How do I know if I’m on a SPAM Blacklist?

Email Blacklists – Is Your Email Blocked?

We often get the question: "How do I know if my company is on a SPAM Blacklist?" Followed by "If my company is on a SPAM blacklist, how the heck do we get unlisted?  

There are over a hundred SPAM blacklists – private corporate spam firewall and private blacklists, but luckily there are a few tools that can help you check most of them quickly. We've included here a handy reference with the sites that you can use to check your blacklist status. We've also highlighted several of the more prominent SPAM blacklists.

First and foremost – we'll stress that our series on checking and removing your email servers from a blacklist assumes that you're not spamming — and you've first taken appropriate corrective steps to clean up your email list and email marketing sending practices. 

What you need to know to check Blacklist status

Most SPAM blacklists track the reputation of the email servers that are being used to send outgoing email for your domain.  So to get started – if your company uses its own servers to send email campaigns, you'll need to know the IP address(es) of the email servers sending emails for your company. If you use an SMTP email service like Sendgrid,  or if you use a shared email server form a hosting provider like GoDaddy, then you'll need to know the IP addresses of their servers or specifically – what IP addresses are being used for your company's email.  Finally – if you are sending through a top Email Service Provider like Pinpointe, you can probably rest assured that the IP address are likely to be 'clean' – but nontheless the tips here all still apply with respect to checking if your email server is blacklisted.

How Blacklists Monitor Reputation

Several SPAM blacklists monitor the sending reputation of more than just the email server IP address.  They also track senders reputation by sending domain, and /or by DKIM identity, and virtually all blacklists now share reputation information among themselves in near real-time.  

If you'd like to learn the inner details about how a SPAM firewall works including what spam filters actually check in order to determine yoru sender's reputation (and whether you're email will get to the inbox), check our webinar – "How a SPAM Firewall Works".  

Different Types of Blacklists

I'll break these down into 3 general types of blacklists:

Public Blacklists.  These are blacklists that are publicly available and can be directly checked.  Several blacklist checking tools are available to quickly scan the top 100 or so publicly visible blacklists

Enterprise SPAM Firewalls.  These are really a subset of the above – the real-time, network-distributed blacklists that ar maintained by SPAM firewalls used primaily by Corporate IT departments. These include Barracuda, Cisco's Ironport, McAffee and more.  We've included a table below with a list of Enterprise SPAM firewalls with the links you to their sites so you can check if your IP (or domain) is on their blacklist.  

Private / ISP Blacklists. Most major ISPs maintain their own internal blacklists.  In some cases you can query them; in others, you can't. For example, Gmail Hotmail (now Outlook.com) and Yahoo maintain their own internal blacklists within their spam filtering technology.  You can't directly querry either of these lists (they both have feedback loops for high volume senders and ESP's – but that's a different topic).  In order to determine if you're blocked – you'll have to monitor your email server logs.

Checking Public Blacklists

There are over 120 notable public blacklists. A handful are serious and can cause a dramatic fall off in your delivery.  Most of the rest will impact delivery over a much smaller scope. Here are 3 sites where you can check the important (and some not so important) public blacklists if you know your servers IP address(es).  NOTE: – these are blacklist check  aggregators – don't send removal requests to them directly:

  • multi.valli.org/lookup.  This is one of our favorites because it's pretty comprehensive and checks 120+ blacklists. 
     
  • www.mxtoolbox.com/blacklists.aspx. MXToolbox is free. Enter the email service IP addresses and mxtoolbox checks about 46 blacklists.  
     
  • www.dnsstuff.com/tools. You can check your IP address and your domain here for free.  DNSStuff also offers some pretty cool domain tools. You can check 97 blacklists. Includes other free DNS and network tools too.
     
  • www.dnsbl.info. (Domain Name System Blacklist). Free service. Checks about 88 blacklists quickly.

Webinar - Learn how a spam filter works http://www.pinpointe.com/pinpointe-customers/email-marketing-review-nikon  

   

Blacklists that deserve "special mention"

Spamhaus.org ( www.spamhaus.org)

The big dog.  Probably the most widely used non proprietary blacklist, SPAMHaus.org's mission is to rid the world of unsolicited commercial email ("UCE") by creating and monitoring a network of millions  of  'spam honeypot' email addresses. These are email addresses that are expired, or that never were 'real' recipients that Spamhaus acquires from ISP's. They re-purpose expired domains and rumor has it  - also plant addresses on various websites around Etherspace.  Since these are not 'real people' – the addresses should never end up on an opt-in list, so if you send an email campaign and it ends up in one of Spamhaus' inboxes – clearly your list development practices are not cool.  [Note: Some list vendors develop emails lists - albeit illegally - by scraping websites for email addresses.  This is why you should never us these lists].

Spamhaus then adds the sending email servers to their blacklists. Overall it's a pretty good system but not flawless in our experience. For example, if you are capturing registrant information from your website or from online events, an ill-willed smart-alec can enter a handful of bogus / honeypot address into your list. Your well intentioned campaign gets caught and viola – you are on Spamahaus' [s]hit list.  Solution: Always use double opt-in (most email services providers like Pinpointe provide mechanisms to enforce double opt-in when using their forms to collect subscribers). 

Microsoft Frontbridge (88.blacklist.zap – not a website)

If you find your emails are getting blocked by recipients who are using Outlook, then you may want to review your MTA logs (email server logs) for references to 88.blacklist.zap.  That's Microsoft's older generation internal Frontbridge SPAM filter service that is used to protect aanyone using Outlook, and who has their email configured to use Microsoft's spam filtering service (which is free).   If you have stumbled onto Microsoft's blacklist Your email server log will include an entry such as "550 Service Unavailable; host [xx.xx.xx.xx] blocked using 88.blacklist.zap.  Please forward this message to delist -at- messaging.microsoft.com.  Response time is within 24 hours.  Update – Although this is still used by some customers Microsoft's filters have been substantially updated.  Here's how to get removed from Microsoft Exchange's blacklist.

Uribl.com (www.uribl.com)

URIBL uses 'SPAM honeypots' – just like Spamhaus.org and SORBs do.  In most cases URIBL will age your domain off of their list if SPAM stops.  If you're a repeat offender – don't expect them to be too cooperative until all (offending) traffic stops and you clear your domain with URIBL by confirming that the offending problem has been fixed.

UCEProtect (http://www.uceprotect.net/en/rblcheck.php)

UCE Protect deserves mention because its one of the few major SPAM blacklists where you can blacklisted because of something someone else did.  UCEProtect monitors and tracks the SPAM reputation of individual email server IP addresses, and factors in the reputation of other servers in the same network as well as servers hosted by the same ISP. UCEProtect's 'guilt by association' approach means your servers can be blacklisted if your ISP hosts other systems that are caught for SPAMMing.

Here's an example. Your company's servers are hosted with 'hosting-company.com' (we made that up just on case you weren't sure). Now, assume 'hosting-company.com' hosts hundreds of thousands of companies and has 30,000 IP's under management, including your one, lonely email server. One day, a SPAMMER who is a customer of 'hosting-company.com' sends a few email campaigns that are UCEPRotect flags as SPAM. UCEProtect flags the offending IP, but it also flags the adjacent IPs within the same network. If there are enough SPAM complaints from adjacent IPs, the complaints 'escalate' and can cause an entire network block or even an entire ISP's address block to be blacklisted.

UCEProtect's logic (along with some very valid and convincing data) is that – ISPs who host one or two SPAMMERS probably host dozens or hundreds of spammers.

SORBS  (http://www.sorbs.net)

Thankfully (in our opinion) SORBs is no longer as critical as it once was since they were acqured by Proofpoint. SORBs creates SPAMtraps or honeypots by recycling expired domains – just like Spamhaus.  If you're maintaining good list hygeine and using proper optin practices – then SORBs does a great job catching spammers that buy lists or scrape addresses off of websites.  In the past however – we caught them converting dead domains into spamtraps in a time window of less than 4 weeks. SORBs is checked by the sites mentioned in the first section.

Email Marketing Case Study - Hunter Douglas automates emails for 1,2000 distributors

Corporate / Enterprise SPAM Firewalls and Blacklists

Companies that make SPAM firewalls each maintain their own network of systems that share SPAM information. All of them track results based on IP address; several also track history based on URLS within emails, the sending domain and sending email addresses. The most common Enterprise SPAM firewall companies and their respective SPAM databases are summarized here:

Vendor SPAM Database / Repository IP
Address 
Links
URLs 
Domain 
Proofpoint:

https://support.proofpoint.com/rbl-lookup.cgi

YES NO NO
Cisco / Ironport:

http://www.senderbase.org 

YES NO YES
Fortinet:

http://www.fortiguardcenter.com/antispam/antispam.html

YES YES YES
Barracuda:

http://www.barracudacentral.org/lookups/ip-reputation

YES NO YES
McAfee:

http://www.trustedsource.org

YES YES YES
Symantec:

http://www.symantec.com/business/security_response/
landing/spam/index.jsp

YES NO NO
Trend Micro

http://www.mail-abuse.com/cgi-bin/lookup

YES NO YES
Watchguard

http://www.reputationauthority.org/lookup.php

YES NO YES
Sophos

http://www.sophos.com/en-us/threat-center/ip-lookup.aspx

YES NO NO
         

 

 

 


 

 

UPDATE: More Blacklists to Check

Here are some additional resources for checking whether your email servers are blacklisted:

About Pinpointe

Pinpointe's Blog Editor and contributor

, , , ,

  • Ali

    Fast and best tool for blacklist check is http://www.adminkit.net/dnsbl.aspx because it displays direct links for removal urls if IP address is blacklisted

    Regards

  • System.Admin

    Here is another Multi-RBL Checker you can use:
    http://www.unifiedemail.net/Tools/RBLCheck/Default.aspx

  • http://mxtoolbox.com/blacklists.aspx Wendy@mxtoolbox.com

    Please feel free to use our Blacklist Lookup Tool to see if you are listed on a Blacklist. We also provide a Blacklist Protection service, for more information, email us at info@mxtoolbox.com.

    Thanks!
    Wendy