Blacklisted on Black Friday?


Oh, blacklists. With over 300 of them publicly available, it’s no wonder good senders keep a close eye on their IP and domain activity.

Public blacklists are created by large, trustworthy companies, as well as small, independent networks. But since anyone can create a blacklist, they don’t all have the same impact on deliverability. Mailbox providers and filtering companies do not leverage every blacklist in making inbox placement decisions. Instead, they typically combine data from various public blacklists, as well as data from their own networks, to determine your credibility as a sender.

Email marketers often associate blocking with being blacklisted. It’s important to note that blacklist providers are not the ones blocking your mail—it’s the mailbox provider leveraging your blacklist status that blocks your mail. If landing on a blacklist does lead to having your mail blocked, focus on the potential causes for the listing. Blacklisting is most often caused by poor list quality and end user complaints.

There are two types of blacklists: IP address-based and domain-based.

IP-Based Blacklists

Real-time Black Lists (RBL) and Domain Name Server Black Lists (DNSBL) are lists of IP addresses whose spam status changes in real time. Mailbox providers check these blacklists to see if the sending server is managed by a sender who allows others to connect and send from their system (open-relays). They also check for known spammers or mailbox providers that allow spammers to use their infrastructure. Commonly known RBL/DNSBLs include:

  • Return Path Reputation Network Blacklist (RNBL): The RNBL is a real time list of IP addresses that Return Path determines should be blocked by mailbox providers based on the Return Path Provider Network. The blacklist is compiled using a predictive model that analyzes hundreds of variables for each sending IP address. The blacklist scores IP addresses in real time and incorporates volume, spam traps, and complaint sources.
  • (SBL): The Spamhaus Block List (SBL) is a database of IP addresses from which Spamhaus does not recommend accepting email. The SBL is a real time database of IP addresses of spam sources, including known spammers, spam gangs, spam operations, and spam support services. Getting delisted from the SBL requires you to develop and execute an action plan to rectify the problem that caused the listing.
    • (XBL): The Exploits Bot List (XBL) is a list of known open proxies and illegal third party exploits used to send spam and viruses. It includes information gathered by Spamhaus and contributing Domain Name System blacklist (DNSBL) operations, such as the Composite Blocking List (CBL).
    • (CBL): The Spamhaus Composite Blocking List (CBL) is a Domain Name System (DNS) based blacklist of email services suspected of sending spam as a result of a virus or malware infection. The CBL gets its data from large Simple Mail Transfer Protocol (SMTP) mail server installations, most of which are large spam traps. The CBL offers an easy self-removal option here.
    • SpamCop (SCBL): The SCBL is a spam reporting service that allows recipients of unsolicited bulk email (UBE) and unsolicited commercial email (UCE) to report the IP addresses of spammers. It uses the information to maintain the SpamCop Blocking List (SCBL). The SpamCop reporting tool cannot determine if email reported by users is or is not spam; it can only parse and report email which users give it. SpamCop users can and do make mistakes. Delisting is automatic after 24 hours if spam reports stop.
    • The Passive Spam Block List (PSBL) lists IP addresses when they send email to a spam trap, the message cannot be identified as non-spam, and the IP address is not a known mail server. They do encourage whitelisting to stay off their list.
    • Lashback’s UBL is a real time blacklist of IP addresses that sends email to names harvested from suppression files.


    • Invaluement: The Invaluement Anti-Spam DNSBL is a compilation of three commercial anti-spam blacklists:
      • ivmURI: domains mostly owned by spammers
      • ivmSIP: spammy IP addresses either overlooked or not yet listed by Spamhaus, from botnets, elusive snowshoe spammers, or black hat mailbox providers. (A black hat sender is a company that sends email to recipients who have not given permission to senders to send to them.)
      • ivmSIP/24: IP address ranges or subnets where spam sending patterns have been detected

URI Real-time Blacklists (URI DNSBL) are lists of domain names that appear within the email body. This blacklist will look for the URLs within the body of the email to see if it contains a domain identified as a source of spam.

Domain Based Blacklists

The most commonly used URI DNSBLs include:

  • The Spamhaus DBL is a real time database of domains found in spam messages. These domains are typically website domains, which include spam domains, sources, and senders, known spammers and gangs, and phishing, virus, and malware related sites.
  • URIBL: The URIBL is a list of domains they identified as being used in spam email. While they have several public lists, the most common list that can result in delivery issues is the which has a goal of zero false positives. The list updates frequently as new data is received, so delisting can occur automatically. The domain owner may also request removal once registered with the URIBL.
  • SURBL: SURBL is a list of website domains that have appeared in unsolicited messages. The domain owner may request removal by conducting an initial lookup and following removal instructions here.
Featured Resources

We Know Email

Get the actionable insights you need to improve your email program.