What is a DNS Blacklist?
A typical server receives a ton of traffic every day. Even small to medium-sized ones are bombarded with e-mails, login attempts, regular visitors, and others. One of the main jobs of server administrators is to ensure that only “clean” traffic is processed. That is, we want to avoid undesirable activities like spam and security hack attempts. One way, of course, is to toughen your server so that such activities are thwarted. Even better, however, is to deny that traffic in advance.
But how do we know beforehand whether or not a particular request is likely to be malicious? The answer is the community. There are large and small organizations all over the world that track bad behavior by specific IP addresses and store that information on their servers for anyone to look up. These lists are called RBLs or Real-time Black Hole Lists. They are also called DNSBLs (DNS based Blackhole Lists).
The idea is simple. Whenever you have an incoming mail request or a comment is posted on your site, you send a quick and efficient query to one of several RBL servers around the world. If they respond positively, it means that they recognize that IP address from some past bad behavior. You can then decide to ignore the (likely malicious) request or process it.
This way, the community shares knowledge about bad IP addresses and protects itself.
What Happens If Your IP Address is Blacklisted?
Having your IP address on a DNS Blacklist can be a huge problem. Your server might have its e-mail deliveries rejected; you might not be able to initiate browser requests or post comments. If your business depends upon targeted marketing, it could be a massive blow to your organization if e-mails are getting sent back. No business can afford to have its IP address blacklisted.
Your IP address might be shared with others on the same server, and if they get blacklisted, you’re affected as well. Dynamic IP addresses change all the time, and you might be stuck with one that has a bad reputation. In such cases, removing the IP from the list involves the following:
- Identify why it was blacklisted;
- Send a removal request;
- Wait and hope.
How to Perform an Email Blacklist Check Manually?
The easiest way to check if an IP address is blacklisted is to use the form on this page. However, you might want to test an IP address against a remote blacklist not listed here. Here’s a quick way to do this manually:
Step 1: Select an RBL Service
There are many DNSBL lists. Here is a partial one on Wikipedia. Some are very well known, like Spamhaus. Their servers provide information for both e-mail spam, hacking, exploits, as well as suspicious IP addresses that are not supposed to be sending out mail in the first place.
For this example, I’ll use Spamhaus.
Step 2: Reverse the IP Address to Check
For example, if your IP address is “123.456.789.101”, reversing it will give:
Step 3: Identify the RBL Service Zone
In the Wikipedia RBL link above, there is a column for “zone.” Each RBL purpose has a separate zone. For example, if you want to check e-mail spammers, the zone is “sbl.spamhaus.org.” To check for exploit IPs, the zone is “xbl.spamhaus.org.” The zone to test both lists at once is “sbl-xbl.spamhaus.org.”
Step 4: Add the Zone to the Reverse IP Address
Merging steps 2 and 3, add your reverse IP address in front of the zone. For example, if my reverse IP is
101.789.456.123. and the zone I want to check is “sbl-xbl.spamhaus.org,” adding the two gives me:
Step 5: Query via the Command Line
If you’re on Windows, you can open up a command-line interface and use the NSLOOKUP command with what you got in step 4. The command looks like this:
On Linux, you can use the “host” command instead like this:
Step 6: Analyze the Output
Here’s an example of the above command run with an IP address:
If like in the above screenshot you get the message “Non-existent domain”, it means you’re clean! At least for that particular zone. You should repeat the experiment with multiple zones and see if you get the same response. If your domain isn’t found on any of them, then you’re clean for that particular RBL or DNSRBL!
If however, the server returns a response, then your IP address is blacklisted and you need to work on removing it as soon as possible.
Getting Your IP Address Removed From a Black List
Use the above tool to check if your IP address has been blacklisted by one of the many remote services. If you find this is the case, you can click on the links in the report to send a request for removal to that particular remote service.