blocklist. Underneath, it is just a database of IP addresses observed misbehaving (sending unwanted mail, hosting open relays, originating malware), exposed over the DNS protocol so that any mail server can query it during the SMTP handshake. The lookup against, say, zen.spamhaus.org returns either NXDOMAIN (clean) or an A record like 127.0.0.4 (listed, with a code that explains why).

Dozens of DNSBLs exist. Only a handful actually drive blocking decisions at the major receivers. Knowing which to focus on saves hours of pointless delisting paperwork.

The lists that move the needle

Spamhaus

The most consequential reputation database in the industry. Operated as a non-profit since 1998 and consulted by tens of thousands of mail servers, including a substantial fraction of the consumer mailbox providers. Spamhaus exposes several sub-lists:

• SBL (Spamhaus Block List) — manually curated list of confirmed spam sources. Listings here usually trace back to mail hitting Spamhaus's own spam traps.
• XBL (Exploits Block List) — compromised hosts: open proxies, infected machines, malware senders.
• PBL (Policy Block List) — address space that should never be sending mail directly to the public internet (residential ranges, dynamic pools).
• ZEN — the union of the others, which is what most receivers actually query.

A Spamhaus listing is a real problem and it must be fixed. Almost everything else can wait.

Microsoft (SNDS and JMRP)

Microsoft does not publish a public DNSBL. It runs its own internal reputation database that controls inbox placement at Outlook.com, Hotmail, Live.com and Office 365. The SNDS portal at sendersupport.olc.protection.outlook.com shows you exactly what Microsoft thinks of each of your sending IPs — "Green," "Yellow" or "Red," along with complaint and trap-hit data. JMRP is the matching feedback-loop programme for complaint signals.

Google Postmaster Tools

The Gmail equivalent. It does not return a yes/no listing verdict, but the IP and domain reputation panels make Google's opinion of you visible. We have a separate walkthrough dedicated to it.

The lists that get more attention than they deserve

• UCEPROTECT Levels 2 and 3 — lists by /24 or /16 ranges rather than individual IPs. Almost no major receiver consults them. Do not pay UCEPROTECT for fast delisting; the listing is meaningless and the payment is essentially a private tax.
• SORBS — relevant ten years ago, much less so now.
• Barracuda Reputation Block List — only consulted by Barracuda customers. Worth checking if you mail enterprise.
• ivmSIP, KISA-RBL, JIPPG and similar — long tail of regional or low-quality lists.

The fastest way to check

For an ad-hoc check, paste the IP into one of:

• MXToolbox Blacklist Check — queries roughly 90 lists in a single sweep.
• Spamhaus IP and Domain Lookup — the canonical source for Spamhaus.
• multirbl.valli.org — over 200 lists, useful for periodic full audits.

How to query DNSBLs from the command line

For monitoring or scripting, query the DNSBLs directly. The convention is to reverse the IP octets and prepend the result to the blocklist hostname.

To check whether 198.51.100.20 is on Spamhaus ZEN, query 20.100.51.198.zen.spamhaus.org:

$ dig +short 20.100.51.198.zen.spamhaus.org
127.0.0.4

An A record means listed; NXDOMAIN means clean. The exact value of the A record encodes the reason:

• 127.0.0.2 — SBL listing.
• 127.0.0.3 — SBL CSS (Compromised Subnet Search).
• 127.0.0.4 through .7 — XBL, by exploit category.
• 127.0.0.10 or .11 — PBL.

For bulk queries across multiple lists, the open-source rblcheck and checkip CLIs are convenient.

What to do if you appear on a list

1. Do not panic and do not pay. Reputable lists do not charge for delisting. If a list demands money, it is by definition a low-quality list and you can almost always ignore it.
2. Investigate the cause. Audit recent traffic from that IP. Compromised account? Hijacked relay? Bounce-rate spike? You will not stay delisted if the underlying behaviour is still happening.
3. Fix the root cause. Disable the abused account, patch the relay, throttle the over-volume customer, scrub the list that drove the bounce spike.
4. Submit a delisting request. Each list has its own form. Spamhaus will ask what was sending and what you have done to prevent recurrence. Be specific and concise.
5. Wait. Most automated lists clear within 24 to 48 hours of remediation. Spamhaus SBL listings take longer because they are reviewed by humans.

Building your own continuous monitoring

If you operate more than a couple of sending IPs, monitor your DNSBL status continuously rather than reacting after a customer complaint. A simple cron that queries each of your IPs against ZEN, the Microsoft reputation API and a few key lists once an hour, then alerts on a state change, will catch the vast majority of issues before they snowball. Most monitoring SaaS — Datadog, Grafana Cloud, even uptime services like UptimeRobot — can do scheduled DNS checks.

Avoiding the listing in the first place

The cheapest blacklist remediation is the one you never have to do. The basics that keep you off the major lists:

• Strong SPF, DKIM and DMARC on every sending domain.
• Forward-confirmed reverse DNS on every sending IP — see our PTR guide.
• List hygiene: validate before sending, suppress on first hard bounce, honour unsubscribes within a day.
• Per-domain throttles so a single bad customer cannot poison your entire pool.
• An IP warmup for any new sending address.

Get those right and the only listings you will ever see are the long tail of false positives that nobody real consults.