What Is a DNS Blacklist? (And How to Get Off One)

Last updated: June 10, 2026

If your email suddenly stops reaching recipients, a DNS blacklist is one of the usual suspects. The standard advice is to check 80+ lists with a generic monitoring tool. You find the one that flagged you, then request removal. That advice is mostly wrong in 2026. Many of those 80+ lists do not matter. Some have been dead for over a year. Gmail does not use any of them the way most articles imply.

This guide covers what a DNS blacklist actually is and which six lists are worth monitoring in 2026. It walks through the universal delisting playbook and the per-list procedures for the ones that matter. The differentiator is the SORBS-death reality check and the Gmail reputation nuance most other articles skip.

What a DNS Blacklist Actually Is

A DNS blacklist (DNSBL) is a real-time queryable database of flagged IP addresses or domains. It targets sources of spam, malware, or abuse. Receiving mail servers query DNSBLs during SMTP transactions. If your sending IP is listed, your mail gets rejected or filtered into spam.

The format is deceptively simple. A DNSBL is published as a DNS zone. Each listing is a DNS record. A receiving mail server queries the zone using a reversed IP notation. If the query returns a record, the IP is listed. If not, it is clean.

The original DNSBL concept was developed in the late 1990s by Paul Vixie, Eric Ziegast, and Dave Rand at Abovenet. The Real-time Blackhole List (RBL) they created became the template for every DNSBL since. RBL and DNSBL are often used interchangeably, though “DNSBL” is the more accurate term.

The terminology has shifted slightly in recent years. Many operators now prefer “blocklist” or “blocking list” to avoid loaded language. The underlying technology is identical. This guide uses “blacklist” because that is still the search term most users type.

How DNSBLs Work in Email Filtering

When a mail server receives a connection, it queries one or more DNSBL zones. The DNSBL returns a positive result if the sender’s IP is listed. The receiving server uses that result to reject or filter the message.

The query mechanism uses DNS itself. To check the IP 192.0.2.10 against zen.spamhaus.org, the server reverses the octets. The reversed octets are prepended to the DNSBL zone name. The query becomes 10.2.0.192.zen.spamhaus.org. If that hostname resolves, the IP is listed.

The response itself encodes the listing type. Spamhaus ZEN returns specific 127.0.0.x addresses depending on which sub-list flagged the IP. 127.0.0.2 means SBL. 127.0.0.4 means XBL. 127.0.0.10 means PBL. The receiving server can apply different policies based on the result.

Most modern mail servers query multiple DNSBLs in parallel for every inbound message. Postfix, Sendmail, Exim, and most commercial mail filters support DNSBL queries natively. The lookup adds only a few milliseconds because DNS responses are typically cached.

The DNSBL Landscape in 2026 (With Notes on SORBS)

The DNSBL universe has consolidated dramatically over the past decade. Many lists are operated by single individuals with no ongoing maintenance. Others have small subscriber bases that do not include any major mailbox provider. Getting listed on most of them has no practical effect on deliverability.

The Six DNSBLs Worth Monitoring

List	Operator	What it covers	Why it matters
Spamhaus ZEN	The Spamhaus Project	Combined SBL + XBL + PBL + CSS	Used by Yahoo, Outlook, Microsoft 365, Comcast, and most enterprise filters. The most consequential single list.
Barracuda BRBL	Barracuda Networks	Confirmed spam sources	Used by Barracuda spam-filtering appliances. Common in mid-market enterprises.
SpamCop SCBL	Cisco (after IronPort acquisition)	User-reported spam sources	Crowd-sourced, fast-moving. Often the first list to flag emerging issues.
Spamhaus DBL	The Spamhaus Project	Domain Block List (not IP)	The canonical domain-level blacklist. Check this for sending-domain reputation.
Mailspike	Mailspike Networks	Reputation-based scoring	Used by some smaller European providers. Useful complementary signal.
Cisco Talos	Cisco	Reputation system (not a true DNSBL)	Used by Cisco Secure Email and IronPort appliances. Reputation, not binary list.

Spamhaus ZEN Composition

ZEN aggregates four free Spamhaus blocklists into a single queryable zone:

• SBL (Spamhaus Block List): Manually curated by Spamhaus analysts. Lists IPs verified as actively sending spam. Highest-severity listings.
• XBL (Exploits Block List): Compromised hosts including botnets and open proxies. Generated automatically from abuse feeds. Auto-removed when the host is clean.
• PBL (Policy Block List): Residential and dynamic IPs that should not send mail directly. Legitimate authenticated mail servers can request removal.
• CSS (Combined Spam Sources): Snowshoe-spam operations spreading volume across many IPs. Formerly known as CBL.

The DROP list is separate from ZEN. It flags entire IP blocks and ASNs tied to large-scale cybercrime. Spamhaus merged the former eDROP list into DROP on April 10, 2024. Major networks consult DROP, but it is queried independently of ZEN.

Why Most Other Lists Do Not Matter

Tools that check 82 or more DNSBLs cast a deliberately wide net. The wide net is marketing. The deliverability impact is negligible. Common low-signal listings include defunct lists like SORBS and hobby lists with under 1,000 subscribers. Policy lists like UCEPROTECT L3 also rank as noise because no major mailbox provider consults them. UCEPROTECT in particular operates a controversial tiered system. L1 lists individual IPs. L2 lists entire IP blocks. L3 lists entire autonomous systems. Google, Microsoft, and Yahoo do not consult L2 or L3 lists. UCEPROTECT also offers paid express delisting at around 10 euros per IP. Deliverability practitioners widely criticize this option as a pay-to-remove incentive.

How to Check If You’re Blacklisted

Use a multi-list checker that queries the lists that actually matter. NetworkCheckr’s IP Blacklist Check tool queries the major DNSBLs in a single query and returns per-list results. Avoid tools that check 80 or more lists because most return phantom data.

The fastest path is a dedicated checker tool. NetworkCheckr’s IP Blacklist Check queries Spamhaus ZEN, Barracuda BRBL, SpamCop SCBL, Spamhaus DBL, Mailspike, and Cisco Talos in parallel. Each result includes a direct delisting link. The tool runs in your browser. No signup. No ads.

You can also query DNSBLs manually with dig or nslookup. To check 192.0.2.10 against Spamhaus ZEN:

dig +short 10.2.0.192.zen.spamhaus.org

If the command returns a 127.0.0.x address, the IP is listed. The specific final octet identifies which sub-list flagged it. If the command returns no output, the IP is clean on ZEN.

Some monitoring services offer continuous checks with alerting. The free tier of MXToolbox and similar services suffices for most senders. Paid platforms like Glock Apps add inbox-placement testing alongside blacklist monitoring. For a small organization, manual weekly checks plus alerts from your sending platform usually catch issues quickly enough.

How to Get Delisted: The Universal Playbook

Five steps work for nearly every DNSBL. Identify which list flagged you. Diagnose the root cause. Fix the underlying problem. Submit a delisting request. Monitor reports after delisting to confirm the fix held. Skipping the diagnosis step is the most common mistake.

1. Identify the list. Use the IP Blacklist Check to see exactly which DNSBL flagged your IP. Note the specific listing details. Spamhaus listings include a reference number you will need later.
2. Diagnose the root cause. Listings happen for specific reasons. Compromised accounts. Misconfigured authentication. Sending to bad lists. Open relays. Find the actual cause before requesting removal. The DNSBL operator’s listing page often states the trigger.
3. Fix the underlying problem. Change compromised passwords. Configure SPF, DKIM, and DMARC. Close open relays. Remove bad addresses from your sending list. If you skip this step, you will be relisted within days.
4. Submit the delisting request. Each DNSBL has its own procedure. Spamhaus uses online removal forms. Barracuda uses a form at Barracuda Central. SpamCop typically auto-delists. UCEPROTECT auto-expires after seven days. Per-list procedures are in the next section.
5. Monitor for relisting. Check the same DNSBLs daily for the first week after delisting. If you get relisted, the root-cause fix was incomplete or the underlying problem is still happening.

Step 3 is where most delisting attempts fail. Filing a removal request without fixing the underlying cause almost always results in a faster relisting. Many operators add additional friction for repeat listings, including longer review queues and higher evidence requirements.

Per-Blacklist Delisting Procedures

Each major DNSBL has its own delisting procedure. Spamhaus uses online removal forms with timeframes from minutes (PBL) to 72 hours (SBL). Barracuda processes requests in 12 to 24 hours. SpamCop auto-delists after 24 hours of no new reports. UCEPROTECT auto-expires after seven days.

Spamhaus (SBL, XBL, PBL)

Spamhaus delisting goes through the Spamhaus IP and Domain Reputation Checker, accessible at check.spamhaus.org. Look up your IP. The Checker reports which sub-list flagged you and provides the appropriate removal form.

• SBL: Manual review. Provide your identity, the listing reference number, a clear explanation of the cause, and detailed remediation steps. Spamhaus analysts verify the fix before approving. Timeframe: 24 to 72 hours.
• XBL: Automated. Once your host is no longer compromised, the system removes the entry within hours. Use the lookup tool to verify clean status.
• PBL: Self-service. Submit your IP, a contact email, and confirmation that you operate a properly configured mail server. Timeframe: minutes to one hour.

Barracuda BRBL

The removal form is at barracudacentral.org/rbl/removal-request. Required fields include the listed IP and a contact email (preferably postmaster or abuse address). Also required: an optional phone number and a concise description of the cause plus corrective actions. Most requests are processed in 12 to 24 hours.

SpamCop SCBL

SpamCop operates on an auto-expiry model. Listings last at least 12 hours. If no new spam reports arrive for 24 hours, the listing auto-expires. There is no formal delisting form for routine cases. If you believe the listing is erroneous, register at SpamCop and submit a review request. Include evidence such as opt-in records.

UCEPROTECT

L1 listings auto-expire after approximately seven days of clean activity. Free express delisting is not offered, but a paid option at around 10 euros per IP exists. The paid option is widely criticized. L2 and L3 listings can only be resolved by the hosting provider or autonomous system operator. End users cannot remove L2 or L3 listings directly. Most major mailbox providers do not consult L2 or L3 lists. The practical impact is often smaller than the panic these listings generate.

Why Gmail and Outlook Don’t Block Like You Think

Gmail does not query external DNSBLs at the SMTP layer. Outlook uses Spamhaus and Microsoft’s internal SNDS reputation. If your mail is failing only at Gmail, the DNSBLs are not your problem. Check Google Postmaster Tools instead.

The Big Three mailbox providers handle reputation differently from each other. Understanding the differences saves hours of misdirected debugging.

Gmail

Gmail operates its own internal reputation system. The system uses spam-trap hits, user complaint rates, authentication compliance, and engagement signals like reply rates and open behavior. External DNSBLs are not part of the Gmail filtering decision at the SMTP layer. Industry deliverability researcher Al Iverson confirmed this directly in extensive research published on Spam Resource.

The practical implication is that being listed on Spamhaus does not directly cause Gmail to reject your mail. Your Spamhaus listing might correlate with the same bad behavior that damages your Gmail reputation. The two are independent systems. To see what Gmail thinks of you, add your sending domain to Google Postmaster Tools at postmaster.google.com.

Outlook and Microsoft 365

Outlook does consult Spamhaus and a few other major DNSBLs. Outlook also relies heavily on Microsoft’s internal Smart Network Data Services (SNDS), accessible at sendersupport.microsoft.com/snds. SNDS shows what Microsoft sees about your sending IP, including spam complaint rates and trap hits.

If you have Outlook delivery issues, check both Spamhaus and SNDS. If SNDS shows healthy data but Outlook still rejects, the issue may be specific to one of Microsoft’s secondary filters. Microsoft’s sender support team can investigate.

Yahoo and Other Providers

Yahoo Mail and AOL (now owned by the same parent) rely heavily on Spamhaus ZEN. Comcast does too. Most enterprise mail filters use Spamhaus by default. If you are listed on ZEN, expect failures at these providers until you delist.

Staying Off the List Permanently

Most repeat listings come from the same root cause that triggered the first one. Fix the underlying issue before requesting delisting. Configure SPF, DKIM, and DMARC correctly. Monitor your sending IP reputation weekly. Keep complaint rates below 0.1 percent.

Long-term DNSBL hygiene is mostly about sending discipline. The technical setup matters but is secondary to behavior.

• Configure authentication. SPF, DKIM, and DMARC are now table stakes. Missing or misconfigured authentication is the most common trigger for reputation drops that lead to DNSBL listings.
• Maintain a correct PTR record. Your sending IP must have a reverse DNS record that resolves back to itself. Many filters and DNSBLs penalize missing or generic PTR records.
• Keep complaint rates below 0.1 percent. Gmail, Outlook, and Yahoo all use complaint rate as a primary signal. Above 0.3 percent triggers immediate reputation damage.
• Clean your sending lists. Hard bounces above 2 percent trigger reputation systems. Run regular list-hygiene passes. Remove invalid addresses, role accounts, and abandoned inboxes.
• Never send to purchased lists. Purchased lists guarantee spam-trap hits. A single trap hit can trigger SBL listing within hours.
• Monitor weekly. Use the IP Blacklist Check tool or a continuous monitoring service. Catch listings early before they affect inbox placement at scale.
• Lock down accounts. Compromised accounts sending spam is the single most common cause of XBL listings. Use strong passwords. Require multi-factor authentication. Patch your mail server promptly.

For a fuller picture of sender reputation, see our two companion guides. The first explains SPF, DKIM, and DMARC conceptually. The second covers how to set them up without breaking email step by step.

Related Tools & Resources

NetworkCheckr offers three tools that pair with this guide. The IP Blacklist Check queries the major DNSBLs in one shot. The Email Auth Checker validates SPF, DKIM, and DMARC. The Reverse DNS Lookup confirms your PTR record is configured correctly.

• IP Blacklist Check — query the six DNSBLs that actually matter in 2026.
• Email Auth Checker — validate SPF, DKIM, and DMARC for any domain.
• Reverse DNS Lookup — verify your sending IP’s PTR record.
• SPF Record Lookup — check your SPF record and DNS-lookup count.
• SPF, DKIM, and DMARC Explained — the underlying authentication concepts.
• How to Set Up SPF and DMARC Without Breaking Email — practical authentication rollout guide.
• All NetworkCheckr Tools — the full set of free networking utilities.

Frequently Asked Questions

Six questions cover the practical edge cases. Whether to monitor every DNSBL or only the ones that matter. How long delisting takes. What to do if SORBS still shows up in monitoring. Whether Gmail uses external DNSBLs. The difference between IP and domain blacklists. And what causes most listings.