The top Email Blacklists every sender must know

With over 300 publicly available blacklists, it’s no wonder good...

Posted by Thunder SMTP on April 27, 2018, 0 Comments

With over 300 public email blacklists, it's not a secret that the good senders keep close eyes on their IP and domains rating. The public blacklists are created by large companies or small independant netwroks. Some don't have huge impact on deliverability but other does. The mailbox providers don't leverage inbox placement on every blacklists. In most cases they combine data from various public blacklists, as well as data from their own network, to determing your reputation as a sender. 

Many email marketers often associate blocking with being blacklisted, still it's important to know that the blacklist providers are not the ones blocking your email traffic - it's the mailbox provider leveraging your blacklist status that blocks your mail. If you are already in a block, focus on the potential causes for the listing. Blacklist is most often caused by poor list quality and SPAM complaints, so best is to avoid using scraped or purchased lists. 

The blacklist types are two: 

  1. IP-Based - Real-time Blacklists (RBL) and Domain Name Server Blacklists (DNSBL) are lists of IP addresses whose reputation status changes in real-time. The mailbox providers check these blacklists to see is the sending server managed by a sender who allows others to connect and send emails from their platform (called open-relays). They also check for known spammers or mailbox providers that allow legit spammers to use their system. Here's a list of the common RBL/DNSBLs: 
    • Sbl.spamhaus.org (SBL): The Spamhaus block list (SBL) is a database of IP's from which Spamhaus recommends providers to block traffic. Their database include IP addresses of SPAM sources, known spammers, spam gangs, SPAM operations and SPAM support services. To request delisting from the SBL you have to develop and execute action plan to fix the problem that caused the listing.
    • Xbl.spamhaus.org (XBL): The Exploits Bot List (XBL) is a list of known open proxies and illegal 3rd party exploits used to send SPAM and viruses. It includes information collected by Spamhaus and contributing DNSBL operations, such are the Composite Blocking List (CBL).
    • Cbl.abuseat.org (CBL): The Spamhaus Composite Blocking List (CBL) is a Domain Name System (DNS)-based blacklist of email services suspected of sending spam as a result of a virus or malware infection. The CBL gets its data from large Simple Mail Transfer Protocol (SMTP) mail server installations, most of which are large spam traps. The CBL offers an easy self-removal option here.
    • SpamCop (SCBL): The SCBL is a spam reporting service that allows recipients of unsolicited bulk email (UBE) and unsolicited commercial email (UCE) to report the IP addresses of spammers. It uses the information to maintain the SpamCop Blocking List (SCBL). The SpamCop reporting tool cannot determine if email reported by users is or is not spam; it can only parse and report email which users give it. SpamCop users can and do make mistakes. Delisting is automatic after 24 hours if spam reports stop.
    • Psbl.surriel.com: The Passive Spam Block List (PSBL) lists IP addresses when they send email to a spam trap, the message cannot be identified as non-spam, and the IP address is not a known mail server. They do encourage whitelisting to stay off their list.
    • Ubl.unsubscore.com: Lashback’s UBL is a real-time blacklist of IP addresses that sends email to names harvested from suppression files.
    • Invaluement: The Invaluement Anti-Spam DNSBL is a compilation of three commercial anti-spam blacklists:
      • ivmURI: domains mostly owned by spammers
      • ivmSIP: spammy IP addresses either overlooked or not yet listed by Spamhaus, from botnets, elusive snowshoe spammers or black-hat mailbox providers. A black hat sender is a company that sends email to recipients who have not given permission to senders to send to them.
      • ivmSIP/24: IP address ranges or subnets where spam-sending patterns have been detected
  2. Domain Based - URI Real-time Blacklists (URI DNSBL) are lists of domain names that contained within the email body.

    This blacklist will look for the URLs within the body of the email to see if it contains a domain identified as a source of spam. The most commonly used URI DNSBLs include:

    • Dbl.spamhaus.org: The Spamhaus DBL is a real-time database of domains found in spam messages. These domains are typically website domains, which include spam domains, sources, and senders, known spammers and gangs, and phishing, virus, and malware-related sites.
    • URIBL: The URIBL is a list of domains they identified as being used in spam email. While they have several public lists, the most common list that can result in delivery issues is the black.uribl.com which has a goal of zero false positives. The list updates frequently as new data is received, so delisting can occur automatically. The domain owner may also request removal once registered with the URIBL.
    • SURBL: SURBL is a list of website domains that have appeared in unsolicited messages. The domain owner may request removal by conducting an initial lookup and following removal instructions here.

As a good sender your reaction should be to request delisting immediately. Note that this might harm more then help if a sender continuously requests removal without making the necessary changes. There is a risk of having all further requests automatically rejected.