Photo by Taylor Vick on Unsplash
A campaign that was getting 28% open rates is suddenly getting 4%. Bounces tripled overnight. Your reply rate flatlined. Support is asking why prospects say they never got the email.
You’re probably on a blacklist.
Here’s how to figure out which one, what it actually means, and what you can do about it. Plus the harder truth: most blacklist problems are list quality problems wearing a costume.
The blacklists that actually matter
There are over a hundred public DNS-based blocklists (DNSBLs). Most are irrelevant. A handful drive almost every real deliverability problem you’ll encounter. The big four:
Spamhaus. The most influential RBL in existence. Run by a UK-based nonprofit. Used by Microsoft (Outlook, Hotmail, Office 365), most enterprise spam filters, and a long tail of ISPs. Spamhaus runs three main lists:
- SBL (Spamhaus Block List): IPs of known spammers.
- XBL (Exploits Block List): IPs of compromised machines, open proxies, infected hosts.
- PBL (Policy Block List): residential IPs that shouldn’t be sending mail directly.
If you’re on Spamhaus, you have a real problem and you’ll see it in your bounce rate immediately.
Barracuda Reputation Block List (BRBL). Powered by data from millions of Barracuda spam filters in production. Strong influence on corporate inboxes. Less aggressive than Spamhaus, but a Barracuda listing will tank your B2B deliverability.
SORBS. Long-running and broad. Multiple lists for different problems (DUHL for dynamic IPs, SPAM for confirmed spam sources, etc.). Less critical than Spamhaus but still consulted by many filters.
SURBL and URIBL. Different breed: these list domains (URLs) that show up in spam, not sending IPs. If you’re using a link shortener that’s been abused, or your tracking domain shares infrastructure with bad actors, you can land on one of these. Wide influence.
There are others — SpamCop, MultiRBL, Invaluement, UCEPROTECT (which is famously over-aggressive and most mail servers ignore tiers 2 and 3). Don’t panic about every listing. Panic about the four above.
How to actually run an email blacklist check
The fast version: type your sending IP or domain into one of the multi-RBL checkers. The most-used:
- MXToolbox. Checks ~90 blocklists in one query. Free for ad-hoc checks. The de facto standard.
- HetrixTools. Similar coverage, cleaner output, free monitoring tier.
- Spamhaus directly. spamhaus.org/lookup — checks just Spamhaus lists but tells you exactly which one and why.
The slow version: query the RBLs yourself via DNS. For an IP 1.2.3.4 on Spamhaus, you’d query 4.3.2.1.zen.spamhaus.org as a TXT record. A response means you’re listed. No response means you’re not. Useful if you want to automate monitoring without paying.
The critical thing to check is which IP. If you send via a third-party ESP (Mailchimp, SendGrid, Resend, Postmark, AWS SES), the relevant IP isn’t your office or server IP — it’s the ESP’s sending pool. ESPs monitor their own pools obsessively; if you’re on a shared pool that gets listed, it’s their problem and they’ll move you. If you’re on a dedicated IP and it gets listed, it’s your problem.
If you send your own SMTP, the IP is whichever mail server originated the message. Check the Received headers of a test send to be sure.
IP listings vs domain listings — different fixes
There are two flavors of blacklist problem and they require different responses.
IP listings (Spamhaus SBL/XBL/PBL, Barracuda, SORBS). These say “this IP is sending spam.” The fix is at the IP level: stop the spam, ask for delisting. If it’s a shared pool, the ESP handles it. If it’s yours, you handle it.
Domain listings (SURBL, URIBL). These say “this URL or domain is showing up in spam.” The fix is at the domain level: figure out what link in your emails got listed, stop using it, request delisting. Often the culprit is a shortener (bit.ly, t.co) you can’t control, or a tracking domain shared across senders.
The honest version: domain listings are harder to clear because you often can’t change the underlying behavior. If your tracking domain is on URIBL because some other tenant of your ESP got reported, you wait it out or change ESPs.
What to do if you’re listed
Step 1 is to stop sending. Right now. Every additional message from a listed IP makes the listing harder to remove because you’re adding more “evidence” the RBL operator sees.
Step 2 is to find the cause. The cause is one of four things:
1. You hit a spam trap. 2. You had a sudden volume spike from a quiet domain. 3. Your account got compromised and someone else sent through it. 4. You sent to a list you bought or scraped.
You need to know which before requesting delisting, because every RBL will ask. “I don’t know what happened” is not an acceptable answer — they’ll deny the request.
Step 3 is to submit the delisting request. Each RBL has its own process and its own patience level:
- Spamhaus. Self-service delisting via the Spamhaus lookup tool, but only if they can see the underlying problem is fixed. They’ll check your DNS, your DMARC, your reverse DNS, and they read what you write. A vague request gets denied. A specific one (“we identified that account X was compromised on June 1, we rotated credentials and revoked the API key, here’s our timeline of remediation”) usually clears within 24–72 hours.
- Barracuda. Form submission at barracudacentral.org. Generally fair. Responds within a few days.
- SORBS. Process varies by list (DUHL vs SPAM etc.). Slower than the others; some sub-lists are basically impossible to clear without working through SORBS’ email.
- UCEPROTECT. Don’t bother for tier 2 or 3. Major inbox providers don’t consult those lists. For tier 1, they charge a fee for expedited removal, which is controversial and which we’d skip — wait the seven days for free automatic delisting.
Step 4 is to wait. Even after delisting, the propagation through every downstream filter that mirrors the RBL takes hours to days. Don’t resume full-volume sends the moment you’re cleared. Send small batches to your most-engaged segments first. Watch your bounce rate. Scale up over a week.
Why you got listed (the four real causes)
Almost every blacklist incident we’ve investigated traces back to one of these:
1. Spam trap hits. A spam trap is an email address that was either never used by a real person (“pristine trap”) or was once real and got abandoned (“recycled trap”). Sending to one signals to the RBL that you didn’t get permission and don’t keep your list clean. Recycled traps are the most common cause of listings for legitimate senders. They look exactly like normal addresses until they don’t bounce anymore.
The only protection: verify your list and remove dead addresses on a regular schedule. Recycled traps usually start as regular bounces, then go silent. If you keep emailing addresses that haven’t engaged in 18+ months, eventually one of them will reactivate as a trap and burn you.
2. Sudden volume spikes. A domain that sends 5,000 emails a day for a year and then sends 200,000 on a Tuesday triggers fraud heuristics across every major filter. The fix is just patience — send growth needs to be gradual, ideally less than 30% week-over-week from an established sender.
3. Compromised accounts. Your customer’s account on your platform gets phished. Bad actor uses the API to blast spam through your infrastructure. You get listed for their crime. Standard credential rotation, API key audits, and rate limiting prevent this.
4. Purchased or scraped lists. This is the one nobody admits to but almost everyone has done at some point. You bought a “verified B2B list” from a vendor. 40% of it is dead, 5% is spam traps. You send. You get listed. The only fix is “stop doing that,” which doesn’t help in the moment.
The blacklist you can prevent
Of the four causes above, the only one you can actually engineer your way out of is spam traps. And the prevention is unglamorous: verify your list. Regularly. Especially before any large send.
A clean list won’t catch a determined attacker hijacking your sending infrastructure. It won’t undo a list you bought three years ago. But it will catch the dead addresses, the recycled traps, and the role accounts (info@, admin@, sales@) that disproportionately end up complaining or trapping.
We’ve watched senders get burned three times in a row by the same dead-addresses-on-an-old-list pattern. Every time the answer was the same: clean the list, rotate the IP if you can, restart slow. The senders who clean their list every quarter rarely make it onto Spamhaus at all.
Verify 100 emails free → — find the dead addresses and probable traps before they cost you a Spamhaus listing.
