The Spam Blacklist Checker queries several spam blacklists and indicates if the provided domain name/IP address has been blacklisted (eg, flagged as belonging to a spammer).
Provide one of the following:
- A domain name
- An IPv4 address (eg, 192.168.1.1)
- A Base-10 IP address.
If you provide a Base-10 IP address, check the Convert Base-10 to IP box.
When to Use It
If you aren’t receiving mail from a sender, or you’re sending mail that’s not received, it might be because the messages’ originating domain name/IP address has been added to one or more spam blacklists. The Spam Blacklist Checker helps you determine if this is the case.
According to the lists, spam is merely unsolicited bulk email — the content of the messages is irrelevant, and the blacklists don’t distinguish between messages from a legitimate company promoting a new product, a nonprofit reaching out to donors, or “Nigerian princes” seeking financial assistance.
What the Spam Blacklist Checker Does
The Spam Blacklist Checker queries the following using the provided domain name or IP address to see if there are any matching results:
All of these lists use different data sets and methods for identifying problematic senders, so a domain name/IP address may appear on some, but not all lists. Furthermore, these lists do not block messages — they provide information to email servers which do block messages from what appear to be spammers.
Though you can search the records with domain names, spam blacklists use IP addresses only — changing the domain name while keeping the IP address will not change the results.
A Deeper Look
The following is a high-level overview of the criteria used by the individual lists queried by the Spam Blacklist Checker.
The SpamCop Blocking List (SCBL) generates lists of problematic senders in two ways:
- User reports
- Use of spamtraps, which are non-existent email addresses set up by SpamCop. Because SCBL never uses these addresses, messages that come into these inboxes result from harvesting or the process of mass gathering of email addresses in an attempt to find valid inboxes.
SCBL also uses information from queries originating from sites using SCBL. SCBL gives reputation points for queries regarding mail that isn’t spam. It weights new mail most heavily, and it drops IP addresses which haven’t been reported in 24 hours.
If you look up an address that SpamCop has on its list, SpamCop will return an IP address (typically 127.0.0.2). The value itself has no meaning.
Spamhaus maintains five advisory lists, three of which are used by the Spam Blacklist Checker: SBL, XBL, and ZEN. The Spam Blacklist Checker does not directly use the PBL and CSS lists.
The Spamhaus Block List (SBL) lists “IP addresses from which Spamhaus does not recommend the acceptance of electronic mail.” Inclusion is based on spamtrap email addresses (addresses that have not been provided to anyone) and third-party intelligence.
The Exploits Block List (XBL) lists “IP addresses of hijacked PCs infected by illegal 3rd party exploits.” Addresses that send spam get included when an analysis of their connection indicates the presence of malware or an open proxy.
The Policy Block List (PBL) lists addresses that “should not be delivering unauthenticated SMTP email to any Internet mail server except those provided for specifically by an ISP for that customer’s use.” A listed address isn’t necessarily sending spam. We don’t query this list directly, but it’s included in the Zen list.
The CSS list is a subset of the SBL list that covers “IP addresses that are involved in sending low-reputation email.” This list can’t be separately queried, but it’s included in the SBL and Zen lists.
The Zen list combines all the Spamhaus lists and is the one Spamhaus recommends for most situations. It advises against using it in combination with other Spamhaus lists since that would be a waste of resources due to the duplication of results returned. This list returns an IP address which tells you which list the offending address was found on:
- SBL: 127.0.0.2
- CSS: 127.0.0.3
- XBL: 127.0.0.4-7
- PBL: 127.0.0.10-11
Surriel runs the Passive Spam Block List. It relies entirely on spamtraps to receive unsolicited mail. Whitelisted sources and bounces are filtered out. It will generally give a response of 127.0.0.2 if an address provided is blacklisted.
What If You’re Blacklisted?
You might be disconcerted to discover that your domain name/IP address is on a spam blacklist, especially if you are a legitimate sender of non-spam email. There are many possible explanations for this.
Spam could be coming from a related account, even if you don’t know it. One of your users, coworkers, partners, and so on who have access to your email setup could be spamming others without your knowledge. Alternatively, a malicious party could have gained unauthorized access to your account.
If you use a large mailing list, that could be risky. If people opt-in without being aware that they have, or they forget that they have, they may report the messages they receive as spam. This can also happen if they aren’t promptly removed from your mailing list when they unsubscribe. One way to handle the issues that come up with large mailing lists is to use a mailing list service or (at the very least) dedicated address list management software.
There could be outgoing mail that doesn’t come from you or your users. This could be spam being sent out by malware on your computer. If one of your users sets up a forwarding address, and your system forwards spam to it, it will look like you are spamming. If you use a dynamic IP address, the spam might not be from you at all, but from a spammer who had (at one point in time) used that very same IP address.
If you are blacklisted, you can then contact the blacklisting organization and ask to be removed. Some, such as Surriel, will do it just for the asking; others require evidence that the problem has gone away.
If you want to check a large number of domain names or IP addresses against blacklists, please don’t create a script that uses the Spam Blacklist Checker. It’s very inefficient for both of us. Check the information on the sites of the lists we use to learn how to query the lists directly.
Notes of Interest
Spam first became a serious problem in the 1990s. Spam blocking lists date back to 1997, with the creation of the Real-time Blackhole List (RBL) by Paul Vixie and Dave Rand, which was a part of the Mail Abuse Prevention System (MAPS).
The use of zombie computers (bots) increased drastically in the 21st century. It significantly increased the number of computers sending spam, making it harder to identify and block offenders. Spammers and spam blockers have been in an arms race ever since.