17 December 2021 | 7 min read | Gustavas Davidavičius
You are exploring: IP Reputation

How To Remove IP From Spamhaus Blocklist: Step by Step Guide 2022

Learn more about the Spamhaus blocklist, the reasons why IP addresses get blocklisted and how to remove IPs from this blocklist.

Spamhaus IP blocklist.

IP addresses (Internet Protocol addresses) identify every internet-connected device. Without them, we would not be able to communicate. However, even if you have an IP address, connection may be restricted. Why? Your address may be blocklisted, in which case it is classified as malicious or disreputable. Many independent block lists exist, one of them being the well-known Spamhaus Block List.

Founded in 1998 by Steve Linford, the Spamhaus Project is a nonprofit that specifically focuses on tracking spam and cyberthreats. The organization uses built-in spam engines that protect over 3 billion user mailboxes. If your own IP address has been blocklisted by Spamhaus, there are a few steps you need to take to restore the reputation of your resources. Continue reading to learn all about this blocklist and how to get your IPs off it to resume your email campaign.

What is the Spamhaus Blocklist?

The Spamhaus Block List (SBL) – sometimes referred to as the Spamhaus blacklist – is a real-time database of IP addresses that Spamhaus identifies as a spam source according to its listing criteria. More specifically, according to the SBL policy, the list includes IPs that send unsolicited bulk emails or expose unwitting targets to threats.

While many people receive bulk emails, they are not necessarily spam. Bulk emails can, for example, include newsletters and advertisements that you subscribe to. On the other hand, cybercriminals can use spam as a vehicle for cyberattacks and malware.

Luckily, Spamhaus enables users to reduce traffic from IP addresses that may be related to potentially dangerous spam. Many internet service providers (ISPs), email service providers, hosting companies and corporations use the Spamhaus blocklist and its Register Of Known Spam Operations (ROKSO) database.

Two email inboxes. one full of emails, the second full of spam.
A blocklist prevents spam from reaching the inbox

Why do IPs get blocked by Spamhaus?

While Spamhaus does not block your IP address directly or prevent you from sending mail, it allows your recipient’s mail server to block your message. Spamhaus enables the mail server to check if your IP address is on any of the Spamhaus IP blocklists. If it exists on those blocklists, receiving mail servers may reject your emails. 

But what are the reasons your IP address may end up on a Spamhaus blocklist? Here are a few issues you may need to consider.

  • Spam trap: If you have scraped or bought an email list, it may contain a spam trap address specifically designed to catch spammers
  • Compromised security: Cybercriminals can hijack email accounts and use your mailing list to send phishing and spam emails without your knowledge, thus compromising your sender reputation
  • Poor marketing practices: It is crucial to stick to good email marketing practices, like adding an unsubscribe link or removing unengaged subscribers from the mailing list, to maintain a good sender reputation and email deliverability rates
  • Increased send volumes: If you have not performed IP warmup but increased your email send volumes during most recent email campaigns, you may be accused of spam-like activity and sending bulk email 
  • Unsolicited email: If your recipients frequently flag your messages as spam, your email deliverability rates may go down and complaint rates may go up, which may flag you as a potential spammer; hence the importance of proactive account monitoring
  • Blocklisted domain: If your domain ends up on the Spamhaus Domain Block List (DBL), you will not be able to resume normal mailing activities until you delist it from this and other DNS-based blacklists 

Fortunately, there are several solutions that an email administrator or ISP may employ to delist blocklisted IPs. Let’s discuss them in greater detail.

Block dynamic IPs and port 25

While dynamic IP addresses provide flexibility to ISPs and reduce costs because they are cheaper than static IPs, they pose a greater threat to their users. Since dynamic IP addresses change frequently, spammers can use that to conceal their identity when sending spam.

A good anti-spam solution to protect your email servers is to add your dynamic IP ranges to the PBL (Spamhaus Policy Block List) database that records all IPs that shouldn’t be delivering unauthenticated SMTP email. In short, this protects your IPs from someone exploiting them to send spam without SMTP authentication to another email server. If you use Outlook or another similar service, make sure to turn on SMTP authentication. 

One more solution to limit spam traffic is to block SMTP port 25, a default port for email communication across the internet. Unfortunately, spammers may exploit open port 25. They could use it to send unsolicited bulk email and infect computers with malware to create a network of botnets for large-scale attacks.

To make communication more private and secure, internet service providers tend to block port 25 for email transmission between the email client (e.g., Outlook) and the email server. Instead of port 25, users should use other ports that require SMTP authentication to send their emails securely, such as port 587.

Choose a static IP address

As you now know, using a dynamic IP address can put you at a greater risk of blocklisting. That is because a dynamic IP address is assigned temporarily, and email servers receiving messages may automatically block them if they are associated with dynamic IPs. Essentially, if the IPs of email senders change frequently, this could be regarded as a sign of a potential spammer.

What’s the solution to this issue? Using a static IP. Although static IPs are more expensive, they can help take better control of your mailing activities. Luckily, you do not need to sacrifice full control to save money. You can lease static IP address space even on a low budget.

Enable SMTP authentication

If you can’t send an email via Outlook or another mail system due to PBL listing, make sure to enable SMTP Authentication (SMTP AUTH). It guarantees that only authorized senders use the email server.

If SMTP is on, verify that credentials for the email server (username and password) are correct. And to ensure the correct function of SMTP AUTH, use port 587 to send emails safely. This can significantly decrease the risk of spam operations from your server.

Scan for malware

Malware can infect your device when you visit suspicious websites, click on a link in a misleading email or download an attachment included in it. If malware infects a computer, the attacker can hijack the device to perform anonymous attacks. By taking over the device, hackers can also attempt to steal data without the user’s knowledge.

Luckily, you can prevent that from happening. Ensure that your antivirus software is up-to-date and regularly run a full scan of your device. Also, do not open any suspicious emails and links or attachments they might contain.

A bug on a computer screen representing malware detection.
Regular malware scans can help prevent malicious infections

Remove IP from the Spamhaus blocklist 

If you suspect that your IP might have been blocklisted, you should check the reputation of that address. And if you verify that it has been blocklisted and find out why, you can request Spamhaus to delist it. 

If you don’t have your own email server, you need to contact your ISP or the organization that assigned you the IP address and ask for assistance. If you own your email server, the Spamhaus IP and domain reputation checker might help perform an in-depth investigation and reveal why your address is blocked.

Follow these steps to find out if your IP is blocklisted and learn how to have the IP removed from the blocklist.

1. Run a blocklist check for your IP

The first step is to access the Spamhaus IP and domain reputation checker (previously known as Blocklist Removal Center). Enter your address into the search box and click Lookup.

Spamhaus lookup tool for IP, domain or hash.

If your IP address exists on the blocklist, you may see your search result come back with a warning message.

Click Show Details to find more detailed data that might help explain and resolve the issue. If you don’t have access to your email server and you don’t have a technical account manager to consult, you may not be able to solve this yourself. Instead, you may need to reach out to your email providers or ISP.

Why is this IP address listed in Sapmhaus blocklist notification.

Note: If you are a Spamhaus user, you have access to other Spamhaus blocklists. ZEN (or Spamhaus ZEN), a comprehensive blocklist that contains SBL, XBL (Spamhaus Exploits Block List) and PBL blocklists, can make IP lookup easier and faster. Moreover, the ZEN blocklist shows return codes to indicate in which blocklist the IP address exists.

Return codes in the spamhaus ZEN blocklist.

2. Indicate the block reason

Spamhaus distributes numerous blocklists that block IP addresses for different reasons. However, if they exist in XBL or SBL, that may identify a security problem. To investigate the reason behind it, look through your server logs. They can reveal data about suspicious or malicious activity inside and outside your network.

The Spamhaus IP domain and reputation checker further facilitates the investigation by helping to identify what the issue might be.

If you checked your log files, found the problem and fixed it, you can send IP address removal requests by ticking a box and clicking Next Steps.

Next step button in the IP removal from spamhaus blocklist process.

3. Request removal from the blocklist

To petition IP address removal from the Spamhaus blocklist, fill the form to provide your contact data and click Submit.

Contact form for removing IP from spamhaus blocklist.

When Spamhaus accepts your removal form, it will process it immediately. However, note that the removal process may take a few minutes up to 24 hours. If your IP address is still on the blocklist after 24 hours, contact Spamhaus’ technical account manager for removal assistance.

Conclusion

While Internet Protocol addresses may be blocklisted for different reasons, it does not necessarily mean that your IP is abused or your device is sending spam. If you find your IP on PBL lists, this may be no cause for concern. On the other hand, if your address exists on an XBL or SBL list, you should thoroughly investigate the problem and fix it ASAP.

If you cannot delete the IP from the Spamhaus Project blocklist on your own, you can always contact your email service provider or ISP to help resolve the issue and get tips on how to avoid blocklisting in the future. If you are interested in taking full control of your email marketing campaigns with static IP addresses, learn how to save money by leasing resources.


About the author

Gustavas Davidavičius

Senior Abuse Prevention Specialist

Gustavas is a Senior Abuse Prevention Specialist at IPXO. He specializes in the abuse desk policies, as well as IP reputation upkeep on the IPXO’s IP leasing and monetization platform.