A little more analysis, a little more insight… Exploring email marketing better

Remove Your IP From Spamhaus Blocklist : A Complete Guide

If you’re reading this, chances are you’ve had some trouble with the Spamhaus anti-spam blocklist. Maybe you’ve already been blocklisted. Or maybe you have a feeling you’ll be blocklisted soon. 

The answer to ‘how do I fix Spamhaus blocklist and get removed’ depends on what brought you to the list in the first place. (If you are looking to understand the basics of Spamhaus, we’d highly recommend the blog what is Spamhaus and how it works).

First, we’ll clarify who is responsible for Spamhaus compliance. Then we’ll look at why you need to know what blocklist you’re on, before you can do anything. Next, we’ll describe the 5-step process you need to follow if Spamhaus has blocklisted you. Finally, we’ll examine what kind of responses Spamhaus might send you.

Who is responsible for blocklisting

It’s important to know who is responsible for complying with the Spamhaus SBL policy. That’s because Spamhaus generally won’t communicate with you directly before you are blocklisted. Neither is there a grace period before you are blocklisted. 

As a result, blocklisting can seem abrupt, especially if you have not followed best practices or monitored performance. 

Here are the three parties that could be responsible for compliance:

  • The sender: Who is sending the bulk emails?
  • The promoter: What website is promoted in the bulk emails?
  • The support service: Who is providing the infrastructure and support services for sending bulk emails?

Remember, Spamhaus does not examine the email contents to decide if you are in violation of its policies. The very fact that you are sending unsolicited bulk email (UBE) makes you non-compliant. In other words, sending unsolicited bulk email  is enough for you to be blocklisted.

You may be the email service provider, the infrastructure provider, the advertiser, … doesn’t matter. If the emails are not compliant, Spamhaus will consider you a spammer. 

Prefer to first watch a Slideshare presentation on getting delisted from Spamhaus? Here you go.


Is being on one Spamhaus blocklist the same as being on the other?

No, it isn’t. 

Different blocklists have different rationale behind them. Therefore, getting out of some blocklists is more challenging than the others.

Policy Block List (PBL): 

pbl-spamhaus

If you’re on the PBL, it’s not because Spamhaus believes you are sending unsolicited commercial emails. You’re on the PBL because your IP sent emails, despite the fact that your IP address was not meant to send emails to other MX servers. 

Exploits Block List (XBL):

xbl-spamhaus

Being on the XBL means Spamhaus suspects your IP has been hijacked by bad actors. That’s serious, but that’s not entirely your fault. So Spamhaus looks at you a little compassionately. Just like in the case of the PBL, you can probably count on your email service provider to sort this one out.

Combined Spam Source (CSS):

css-spamhaus

The Spamhaus CSS list is the database of IP addresses that have a poor reputation. This list is generated automatically. The CSS most commonly raises red flags when it notices poor list quality, unsolicited emails, and emails that are malicious in nature.

Compromised hosts and unhealthy practices like snowshoe spamming also trigger CSS listing (Snowshoe spamming is the activity of using a wide spectrum of IPs and domains to send spammy messages. This is done with the sole objective of escaping attention).

In case you’re listed under Spamhaus CSS, the best place to initiate a resolution is your own email list. Check for the latest email addresses added to your lists. Review the sources of these new additions.

Usage of old email lists, without proper reengagement techniques for old lists, can lead to CSS listings too. 

Spamhaus Blocklist (SBL):

sbl-spamhaus

In addition to snowshoe spammers and malicious emails, the SBL also includes bad actors that hijack IP space and bulletproof hosting services that provide anonymity, something cybercriminals value highly.

Unlike CSS (which is automated), the SBL is created and maintained manually by forensic experts and specialized investigators. According to Spamhaus, ‘on average, this dataset contains 30-40 thousand listings’.

5 Steps to get out of Spamhaus blocklist

1. Check if you are really on any blocklist 

First, check on Spamhaus IP and Domain Reputation Checker (below) to see if your domain is blocklisted. Enter IP address, domain, ASN, URL or hash and hit ‘Lookup’ to run a blocklist check (In case you’re wondering, the Spamhaus IP and Domain Reputation Checker was earlier known as Blocklist Removal Center).

how-to-check-on-spamhaus

2. Seek further details

Obviously you don’t have to worry if you are not on the blocklist. But if you are, you want to know further details. Hit Show Details to learn more about why you’ve been blocklisted. 

Without an account manager who understands stuff and can begin the resolution process, it can be a little frustrating. 

For instance, you may have been sending emails to old email addresses some of which have been converted into spam traps. What appears quite legitimate to you may now have become a violation of Spamhaus policy. 

If your IP has gone into the XBL or SBL, it’ll most likely take longer.

In any case, save this information for later use; it’s a good starting point.

3. Comb through your server logs

Before contacting Spamhaus, ensure your house is in order. You want to make sure you have addressed the issues fully before you can expect Spamhaus to delist you.

Check your server logs. See what kind of activity you see – is there anything you don’t trust? Something potentially malicious? Something that raises a red flag?

There’s a whole lot of things that might not look suspicious to an untrained eye, but Spamhaus policy dislikes it. 

As an example, take the IP range. Company A has 50 IPs, in the range below:

2XX.XXX.11X.XX1 to 2XX.XXX.11X.X50 (total 50)

Company B too has 50 IPs, but the IPs are distributed over 3 ranges:

2XX.XXX.11X.XX1 to 2XX.XXX.11X.X15 (total 15)

2XX.XXX.22X.XX1 to 2XX.XXX.22X.X15 (total 15)

2XX.XXX.44X.XX1 to 2XX.XXX.44X.X20 (total 20)

Grand total 50 IPs.

Company B is more likely to be red-flagged because it uses multiple IP ranges. Spammers adopt this strategy all the time to escape detection.  

4. Resolve all issues

List all reasons you were blocklisted for, based on what you’ve learned.

And then, one by one, address each of them. Don’t leave anything to chance. Don’t assume Spamhaus will grant you some mercy or condone a few slips. If you’ve been blocklisted, it makes sense to resolve all issues. The Spamhaus algorithm is like a super-vigilant security guard; it will eventually pick up unresolved issues.

Remember, Spamhaus is a watchdog, not a solution-provider. So you’ll have to fix the issues yourself.

clean-lists

5. Get in touch with Spamhaus

Once you’ve been able to fully address the issue, it’s time to get in touch with the Spamhaus team. 

Based on the information you provide them and how well you’ve fixed the issue, you can expect a rejection or a temporary unblocking. It’s difficult to get unblocked with the very request. So have some patience while you engage.

If you’re listed on the CSS, you need to visit Spamhaus. Based on your IP and domain reputation, you’ll see how to proceed with CSS removal.

In case you’re listed on the SBL, Spamhaus will email your network or hosting provider, and only they can proceed with remediation. Most ESPs, CRM platforms, and hosting providers are more equipped to communicate with Spamhaus representatives. 

You, as a general user, may have only limited understanding or experience in dealing with such an issue. That, however, shouldn’t stop you from finding out what did you change (using old email lists, for example) in the recent past that could have invited the listing. This understanding will be critical in resolving the issue quickly and smoothly.

Listings of domain, IP, and IP range can be viewed on this page.

Here’s a visual summary of the steps to get out of Spamhaus blocklist.

Three things to avoid after you’ve been blocklisted

  • Moving your domain or IPs: If you start sending emails from a different set of IPs or domains, Spamhaus is quite likely to suspect you’re trying to circumvent, rather than resolve, the issue. It only weakens your stand.
  • Questioning their past inaction: Don’t question their judgment by asking why they didn’t list you earlier (‘We’ve been doing this since the past two years. Why now?’). Spamhaus can do only so much and quizzing them like this isn’t going to help your case.
  • Hiding information: Things have a way of letting themselves out, so don’t hide any information. Sharing all relevant stuff not only builds trust but also speeds up your case. 

What kind of Spamhaus responses can you expect

Don’t expect Spamhaus to be your friendly, neighborhood cop who’s willing to look the other way for a minor violation. Spamhaus has a complex and highly responsible task that can impact billions of users worldwide.

So you’d be disappointed if you believed they’d be casual or lenient. If they took everyone off the Spamhaus blocklist without ensuring full compliance, the internet would turn into an extremely risky place in no time.

That being said, Spamhaus is strict but patient. They know that even businesses with good intentions sometimes make mistakes. As long as you correct your mistakes, Spamhaus will be reasonable with you.

Early-stage responses 

When you reach out to Spamhaus to have you removed from the blocklist, they will ask for complete details on what steps you have taken to address the issue.

In particular, they’ll be interested in learning how you’re trying to solve the problem on a long-term basis. Once they are satisfied you have completed all the steps, perhaps their most common response is to remove listings pending investigation.

It means that they’re temporarily convinced but they haven’t closed their investigation. It means Spamhaus is being reasonable by letting you resume your activities, but they haven’t declared you completely ‘innocent’. While you resume your operations, they will keep a close watch. And there’s no ‘safe window’ – it can be recurring, there’s no saying.

Later responses

One thing email senders need to understand is the Spamhaus algorithm won’t change overnight. So if you have made only superficial changes after you were blocklisted, there’s always the risk that you will be blocklisted again – probably sooner than you think.

However, if all the steps you’ve taken fully satisfies Spamhaus, you’ll see their team will unblock you. Note that in the early stage, there was a qualifier – pending investigation. Provided you’ve been able to build trust and promise to stay alert and continue following best practices, your IPs would be unblocked without the qualifier.

Are there any Spamhaus whitelists?

The opposite of a blacklist (blocklist, as per the current terminology) would be a whitelist. So if a blacklist is a list of IPs that shouldn’t be sending emails, a whitelist should be a list that’s allowed to send emails.

Now back to the question. Are there Spamhaus whitelists? No, they don’t exist, as far as we understand Spamhaus.

Conversely it means every IP is watched; no exemptions. Any erring IP will face the same consequences.

verify-3000-emails-for-free

Over to you

Operating in the virtual world has its own challenges, and you want to stay clear as far as possible. As long as you haven’t engaged in malicious activity, you’ll be able to get out of Spamhaus blocklists.

There will be costs, of course. While Spamhaus won’t be charging you anything, there are other costs. The costs you incur would be in terms of lost humanhours trying to address the issue, opportunity costs of opportunities that were lost, the cost of bringing in a technical person (if you don’t have someone in-house), and so on…

At the end of the day, it’s important to get out of the blocklist and stay out. Because ‘repeat offenders’ may face more difficulties.

 
boost-img

Is your email list safe to send emails?

Boost your marketing performance by improving email deliverability and open rates.
Free 3,000 Credits/moON FREE TIER!

We protect your sender reputation by verifying your email lists. The better your reputation, the higher your deliverability. We filter out invalid and risky email addresses from your list.

Clean your email list with 100 Free credits daily!