> IP BLACKLIST CHECKER_

[ Check spam / malware / abuse blacklists | Real-time DNSBL lookup ]

Target IP

// IPv4 only. Leave blank to check your own IP.

Summary

Lists Checked
Listed
Clean
// Run a check to see your verdict

Blacklist Results

// Enter an IP and click CHECK BLACKLISTS

// What These Lists Mean

Spamhaus ZEN: Combined spam / malware / policy list. Most important for email deliverability. Subzones: SBL (spam sources), XBL (exploited IPs), PBL (policy).

SORBS: Spam and Open Relay Blocking System. Checks for spam senders, open relays, and dynamic/residential ranges.

Barracuda BRBL: Barracuda Networks' reputation list used by major email gateways.

PBL (Policy Block List): Being on PBL only affects outgoing email, not web browsing. Most home internet connections are on PBL by design.

VPN Detection → IP Lookup → How We Test →

// FAQ

What does it mean if my IP is blacklisted?
A blacklisted IP may have issues sending email or accessing certain services. Being on Spamhaus PBL is normal for residential IPs and only affects outgoing email. Being on XBL or CBL indicates the IP was associated with botnet or malware activity and may impact deliverability significantly.
Does blacklisting affect my web browsing or gaming?
No. Most DNSBL lists only affect email servers. Web browsing, video streaming, online gaming, and all other internet activities are completely unaffected by spam blacklist listings.
Why is my home IP on the PBL (Policy Block List)?
PBL lists all residential broadband IP ranges globally. This is normal and intentional — it prevents residential IPs from connecting directly to mail servers, which is how most spam campaigns operate. Being on PBL does not indicate any wrongdoing on your part.
How do I get my IP removed from a blacklist?
Visit the specific blacklist's delisting page. For Spamhaus, go to check.spamhaus.org. PBL delistings are instant for static IPs. For ZEN/XBL listings, you must first remove the malware or secure any infected devices on your network, then request delisting. Most delistings take 24–48 hours.
How do DNSBL checks work technically?
DNSBL queries reverse the IP octets and append the blocklist domain. For example, to check 1.2.3.4 against zen.spamhaus.org, the tool resolves 4.3.2.1.zen.spamhaus.org. An A record response means the IP is listed; NXDOMAIN means it\'s clean. Different 127.x.x.x return codes identify the specific sub-list.
How long does it take to get delisted after fixing the issue?
It depends on the list. Spamhaus PBL delistings are near-instant. XBL/CBL listings are automatically removed once the IP stops exhibiting malicious behavior (usually within 24–72 hours after cleaning infected devices). Manual delisting requests are reviewed within 1–2 business days on most lists.
IP Geolocation Accuracy → Hide My IP →

What Is an IP Blacklist?

An IP blacklist (also called a DNSBL — DNS-based Blocklist) is a real-time database of IP addresses associated with spam, malware distribution, botnet activity, open proxies, or policy violations. Email servers, firewalls, and security services query these lists to decide whether to accept or block traffic from a given IP.

There are hundreds of DNSBLs maintained by security organizations like Spamhaus, SORBS, Barracuda Networks, and Project Honey Pot. Each list focuses on different threat categories. An IP can appear on one list without being on others — each listing has different severity implications.

Types of IP Blacklists

1. Spam Source Lists (SBL, SORBS SPAM)

These lists track IPs confirmed to have sent spam email. Being listed here significantly impacts email deliverability. Major ISPs and email providers like Gmail, Outlook, and Yahoo check these lists before accepting incoming email. If your mail server IP is on SBL, your outgoing email will likely be rejected or land in spam folders.

2. Exploit / Botnet Lists (XBL, CBL)

The Exploits Block List (XBL) and Composite Blocking List (CBL) track IPs that have been observed sending spam via exploited systems — compromised computers, poorly secured email servers, or open proxies. If your IP appears here, it's a strong indicator that a device on your network has been infected with malware or used as part of a botnet.

Steps to resolve an XBL/CBL listing:

  1. Scan all devices on your network with reputable antivirus software
  2. Check your router for unauthorized port forwarding rules
  3. Change all router and device passwords
  4. Contact your ISP if you share a network address with others
  5. Once clean, request delisting at check.spamhaus.org

3. Policy Block Lists (PBL)

The Spamhaus PBL is the most commonly encountered listing for home internet users and is not a sign of malicious activity. PBL lists IP ranges that ISPs have designated as "not authorized to send email directly to internet mail servers." This includes virtually all residential broadband IP ranges globally. Being on PBL means your ISP's legitimate email server should handle outgoing email — not your IP directly. Web browsing, streaming, gaming, and all other internet activities are completely unaffected.

4. Tor Exit Node Lists

These lists track IPs operated as Tor exit nodes. Some websites and services block Tor traffic to prevent anonymous access or abuse. If your IP appears on a Tor exit list but you're not running a Tor relay, it's possible your IP was previously assigned to a Tor operator and your ISP has since reassigned it to you. The listing typically ages out within 1–2 days of the IP going offline as a relay.

5. Open Proxy / Relay Lists

These lists track IPs that are configured as open proxies or open SMTP relays — services that allow any third party to route traffic through them without authentication. Open relays are frequently abused for spam. If your server appears here, ensure your SMTP server requires authentication and is not configured to relay email for unauthenticated senders.

How DNSBL Queries Work

DNSBL queries use a clever trick with the DNS system. To check whether IP 203.0.113.42 is on Spamhaus ZEN (zen.spamhaus.org), the query reverses the IP octets and appends the DNSBL domain:

Query: 42.113.0.203.zen.spamhaus.org
Listed  → Returns: 127.0.0.2 (or similar 127.x.x.x address)
Clean   → Returns: NXDOMAIN (no DNS record)

The specific 127.x.x.x return code identifies which sub-list the IP is on. For example, Spamhaus returns 127.0.0.2 for SBL, 127.0.0.4127.0.0.7 for XBL, and 127.0.0.10127.0.0.11 for PBL.

How to Get Delisted

Each blacklist has its own delisting process. Here's a quick guide for the most important ones:

Preventing Future Blacklistings

For email server operators, these practices dramatically reduce blacklisting risk: