How to Check If Your IP Address Is Blacklisted

If your sending IP shows up on the wrong blacklist, your mail will land in spam folders or be rejected outright. Here is how to find out exactly which lists know about your IP, what each one means, and what to do about it.

What an email blacklist actually is

A blacklist (technically a DNSBL — DNS-based Blocklist) is a database of IP addresses that have been observed sending unwanted mail. The list is published over DNS so that mail servers can query it during the SMTP handshake: a quick lookup against, say, zen.spamhaus.org will return either NXDOMAIN (clean) or an A record like 127.0.0.4 (listed, with a code that explains why).

There are dozens of DNSBLs in active use, but a small handful are responsible for most actual mail blocking. Understanding which lists matter saves you from wasting time chasing irrelevant ones.

The lists that actually matter

Spamhaus

The single most important sender reputation database in the industry. Run by a non-profit since 1998, used by tens of thousands of mail servers worldwide including a significant fraction of the consumer mailbox providers. Spamhaus operates several sub-lists:

• SBL (Spamhaus Block List) — verified spam sources. Listing is manually reviewed; getting on it usually means you sent unsolicited bulk mail to a Spamhaus spam trap.
• XBL (Exploits Block List) — compromised hosts: open proxies, virus-infected machines, machines sending malware.
• PBL (Policy Block List) — IPs that should not be sending mail directly to the internet (residential ranges, dynamic pools).
• ZEN — the combined list, what most receivers actually query.

If you're listed on Spamhaus, that is a real problem and it needs to be fixed. Listings on the smaller third-party lists are mostly noise.

Microsoft (SNDS & JMRP)

Microsoft does not publish a public DNSBL but it maintains an internal reputation database that controls whether your mail reaches Outlook.com, Hotmail.com, Live.com and Office 365 inboxes. The Smart Network Data Services (SNDS) portal at sendersupport.olc.protection.outlook.com shows you exactly what Microsoft thinks of each of your IPs — "Green," "Yellow" or "Red" status, plus complaint and trap-hit data.

Google Postmaster Tools

Same idea for the Google ecosystem (Gmail, G Suite). It does not produce a yes/no blacklist verdict, but the IP and domain reputation panels show you whether Google considers you trustworthy. See our dedicated walkthrough.

Lists that get more attention than they deserve

• UCEPROTECT Levels 2 and 3 — lists by /24 or /16 ranges, not individual IPs. Almost no major receiver checks these directly. Don't pay UCEPROTECT to delist.
• SORBS — was important a decade ago, less so now.
• Barracuda Reputation Block List — only used by Barracuda customers. Worth checking if you send to enterprise.
• ivmSIP, KISA-RBL, JIPPG — long tail of regional or low-quality lists.

How to check — the easy way

For a quick one-off check, paste your IP into one of these tools:

• MXToolbox Blacklist Check — queries about 90 lists in one go.
• Spamhaus IP and Domain Lookup — the authoritative source for Spamhaus listings.
• multirbl.valli.org — queries 200+ lists, good for comprehensive auditing.

How to check — the command-line way

For monitoring or scripting you'll want to query DNSBLs directly. The convention is to reverse the IP octets and prepend the result to the blacklist hostname.

To check whether 1.2.3.4 is on Spamhaus ZEN, query 4.3.2.1.zen.spamhaus.org:

$ dig +short 4.3.2.1.zen.spamhaus.org
127.0.0.4

A returned A record means listed. NXDOMAIN (no result) means clean. The specific value of the A record encodes the reason:

• 127.0.0.2 — SBL listing.
• 127.0.0.3 — SBL CSS (Compromised Subnet Search).
• 127.0.0.4 to .7 — XBL (various exploit categories).
• 127.0.0.10 or .11 — PBL.

To bulk-check a list of IPs against multiple lists, the open-source rblcheck and checkip tools are convenient.

What to do if you're listed

1. Don't panic and don't pay. Reputable lists never charge for delisting. If a list demands money, it's a low-quality list and you can usually ignore it (no major receiver queries it).
2. Identify the cause. Look at recent traffic from that IP. Compromised account? Hijacked SMTP relay? Sudden spike in bounces? You will not stay delisted if you don't fix the root cause.
3. Fix it. Disable the compromised account, patch the open relay, throttle the over-volume sender, scrub the list that caused the bounce spike.
4. Submit a delisting request. Each list has its own form. Spamhaus will ask you what was sending and what you've done about it. Be specific.
5. Wait. Most automated lists clear within 24–48 hours of remediation. Spamhaus SBL listings can take longer because they're manually reviewed.

Building your own monitoring

If you operate more than a couple of sending IPs, you should monitor your DNSBL status continuously rather than checking when something breaks. A simple cron job that queries each of your IPs against ZEN, the Microsoft reputation API and a few other lists once an hour, then alerts you on a state change, is enough to catch the vast majority of issues before customers complain. Most monitoring SaaS — Datadog, Grafana Cloud, even uptime services like UptimeRobot — can do DNS-based checks on a schedule.

Prevention beats remediation

The best blacklist strategy is to never get listed in the first place. The cheap-to-implement basics:

• Strong SPF, DKIM and DMARC on every sending domain.
• Forward-confirmed reverse DNS on every sending IP — see our PTR guide.
• List hygiene: validate addresses before sending, suppress hard bounces immediately, honour unsubscribes within a day.
• Per-domain throttles so a sudden spam burst doesn't burn your whole pool.
• An IP warmup when you bring new addresses online.

Get those right and the only blacklists you'll ever see are the false-positive long tail.