Email going to spam? How to check if your IP is on a blacklist

// published 2026-04-17

Email mysteriously going to spam? Inbox placement dropped overnight? There's a good chance your sending IP ended up on a DNS blacklist (RBL/DNSBL). Here's how the lists work, which ones actually move the needle, and how to get off them.

How RBL/DNSBL actually works

A DNS blacklist is a DNS zone where listed IPs return a positive A-record query (typically 127.0.0.x). To check if 1.2.3.4 is on Spamhaus ZEN, the receiving mail server queries:

4.3.2.1.zen.spamhaus.org. → A record

If that resolves to anything, the IP is listed. If NXDOMAIN, it's clean.

Cheap, fast, distributed. Every receiving server can run dozens of these checks in parallel during the SMTP handshake.

The lists that actually matter

Hundreds of RBLs exist. Most are useless or worse — listings that nobody honors. The ones that move inbox placement:

• Spamhaus ZEN — the combined Spamhaus list (SBL + XBL + PBL). If you're on this, you're invisible to most enterprise mail. This is the one that matters most.
• Barracuda Reputation Block List — used by Barracuda's spam filter, which is widely deployed in enterprise. Listing here hurts.
• SpamCop — auto-listings driven by user complaints. Quick to list, quick to remove (24h auto-delisting).
• SORBS — controversial but still consulted by some receivers.
• UCEPROTECT L1 — listings tend to be aggressive; honored by some German/EU mail providers.

Run a quick check with the RBL Blacklist Checker. It queries 8 major lists in parallel.

Why you got listed

Most listings happen for one of these reasons:

1. Compromised account. One of your users got phished, attacker is sending bulk spam from your IP. Reset, audit, find the source.
2. Compromised vulnerable script. Old contact form, abandoned WordPress install, exposed SMTP relay — abuse vectors that send spam without you noticing.
3. Bad list hygiene. Sending to old mailing lists with high bounce rates and spam complaints. ESPs see your spike, downgrade reputation; eventually a list picks it up.
4. Shared IP problem. If you're on a shared mail server (cheap hosting, shared SaaS plan), a noisy neighbor can get the IP listed for everyone.
5. Listserver hosted on production IP. Mailing-list software amplifies any single message into thousands of outbound. Run it from a dedicated IP.

Before you request delisting

Listings that are removed and immediately re-added look like fraud. Do these before requesting removal:

• Find and stop the source. Whatever got you listed — fix it. If you can't identify the source, don't request removal yet.
• Check your SPF/DKIM/DMARC. Run SPF, DKIM, DMARC checkers. Fix any failures. Authenticated mail signals legitimate sender.
• Set up PTR. Reverse DNS must match your sending hostname. See the PTR records guide.
• Warm the IP slowly. If you got delisted from a fresh send, ramp volume gradually — 50/day → 200/day → 1000/day over weeks.

How to delist

Most major lists have self-service delisting forms:

• Spamhaus: spamhaus.org/lookup → enter IP → "request removal" if eligible.
• Barracuda: barracudacentral.org/rbl/removal-request
• SpamCop: auto-delists in 24h if no new complaints.
• SORBS: requires email to spamdb.sorbs.net — replies can be slow.

Re-check with the RBL Blacklist Checker after delisting requests propagate (typically 12-24h).