The Spamhaus Project: Step by Step Guide to Remove Your IP from Blocklists 

Updated 9 October 2024
5 min read
17 December 2021

Have you found your IP address in one of Spamhaus Project blocklists? Learn what that means and what steps you should take next.

Blocklist databases are counted in the hundreds, and every single one can classify IP addresses as malicious or disreputable. The Spamhaus Project specifically focuses on all activities related to spam and cyberthreats, and it helps protect over 3 billion users’ mailboxes.

Needless to say, no one wants to be on the bad side of the Spamhaus. Fortunately, if you have a listing on one of their blocklists, there are steps that you can take to restore the reputation of the resource.  

Keep reading to learn all about Spamhaus, its blocklists and simple instructions that will enable you to request removal and clear your Spamhaus listing so that you can resume your email campaigns. 

Check Your IP Reputation

Effortlessly scan up to a /23 subnet (512 IPs) once a month for free and receive a comprehensive overview of your IPs’ reputation.

What is the Spamhaus Project? 

The Spamhaus Project is a non-profit organization dedicated to tracking IPs, domains, and ASNs associated with spam, phishing, malware, and ransomware. This data is now used by ISPs, email providers, and network administrators to block or filter out spam and other malicious content. 

A visual showing how a blocklist prevents spam from reaching the inbox
A blocklist prevents spam from reaching the inbox

Types of Spamhaus IP Blocklists 

Let’s explore different types of Spamhaus IP blocklists. 

Spamhaus Block List (SBL) 

When an IP address is found to be sending spam or engaging in other malicious activities, it may be listed on the SBL. Email servers and other network services can use the SBL to block or filter messages coming from those IP addresses, helping to reduce the amount of spam that reaches users’ inboxes. 

The SBL is widely used by email service providers, network administrators, and security professionals as part of their spam-filtering and security measures. 

Combined Spam Sources (CSS) 

CSS aggregates multiple sources of spam-related data, such as IP addresses, domain names, email addresses, and other identifiers associated with spamming activities. Combining these sources into a single list allows efficiently block or filter out spam and prevent it from reaching users’ inboxes or networks. 

These lists are often used in conjunction with spam filtering software and other security measures to protect against unwanted or malicious email and online content. CSS listings expire automatically if no new spam is registered, but there is also an option to delist sooner, by filling in a request form. 

Exploits Block List (XBL) 

XBL is a list that identifies known software vulnerabilities, exploits, or malicious activities associated with specific software versions, applications, or services. This list is used by security professionals, network administrators, and cybersecurity systems to block or mitigate attacks that exploit these vulnerabilities.  

XBL listings also expire automatically if no new attacks are registered, but there is also an option to delist sooner, by filling in a request form. 

Policy Blocklist (PBL) 

The PBL is a component of the Spamhaus Project that identifies IP addresses that should not be sending email directly to end-users. It includes dynamic IP ranges typically assigned to residential or dial-up users, which are not meant to operate as mail servers.  

By listing these IP addresses, the PBL helps reduce spam by preventing email from sources not intended for sending mail, thereby improving email deliverability and reducing the likelihood of spam reaching users’ inboxes. 

Don’t Route or Peer & ASN Don’t Route or Peer (DROP & ASN DROP) 

DROP and ASND DROP blocklists are one of the strictest lists. They are not common and contain only networks that are menacing to Internet users. IP addresses get listed in DROP due to hijacking networks, cybercrime operations, bulletproof hosting, and similar suspicious activities online.

By being listed as DROP, a subnet is signaling to others in the Internet community that they should not attempt to establish direct connections or routing relationships with them. This helps maintain control over their network connections and ensures they only peer with trusted and compatible partners. 

ASN DROP is the same, just for ASNs instead of subnets.  

Some of the main Spamhaus Project blocklists: SBL, XBL, CSS, PBL, DROP, and ASN DROP

Some of the main Spamhaus Project blocklists: SBL, XBL, CSS, PBL, DROP, and ASN DROP

Removing IP from the Spamhaus Blocklists 

Follow these steps to find out if your IPs are blocklisted and learn how to have IP removed from each blocklist. 

1. Run a blocklist check for your IP 

The first step is to access the Spamhaus IP and domain reputation checker (previously known as Blocklist Removal Center). Enter your address into the search box and click Lookup

Spamhaus lookup tool for IP, domain or hash.

If the domain reputation checker/blocklist removal center helps you confirm that your IP address exists on the blocklist, you may see your search result come back with a warning message. 

Click Show Details to find more detailed data that might help explain and fix the issue. If you don’t have access to your email servers and you don’t have a technical account manager to consult, you may not be able to solve this yourself. Instead, you may need to reach out to your email providers or ISP.  

Why is this IP address listed in Sapmhaus blocklist notification.
Return codes in the spamhaus ZEN blocklist.

2. Indicate the block reason

Spamhaus distributes numerous blocklists that block IP addresses for different reasons. The Spamhaus IP domain and reputation checker further facilitates the investigation by helping to identify what the issue might be and why your IP is on one of their lists. 

For instance, an IP listed XBL or SBL may identify a security problem. To track down the cause of it, look through your server logs. They can reveal data about suspicious or malicious activity inside and outside your network. 

Please do not attempt delisting if you have not found and fixed the problem. 

3. Request Spamhaus blocklist removal

If the underlying problem has been identified and fixed, depending on the listing type, the delisting procedure is different:

SBL listings – there is an e-mail link in the SBL listing page. The communication is also reserved for ISPs. If you only use an IP that is part of a large SBL – your ISP will have to handle it. Either way, you can always contact Spamhaus. They are always willing to help, if you are genuinely looking to improve.

Please take note that a false delisting request will only make the situation worse and reduce your chances of clearing the SBL.  

DROP listings are also handled by the ISP, by contacting the Spamhaus team, the same way as SBL listings.

DROP listings are also handled by the ISP, by contacting the Spamhaus team, the same way as SBL listings.

PBL listings – if you have a single IP, you can fill out an exclusion form, provided on the listing page. If you want a subnet removed, you will have to contact your ISP, because PBL listings are controlled by ISPs in the Spamhaus ISP Portal.

If you own the IPs, but have never used the ISP portal, you will have to create an ISP account with Spamhaus.

For single IP removals, the exclusion procedure is the same as for CSS/XBL – these listings expire automatically given that the underlying problem is resolved.  

If you found the problem and fixed it, you can skip the wait and send IP address removal requests by ticking a box and clicking Next Steps

If you found the problem and fixed it, you can skip the wait and send IP address removal requests by ticking a box and clicking Next Steps. 

To petition for IP address removal from the Spamhaus blocklist, fill out the form to provide your contact data and click Submit

To petition for IP address removal from the Spamhaus blocklist, fill out the form to provide your contact data and click Submit. 

When Spamhaus accepts your removal form, it will process it immediately. However, note that the removal process may take a few minutes, or up to 24 hours. If your IP address is still on the list after 24 hours, contact Spamhaus’ technical account manager for removal assistance. 

Conclusion

Being listed on a Spamhaus Project blocklist can have serious implications for your email deliverability and online reputation. However, understanding the types of blocklists and the steps for removal can help resolve the issue efficiently.  

By following the guidelines provided in this article, including checking your IP’s reputation, identifying the block reason, and submitting a removal request, you can restore your IP’s reputation and resume normal email operations. 

Remember, Spamhaus is committed to helping improve online security, so reaching out for genuine assistance is always an option if needed. 

FAQ

What should I do if I find my IP address on a Spamhaus blocklist?

If you discover your IP address on one of the Spamhaus Project blocklists, the first step is to identify the reason for the listing. Then, follow the specific instructions provided by Spamhaus for delisting, which may differ for each blocklist.

How can I determine why my IP address was listed on one of the Spamhaus Project blocklists? 
What types of blocklists does Spamhaus maintain, and how do they differ? 
Can I request removal from a Spamhaus blocklist if I haven't fixed the underlying issue? 

About the author

Gustavas Davidavicius

Customer Solutions Engineer

Gustavas is a Customer Solutions Engineer at IPXO. He specializes in the abuse desk policies, as well as IP reputation upkeep on the IPXO’s IP leasing and monetization platform.
Table of contents

Related reading

A visual of IP address being cleaned
21 October 2024   •   IP Reputation, IP Security

IP Address Cleanliness: Protecting Your Business’s Reputation and Success 

Learn why IP address cleanliness matters and how to safeguard your digital identity.

Read more
Gustavas Davidavicius, Customer Solutions Engineer at IPXO

How IPXO Handles Abuse: Ensuring a Secure and Trusted Marketplace 

Discover how IPXO's robust abuse management strategies ensure a secure and trustworthy IP address marketplace by preventing, detecting, and mitigating potential threats.

Read more
A laptop with three screens representing three people attending one webinar.
27 September 2022   •   Internet Protocols, IP Insights, IP Reputation, IP Security

IPXO Webinar: IP Address Reputation and Management 

What is IP address reputation, and why is it important? What are the greatest challenges related to IP address management? What changes to IP reputation and management can we…

Read more

Subscribe to the IPXO email and don’t miss any news!