Domain Blacklists – The comprehensive 2017 guide

Domain blacklists have been used to filter email for years, and in this comprehensive guide, I’ll cover:

  1. The most popular public domain blacklists and lesser known, but equally important, private domain blacklists
  2. How to determine if a domain is on a blacklist
  3. How to get off each blacklist
  4. Tips and tricks, gleaned from my own research and experience, about each blacklist

Given that GMass is an email marketing service used by over 80,000 people, we’ve seen our fair share of deliverability and spam issues. Because GMass works on top of Gmail and G Suite, we don’t maintain our own sending IP addresses. Instead, all email is sent from users’ Gmail accounts, meaning email originates from Gmail’s IP addresses.

Therefore GMass users almost never have to worry about an IP block. The one exception to this rule is if you’re sending from an alias From Address in Gmail and were required to input your own SMTP server credentials. In that case, Gmail routes your email through the external SMTP server, which makes the IP reputation of your SMTP server relevant. Far more common for GMass users, however, is the issue of domain-based blocking, since with the standard G Suite setup, your emails are sent from Gmail’s IP addresses.

Are domain blacklists the same as DNSBLs?

The term DNSBL is used often in the email deliverability industry. It stands for Domain Name Server Block List and refers only to the mechanism by which the block list is published (the Domain Name Server system). DNSBLs can be either lists of IP addresses or lists of domain names. Most DNSBLs are listings of IP addresses, and include popular blacklists like the Spamhaus Block List (SBL) and Spamcop. The blacklists that most concern GMass users are those that list domain names. This is because GMass sends emails from Gmail’s IPs, which are arguably the highest deliverability IP addresses in the world and aren’t blocked by anybody. Therefore it’s rare that an IP address will ever be the source of an email deliverability issue, except in the scenario mentioned above. A domain, however, can be the source of a deliverability issue.

This is a current and comprehensive guide to public and private domain-based email blacklists.

Overview

While IP-based email blocking is far more common, domain-based email blocking has gained popularity in recent years, and consumer email providers like Gmail and AOL and even corporate email filters like Barracuda, Symantec/MessageLabs, and Mimecast scan incoming email for the presence of domains on domain blacklists. If found, the email is rejected or sent to the Spam folder. This is why I’ve encouraged each GMass user to set up a dedicated tracking domain.

Domain-based DNSBLs fall into two categories: those that are publicly usable and searchable, meaning any email server administrator can use the list to filter email, and those that are private and used for an organization’s internal purposes only, like AOL’s. Plenty of email companies have written about domain blacklists previously, including Return Path and Sendgrid, but in this comprehensive guide, I’ll dig deeper into the nuances of both public and private blacklists.

Public Domain Blacklists

There are three main public domain blacklists: Spamhaus, SURBL, and URIBL.

Spamhaus DBL

Web lookup form: https://www.spamhaus.org/lookup/
Query via DNS: Query [domain].dbl.spamhaus.org and look for a response of 127.0.0.2
Tips and tricks: Spamhaus is the 300-pound gorilla of blacklists and publishes both an IP list and a domain list. Spamhaus will sometimes list domains that have never appeared in email flow before. It has an algorithm that detects newly registered domains, and if these domains meet a particular criteria, they are listed on the Spamhaus DBL without ever being included in a single email message. These domains are also the easiest to get delisted using the Blocklist Removal Form. Additionally, the email address that you enter to receive the confirmation removal link can determine whether your request is accepted and the link is sent, or your removal request is denied and you’re told to get in touch with Spamhaus staff. If your domain is ineligible for self-removal, you’ll have to contact Spamhaus and ask them to remove the domain, and that can be difficult.

Spamhaus DBL Self Removal Denied
You can attempt to remove a domain yourself from the Spamhaus DBL, but if a domain is ineligible for self removal, you’ll have to contact Spamhaus.

You’ll typically get a response within 24 hours. In my case with this domain, I didn’t get any explanation about the listing, even though it’s been used in very minimal email flow.

Spamhaus DBL Rejection
In this case, my Spamhaus delisting request has been denied.
SURBL

Web lookup form: http://www.surbl.org/surbl-analysis
Query via DNS: Query [domain].multi.surbl.com and look for a response of 127.0.0.2
Tips and tricks: It’s relatively easy to get a domain off of SURBL, as long as you’re not a systemic spammer and have a reasonable explanation. In my experience, if you explain why your domain was used in spam and can show that you’re generally a responsible mailer, a few hours later, you’ll get a response accepting your request. I’ve never been turned down when asking for a domain to be delisted.

SURBL Whitelist Approved
SURBL administrators are helpful in providing info and reasonable in delisting domains.
URIBL

Web lookup form: https://admin.uribl.com/
Query via DNS: Query [root domain].multi.uribl.com and look for a response of 127.0.0.2
Tips and tricks: The URIBL list is very difficult to get off. You can create a URIBL account and submit a delisting request, but in my experience, most delisting requests are denied. It also seems that whether a delisting request is accepted or not is at the whim of the person who is currently reviewing requests, given that only one out of all of my requests were accepted (for gmass.co), and the request was made just one day after the previous request was denied. Here’s my own history of delisting requests:

URIBL Rejections
Most of my URIBL delisting requests were rejected.

Tips and tricks: The URIBL blacklist will be the subject of a future blog post, because it exhibits some rare and often quirky attributes. In our research though, it’s the least used of the three public blacklists. My own domain, wordzen.com, has been listed for a long time, and I’ve seen virtually no blocking of any email that includes the wordzen.com domain. Even MailChimp’s default tracking domain, list-manage.com, is grey-listed on URIBL.

Private Domain Blacklists

You might think that a private blacklist like the ones maintained by AOL, Barracuda, and Google are just that…private and un-searchable. While that may be true, it’s still possible to determine if your domain is on it. If you send an email with a listed domain to an address that uses a particular filter, the SMTP bounce response will indicate if the domain is on that private blacklist.

Barracuda’s Intent List

How to query: Use their web lookup form.
DNS Lookup: There is no DNS-based method to look up a domain on Barracuda’s Intent List. Barracuda does provide a DNS method for querying their IP list, but not their domain list. It is possible, however, to examine SMTP responses to determine listings.

For example, if a domain is on Barracuda’s Intent List, you’ll get a bounce with an SMTP code from Barracuda that looks like:

Remote-MTA: dns; d124601a.ess.barracudanetworks.com. (64.235.154.140, the server for the domain d211.org.)
Diagnostic-Code: smtp; 550 permanent failure for one or more recipients (henderson@d211.org:blocked)

Note that the specific domain that is on the list is not mentioned, so it will take some further analysis to determine the actual domain. How do we know that this response code is likely a domain-based block rather than an IP-based block? Because Barracuda’s response code for an IP-based block is specific to that IP address:

Remote-MTA: dns; fw2.dgcuda.com
Diagnostic-Code: smtp; 554-Service unavailable; Client host [actuarialoutpost.com] blocked using 554-Barracuda Reputation; 554 http://www.barracudanetworks.com/reputation/?r=1&ip=204.232.242.165

You might have noticed the difference between the two remote MTAs in these examples. In the first, the remote MTA is clearly a Barracuda-hosted server, because it ends with “barracudanetworks.com”. The second, dgcuda.com, appears to be an on-premise appliance running the Barracuda mail filtering software. Note the reference to “cuda”, which is likely short for Barracuda. Customers who install the Barracuda appliance can name the appliance whatever they like. Still though, the SMTP response codes will be equivalent regardless of whether the email server is hosted by Barracuda or hosted on-premise by an organization.

Here is a full list of Barracuda’s SMTP response codes.

AOL’s Domain Blacklist

How to query: The only way to know you’re on AOL’s domain blacklist is if you receive an SMTP response code containing “HVU”, which stands for High Volume URL. Like Barracuda, the SMTP response won’t indicate which domain is blacklisted; it will only tell you that one or more domains present in the email are on the blacklist.

If a domain is on AOL’s private domain blacklist, the SMTP response from AOL will look like:

Diagnostic-Code: smtp; 521 5.2.1 :  (HVU:B2) https://postmaster.aol.com/error-codes#554hvub2
Last-Attempt-Date: Sun, 09 Jul 2017 03:26:51 -0700 (PDT)

The HVU:B2 reference is specific to a blacklisted domain, as is explained on AOL’s page about their HVU response codes. You can contact AOL and ask which domain is blocked, or if you can determine that on your own, you can ask for delisting, but in my experience, AOL is fairly stringent about their domain blacklist:

AOL Postmaster Rejection
AOL denied my request to remove my domain from their domain blacklist.

Google’s Domain Blacklist

Google maintains a blacklist of domains, but the only way to tell if you’re on it, is to send an email to a Gmail or G Suite-hosted domain, and look at the reason you ended up in the Spam folder.

Gmail blocks a domain
An example of Gmail-based domain blocking

SpamRL

How to query: The only way to know you’re on the spamrl.com’s blacklist is if you receive an SMTP response indicating that the URL is on the list.

SpamRL Block
This is what the bounce response from a spamrl.com block looks like

There is no web lookup form or DNS method to query the list.

SpamRL Rejection
SpamRL.com is a domain blacklist cloaked in secrecy.

You are able to self de-list your domain on SpamRL.com for up to 7 days though.

Not all lookup tools are created equal

When determining whether a domain is on one of the publicly searchable blacklists, I like to automate the process by programmatically doing the DNS lookup. As a secondary means, I’ll go to the website directly and use their lookup forms. An even easier way is to use a third party lookup tool that searches many blacklists at once.

Avoid Googling “DNSBL check”, and using one of the many forms in the search results that claim to check your domain or IP against a plethora of blacklists. This is because most lookup forms don’t properly perform the lookup against domain blacklists and instead do it against IP blacklists. An example is this lookup tool from MX Toolbox, https://mxtoolbox.com/blacklists.aspxThe prompt asks you to enter a domain or an IP address, but in reality, this check has nothing to do with domain-based blacklists. If you enter a domain, it simply converts your domain to an IP and then checks the IP against IP-based blacklists, which is entirely different from checking the domain-based blacklists that I’ve referenced above. Here’s another popular tool that does the same, converting your domain to an IP and only searching IP blacklists: https://www.ultratools.com/tools/spamDBLookup

An example of a lookup tool (that is buried deep in the search results) that does perform the correct kind of lookup is:

http://www.blacklistalert.org/

This intelligent tool, while prompting you for an IP or a domain, will determine WHETHER you entered an IP or a domain and tailor its search accordingly. If you enter a domain, the first set of results will be searching that domain properly against domain-based blacklists, however the domain blacklists it searches is limited to the publicly available blacklists that I’ve mentioned above. Here’s another tool that also performs the lookup correctly and also offers a proactive monitoring service:

https://www.blacklistmaster.com/

Which ISPs use which domain blacklists?

Now that you have an overview of what the main public and private blacklists are, you are likely wondering which blacklists are relevant to your mailings. Does Gmail use these domain blacklists to filter their email? Does Outlook.com use them? Do corporate email filters like Barracuda, Mimecast, and Symantec/MessageLabs use them?

My research shows the following:

Spamhaus SURBL URIBL
AOL Delivered Delivered Delivered
Gmail Delivered Uncertain Delivered
Outlook.com Delivered Uncertain Delivered
Yahoo Delivered Delivered Delivered
Comcast Uncertain Uncertain Uncertain
Barracuda Delivered Uncertain Delivered
Mimecast Blocked Uncertain Uncertain
Symantec/MessageLabs Blocked Delivered Delivered

Testing methodology

  • I sent emails containing various blacklisted domains to a set of seed addresses
  • If the email containing the blacklisted domain made it to the Inbox, the blacklist/ISP combination receives a Delivered status. This is only indicative that the blacklist isn’t used to outright block email. It is not indicative that the blacklist doesn’t play a factor in determining overall spammyness.
  • If the email containing the blacklisted domain did NOT make it to the Inbox, in most cases, we designate that as Uncertain, since we can’t be sure if the fact that the domain was on the blacklist caused the block, or if the domain was already internally blocked.
  • In the cases where a blacklist/ISP combination is designated as Blocked, it’s because the blacklisted domain has such little email traffic that we can reasonably determine that its presence on a particular blacklist caused the block.

What you should do

You should regularly check the domains that are important to you and the domains that appear in your email flow against both public and private blacklists. For the public blacklists, there are several blacklist monitoring services that will periodically check your domains against Spamhaus, SURBL, and URIBL, and alert you of a listing. For the private blacklists, you should either manually scan your SMTP responses and look for patterns mentioned above, or you should programmatically check them (like we do for GMass users) to determine which domains are on private blacklists. GMass users needn’t worry about this, as this is handled by our internal deliverability monitoring tools. All GMass users’ domains are checked against the public blacklists once every hour and our intelligent private blacklist detection system works in near real-time.

Resources

The Wikipedia article on DNSBLs provides a good overview of how email blacklisting works. Be sure to read the part on URI DNSBLs though, because that’s the specific type of DNSBL that is a domain-based blacklist, as opposed to an IP-based blacklist.

Here’s a handy guide to the blacklists and lookup tools mentioned in this article:

Spamhaus DBL – Spamhaus’s domain block list lookup tool
SURBL – The SURBL lookup tool
URIBL – The URIBL lookup tool
Barracuda – Barracuda’s Domain/IP lookup tool
AOL – AOL’s contact form to request delisting of a domain
SpamRL.com – their form to request delisting of a domain for 7 days

My favorite third-party domain lookup tools:

BlackListAlert.org – free multi-site lookup tool
BlacklistMaster.com – multi-site lookup and monitoring tool

4 Replies to “Domain Blacklists – The comprehensive 2017 guide”

  1. Pingback: Homepage

Leave a Reply

Your email address will not be published. Required fields are marked *