Email List Hygiene

Blacklist Basics: The Top Email Blacklists You Need to Know

minute read

Return Path recently released our “Ultimate Guide” to blacklists. This guide helps marketers understand the blacklist landscape, their impact and how to evaluate the potential risk to your email program. Since some of this information may be new to you, let’s take a step back and discuss the different types of blacklists we highlight in this guide.

There are over 300 publicly available spam blacklists that range from the well known and more widely used lists created by credible companies to independent blacklists. Not all of these blacklists are created equal when it comes to the impact they have on your deliverability; in fact, anyone can start a blacklist and decide what factors will result in being listed. As a result, the Mailbox Providers and filtering companies have to identify which blacklists will actually help them stop spam from reaching their customers. They will often incorporate a combination of public blacklist data as well as their own private internal blacklist into their proprietary filtering rules or “secret sauce” to help determine whether to accept or reject email.

It’s important to understand that the public blacklist provider isn’t blocking your mail; the Mailbox Provider utilizing that list as part of their filtering is. While some blacklists do have a greater impact, your being blacklisted is only part of the reason behind why you’re being blocked. You need to get to the root cause of why you were blacklisted in the first place to help you change your ways. The most common reasons behind being listed are poor data quality and high complaints.

There are two main types of public blacklists: IP Based and Domain Based.

IP Based: Real-time Black Lists (RBL) and Domain Name Server Black Lists (DNSBL) are lists of IP addresses that can be queried in real-time. Mailbox Providers use these to identify if the IP address of the sending server belongs to a sender that allows other servers to connect and send from their system (open-relays), are known spammers or an ISP that allows spammers to use their infrastructure. Some of the more common and widely used RBL/DNSBLs include:

  • Return Path Reputation Network Blacklist (RNBL): The RNBL is a real-time list of senders that have been categorized as the “worst of the worst” by the reputation network. It uses a predictive model that analyses more than 600 variables to score IPs in real time by incorporating volume, spam trap and complaint sources.
  • Sbl.spamhaus.org  (SBL): The Spamhaus Block List (SBL) is the most common Spamhaus blacklist. It managed by volunteer editors who look for senders that hit their spam trap networks and manually list senders that look abusive. As a trusted blacklist in the industry, an SBL listing can have a very negative impact on your deliverability. Getting delisted from the SBL will require you to develop and execute an action plan to rectify the problem that caused the listing.
  • Xbl.spamhaus.org (XBL): The Exploits Bot List (XBL) includes the IPs of servers that are known to have security problems such as open proxies or are sending executable viruses. Most IPs are listed as a result of sending spam or viruses to Spamhaus spam traps. If listed, your system is likely compromised and you need to take action to secure your system. The XBL incorporates the CBL blacklist as well as other lists of spam sources related to compromised systems.
  • Cbl.abuseat.org (CBL): The Spamhaus Composite Blocking List (CBL) only lists IPs that exhibit behavior indicating it is an open proxy being used for sending spam or a virus. The CBL offers an easy self-removal option here.
  • SpamCop (SCBL): The SCBL includes a list of IP addresses which have sent reported spam to SpamCop users. The length of time an IP is listed varies depending on how many spam reports are received. Delisting is automatic after 24 hours if spam reports stop.
  • Psbl.surriel.com:  The Passive Spam Block List (PSBL) is a list of IPs that have sent email to their spam traps and the IP is not a known mail server. They do encourage whitelisting to stay off their list.
  • Ubl.unsubscore.com: Lashback’s UBL lists IPs of senders that are sending email to addresses that have been harvested from suppression lists.
  • Invaluement: The Invaluement Anti-Spam DNSBL consists of three separate lists: ivmSIP which includes IPs that only send spam,  imvSIP/24 is similar to the imvSIP except it will list an entire block of IPs and ivmURI which is their domain based blacklist. While other blacklists use spam traps to identify IPs for listing, Invaluement targets spam sent to real users as well as snowshoe spam.

Domain Based: URI Real-time Blacklists (URI DNSBL) are lists of domain names that appear within the email body. This blacklist will look for the URLs within the body of the email to see if it contains a domain that has been identified as a source of spam. These blacklists will not only look at the initial link, but those it redirects to as well to see if they contain the spammy domains. The most commonly used URI DNSBLs include:

  • Dbl.spamhaus.org: The Spamhaus DBL is a real-time blacklist that includes domains found in spam messages. Maintained by both an automated system and global team members, listings automatically expire when the domain no longer meets the proprietary criteria and appear in spam email.
  • URIBL: The URIBL is a list of domains they have identified as being used in spam email. While they have several public lists, the most common list that can result in delivery issues is the black.uribl.com which has a goal of zero false positives. The list updates frequently as new data is received, so delisting can occur automatically. The domain owner may also request removal once registered with the uribl.
  • SURBL: SURBL is a list of web site domains that have appeared in unsolicited messages. The domain owner may request removal by conducting an initial lookup and following removal instructions here.

If you’re ever listed on a blacklist the immediate reaction is to get delisted immediately. While several blacklists do have self-removal sites, it is very important to ensure you resolve the problem that caused you to be blacklisted before submitting a delisting request. Failure to do so will result in your being listed again and over time your requests can be rejected. Get to the root cause of the listing, fix the issue and avoid the vicious cycle. Looking for more information? Check out our recent Blacklist webinar here!