IP blacklist removal

What is a Blacklist?

Simply put, a blacklist is a list of IP addresses that have been involved in malicious activity, such as sending spam, emails that contain viruses, etc.

There are two types of blacklists: internal and external.

Internal is usually a blacklist owned by a mailbox provider. For example, an IP could get on a Gmail’s or Yahoo’s blacklist.

External is a blacklist owned by a third party. Mailbox providers may use services of an external blacklist, and to delist, one would need to contact a third party, rather than a mailbox provider, who uses this blacklist.

Each blacklist uses its own criteria for listing the IP addresses of email spammers. Those criteria can include a variety of factors: technical, policy, and evidence-based.

  • Technical listings occur mostly because of mail server configuration issues (missing or incorrect reverse DNS records, missing or incorrect banner greetings, and mail servers operating within a suspicious range of IP addresses).
  • Policy listings happen because the receiving server does not wish to receive emails from certain countries, or ISPs, that have a history of not handling “unsubscribe” requests.
  • Evidence-based listings are those where the server has received direct (or indirect) evidence that the sending IP address has been involved in sending unsolicited emails.

Mailbox providers tend to protect their users from spam and choose which of the blacklists they use. To determine whether or not an incoming email is spam, mailbox providers look at various characteristics of the email including the IP address the email is sent from.

If the IP address from which the email was sent is on an IP blacklist that a mailbox provider uses, the mailbox provider might filter the email as spam, bounce the email, or drop it entirely.

To understand whether or not your IP is blacklisted it is recommended to run an IP blacklist check or use GlockApps IP Uptime Monitoring. The latter will check your IP against dozens of largest blacklists at regular intervals automatically, so you would always be aware of your IP being blacklisted. You will see where your IP is listed and receive direct links to the blacklists’ websites where you can find more information about your IP listing and the de-listing process.

IP blacklist removal with GlockApps IP Uptime Monitoring

IP blacklist removal has 4 basic stages:

  • Discovery. First you need to find out if your IP is blacklisted. To do so you can monitor listings directly, or use abovementioned Uptime Monitor to do it automatically. You should also pay attention to notifications you receive – complaints from customers, spam, low deliverability levels, etc.
  • Blacklist evaluation. The level of impact on your email deliverability can differ depending on the specific blacklist your IP is on. Some may not affect your email-sending ability, while others could block your emails entirely.
  • Taking action. After you find out what blacklist you are on, it is time to decide whether you need to take action, and if so, what it would be. Most of the time you can find the exact action plan on the blacklist’s website. But remember to be polite, professional, and show you are interested in resolving the issue.
  • Communicating solving the problem. After you’ve completed all the steps towards solving the issue you should contact the blacklist admin and let them know that you have dealt with the problem that caused your IP address blacklisted. Depending on the blacklist, de-listing could be manual or automatic after a certain period of time.

Now let’s look at each of these steps more closely.

Is It Necessary to De-List if I Have Blacklisted IP?

All blacklists are not created equal:

  • Real-time blacklists may include your IP and it can actually pop up in and out of a blacklist and don’t necessarily stay on it.
  • Major blacklists, for example, Spamhaus, are notoriously difficult to delist from. A Spamhaus listing is likely to result in mail being blocked, while a listing on SORBS, UCEPROTECT, or SpamCannibal might not have much impact on your deliverability.

Large mailbox providers typically use big blacklists like Spamhaus, whereas smaller mailbox providers typically use small local blacklists which may not impact your email deliverability in any way.

And a service that asks you to pay for delisting or does not accept delist requests is unlikely to be used by major mailbox providers.

With that said, a few questions you want to answer:

  1. How bad of a blacklist you’re on?
  2. Whether or not you’re constantly on it or if you’re popping in and out of it.
  3. Whether or not you have deliverability problems because of the blacklisted IP.

How to Know If Blacklisted IP Affects Deliverability?

If your sending is impacted by the blacklisted IP address, you will most likely receive a bounce notification that contains a message indicating that your email was rejected because of a listing on a blacklist.

In most cases, the bounce message includes the name or URL of the blacklist. An example of this type of message is

“Message rejected due to IP [] listed on RBL [X]”

If you do not see this type of message in your bounce notifications, it is unlikely that a blacklist is impacting your deliverability.

What to Do If Your Sending IP Address is Blacklisted?

There are two scenarios that involve different actions from your part:

#1. You are sending via email service provider or SMTP relay service.

Email service providers like MailChimp and SMTP relay services like Amazon SES use a pool of IP addresses they send emails from. They are aware that portions of their IP address space are sometimes listed on blacklists like SORBS and UCEPROTECT.

They carefully and continually monitor the reputation of their IP address space and work closely with mailbox providers and blacklist operators to identify and resolve the listings.

That being said, you should leave the resolution of the IP blacklisting issue to the ESP or SMTP relay service that you use.
However, if you don’t want your deliverability to be affected by other senders sharing the IPs with you, you can ask for a dedicated IP address from your ESP or SMTP relay service. Thus, you will be able to build your own sender reputation for that IP.

Read also: Dedicated vs Shared IPs: Which Should You Choose for Better Deliverability

#2. You are sending via your SMTP server.

As we said above, at first, you should see how serious a blacklist you’re listed on and whether or not your deliverability problems result from the IP blacklisting issue.

If the IP address is blacklisted on a small blacklist and does not impact your deliverability, you can disregard this listing.

If the blacklist is one of the major ones and causes serious problems, you should seriously consider a blacklist removal.

Run an IP blacklist check or visit the blacklist’s website and do a lookup on your IP address. Most blacklist databases will provide general listing reasons, but they don’t list email addresses tied to blacklisted IP addresses.

After you find out why your IP address is blacklisted, take steps to resolve the issues as prescribed by the blacklist. For example, they may ask you to correct both forward and reverse DNS records, as well as SMTP banners to ensure your network and mail server are configured correctly. You may want to work with someone who is technically savvy to help you if you don’t have enough knowledge on IP blacklist removal.

Plus, you can scan all your network computers for viruses, install needed updates and fixes for your operating system, configure routers more securely, and establish stronger passwords.

Below is a diagram that shows the logic of the delisting process:

A diagram that shows the IP blacklist removal process

A diagram that shows the IP blacklist removal process.

If you think you have fixed the issues on your end, go back to the blacklist’s site and follow their IP address removal instructions. There are blacklists with a self-removal service and time-based removal service.

  • Self-Removal. It lets you take your IP address off the blacklist without much trouble. But your IP address gets listed again, it won’t be easy to get it removed the next time.
  • Time-Based Removal. It is a built-in, automatic process that removes lower-level listings (IP addresses that are light offenders) within a week or two. But if the IP address had sent spam more than once or did a high volume, the time period would be longer.

While trying to be removed from a blacklist, follow the rules and cooperate. If you are truly innocent of any deliberate wrongdoing or if you made an honest mistake, let them know. The more open and honest you are, the simpler it may be to have your IP address off the blacklist. You should be able to resolve any blacklist issues online. If not, and the blacklisting is troublesome for you, consider contacting the list maintainer by phone and try to resolve the issue that way.

The Bottom Line

Spam is a serious problem. The purpose of blacklists is to reduce spam on email platforms for customers.

If you find you have a blacklisted IP or domain, reach out to each DNSBL service that lists you and ask them to remove your entries. Some of them will automatically retract your entry after some buffer period following the end of the spam campaigns that used them, others will not.

If you made a mistake, were blacklisted, and then delisted, don’t make the same mistake again. You likely won’t be forgiven the second time.

GlockApps Spam Testing

GlockApps Spam Testing

Is your email server blacklisted?

Run your subject lines and email’s content through the GlockApps Email Spam Tester to ensure your emails get to the inbox of your subscribers. Get your email scanned by every major spam filter and blacklist before you send.