17 December 2021 | 7 min read | Gustavas Davidavičius
You are exploring: IP Reputation

How To Remove IP From Spamhaus Blocklist: Step by Step Guide 2023

Have you found your IP address in a Spamhaus blocklist? Learn what that means and what steps you should take next.

Spamhaus IP blocklist.

By helping identify internet-connected devices, Internet Protocol (IP) addresses turn the wheels of the internet. But what if an address is listed on an IP blocklist or, as it was common to say back in the day, IP blacklist? The connection jams up, which is terrible for businesses that rely on electronic mail communication. That is because emails sent from blocklisted IPs are bounced, meaning that they do not reach the intended recipients. And who is responsible for maintaining blocked IPs? The Spamhaus Project is the perfect example.

Blocklist databases are counted in the hundreds, and every single one can classify IP addresses as malicious or disreputable. The Spamhaus Block List – sometimes referred to as the Spamhaus blacklist – specifically focuses on all activity related to spam and cyberthreats, and it helps protect over 3 billion user mailboxes. Needless to say, no one wants to be on the bad side of the Spamhaus Block List. Fortunately, if you have a listing on this blocklist, there are steps that you can take to restore the reputation of the resource. 

Keep reading to learn all about Spamhaus and find simple instructions that will enable you to request removal and clear your Spamhaus listing so that you can resume your email campaigns.

What is the Spamhaus Blocklist?

The Spamhaus Block List (SBL), or Spamhaus blacklist, is a real-time database of IP addresses that Spamhaus identifies as a spam source according to its listing criteria. More specifically, according to the SBL policy, the list includes IPs that send unsolicited bulk emails or expose unwitting targets to threats.

While many people receive bulk emails, they are not necessarily spam. Bulk emails can, for example, include newsletters and advertisements that you subscribe to. On the other hand, cybercriminals can use spam as a vehicle for cyberattacks and malware.

Luckily, Spamhaus enables users to reduce traffic from IP addresses that may be related to potentially dangerous spam. Many internet service providers (ISPs), email service providers, hosting companies and corporations use the Spamhaus blocklist. Along with its Register Of Known Spam Operations (ROKSO) database.

Two email inboxes. one full of emails, the second full of spam.
A blocklist prevents spam from reaching the inbox

Why are IP addresses blocked by Spamhaus?

Spamhaus does not block your IP address directly or prevent you from sending mail. Instead, it allows your recipient’s mail server to block your message. Spamhaus enables the mail server to check your IP’s listing on any of the Spamhaus IP blocklists. If the listing exists on those blocklists, receiving mail servers may reject your emails. 

But what are the reasons your IP address may end up on a Spamhaus blocklist? Here are a few issues you may need to consider before you can initiate a listing removal.

  • Spam trap: If you have scraped or bought an email list, it may contain a spam trap address specifically designed to catch spammers
  • Compromised security: Cybercriminals can hijack email accounts and use your mailing list for sending mail intended for phishing and spam purposes without your knowledge, thus compromising your sender reputation
  • Poor marketing practices: It is crucial to stick to good email marketing practices, like adding an unsubscribe link or removing unengaged subscribers from the mailing list, to maintain a good sender reputation and email deliverability rates
  • Increased send volumes: If you have not performed IP warmup but increased your email send volumes during most recent email campaigns, you may be accused of spam-like activity and sending bulk email 
  • Unsolicited email: If your recipients frequently flag your messages as spam, your email deliverability rates may go down and complaint rates may go up, which may flag you as a potential spammer; hence the importance of proactive account monitoring
  • Blocklisted domain: If your domain ends up on the Spamhaus Domain Block List (DBL), you will not be able to resume normal mailing activities until you delist it from this and other DNS-based blacklists

Fortunately, there are several solutions that an email administrator or ISP may employ to delist blocklisted IPs. Let’s discuss them in greater detail.

Block dynamic IPs and port 25

Dynamic IP addresses provide flexibility to ISPs and reduce costs because they are cheaper than static IPs. However, they pose a greater threat to users. Since dynamic IP addresses change frequently, spammers can use that to conceal their identity when sending spam.

A good anti-spam solution to ensure your email servers are guarded is to add your dynamic IP ranges to the PBL (Spamhaus Policy Block List) database that records all IPs that shouldn’t be delivering unauthenticated SMTP email. In short, this protects your IPs from someone exploiting them to send spam without SMTP authentication to another email server. If you use Outlook or another similar service, make sure to turn on SMTP authentication. 

One more solution to limit spam traffic is to block SMTP port 25. This is a default port for email communication across the internet. Unfortunately, spammers may exploit open port 25. They could use it to send unsolicited bulk email and infect computers with malware to create a network of botnets for large-scale attacks.

To make communications more private and secure, ISPs tend to block port 25 for email transmission between email clients (e.g., Outlook) and email servers. Instead of port 25, users should use other ports that require SMTP authentication to send their emails securely. For example, port 587.

Choose a static IP address

As you now know, using a dynamic IP address can put you at a greater risk of blocklisting. That is because a dynamic IP address is assigned temporarily. And email servers receiving messages may automatically block them if they are associated with dynamic IPs. Essentially, if the IPs of email senders change frequently, this could be regarded as a sign of a potential spammer.

What’s the solution to this issue? Using a static IP. Although static IPs are more expensive, they can help take better control of your mailing activities. Luckily, you do not need to sacrifice full control to save money. You can lease static IP address space even on a low budget.

Enable SMTP authentication to protect your mail server

You cannot send an email via Outlook or another mail system due to PBL listing? Then make sure to enable SMTP Authentication (SMTP AUTH). It guarantees that only authorized senders use the email server.

If SMTP is on, verify that the credentials for the email server (username and password) are correct. And to ensure the correct function of SMTP AUTH, use port 587 to send emails safely. This can significantly decrease the risk of spam operations from your servers.

Scan for malware

Malware can infect your device when you visit suspicious websites. Clicking on a link in a misleading email or downloading an attachment included in it could have the same result. If malware infects a computer, the attacker can hijack the device to perform anonymous attacks. By taking over the device, hackers can also attempt to steal sensitive information without the user’s knowledge.

Luckily, you can prevent that from happening. Ensure that your antivirus software is up-to-date and regularly run a full scan of your device. Also, do not open any suspicious emails and links or attachments they might contain.

A bug on a computer screen representing malware detection.
Regular malware scans can help prevent malicious infections

Remove IP from the Spamhaus blocklist 

If you suspect that your IPs might have been blocklisted, you should check their reputation. And if you verify that they have been blocklisted and find out why, you can request Spamhaus to delist. 

If you don’t have your own email server, you need to contact your ISP or the organization that assigned you the IP address and ask for assistance. If you own an email server, the Spamhaus IP and domain reputation checker might help perform an in-depth investigation and reveal why your addresses or domains are blocklisted.

Follow these steps to find out if your IPs are blocklisted and learn how to have each IP removed from the blocklist.

1. Run a blocklist check for your IP

The first step is to access the Spamhaus IP and domain reputation checker (previously known as Blocklist Removal Center). Enter your address into the search box and click Lookup.

Spamhaus lookup tool for IP, domain or hash.

If the domain reputation checker/blocklist removal center helps you confirm that your IP address exists on the blocklist, you may see your search result come back with a warning message.

Click Show Details to find more detailed data that might help explain and fix the issue. If you don’t have access to your email servers and you don’t have a technical account manager to consult, you may not be able to solve this yourself. Instead, you may need to reach out to your email providers or ISP.

Why is this IP address listed in Sapmhaus blocklist notification.

Note: Spamhaus users have access to other Spamhaus blocklists. ZEN (or Spamhaus ZEN), a comprehensive blocklist that contains SBL, XBL (Spamhaus Exploits Block List) and PBL blocklists, can make IP lookup easier and faster. Moreover, the ZEN blocklist shows return codes to indicate in which blocklist the IP address exists.

Return codes in the spamhaus ZEN blocklist.

2. Indicate the block reason

Spamhaus distributes numerous blocklists that block IP addresses for different reasons. However, if they exist in XBL or SBL, that may identify a security problem. To investigate the reason behind it, look through your server logs. They can reveal data about suspicious or malicious activity inside and outside your network.

The Spamhaus IP domain and reputation checker further facilitates the investigation by helping to identify what the issue might be and why your IP is on an XBL, SBL or another list.

If you checked your log files, found the problem and fixed it, you can send IP address removal requests by ticking a box and clicking Next Steps.

Next step button in the IP removal from spamhaus blocklist process.

3. Request Spamhaus blocklist removal

To petition for IP address removal from the Spamhaus blocklist, fill out the form to provide your contact data and click Submit.

Contact form for removing IP from spamhaus blocklist.

When Spamhaus accepts your removal form, it will process it immediately. However, note that the removal process may take a few minutes up to 24 hours. If your IP address is still on the list after 24 hours, contact Spamhaus’ technical account manager for removal assistance.

Conclusion

While Internet Protocol addresses may be blocklisted for different reasons, it does not necessarily mean that your IPs are abused or that your device is sending spam. If you find your IPs on PBL lists, this may be no cause for concern. On the other hand, if your address exists on an XBL or SBL list, you should thoroughly investigate the problem and fix it ASAP.

If you cannot delete your IPs from the Spamhaus Project blocklist (i.e., Spamhaus blacklist) on your own or you need additional information, you can always contact your email service provider or ISP. They might help resolve the issue and offer tips on how to avoid blocklisting in the future.

If you are interested in taking full control of your email marketing campaigns with static IPs, learn how to save money by leasing the resources you need.


About the author

Gustavas Davidavičius

Senior Abuse Prevention Specialist

Gustavas is a Senior Abuse Prevention Specialist at IPXO. He specializes in the abuse desk policies, as well as IP reputation upkeep on the IPXO’s IP leasing and monetization platform.