FREE · NO ACCOUNT REQUIRED

Free IP blacklist check — see if your IP is on Spamhaus, Barracuda, SORBS, or any of 80+ DNSBLs.

IP Blacklist Checker queries 80+ DNS-based blacklists in parallel — Spamhaus (ZEN, SBL, XBL, PBL, DBL), Barracuda, SORBS, SpamCop, UCEPROTECT, Spamrats, MailSpike, IBM X-Force, AbuseIPDB, and dozens more. Returns per-list listing status, the listing reason where available, the timestamp the listing was created, and per-list delisting instructions. Single-pass check for any IP — yours, a sending mail server's, an outbound proxy's. Free, no signup, instant results.

01 · OVERVIEW

What gets checked

Six independent classes of output per blacklist check. The per-list listing matrix is the obvious headline; the categorization by list type, the listing-reason extraction, and the delisting-flow guidance are the differentiators most flat blacklist checkers skip.

80+ DNSBLs queried in parallel (Single pass)

Every major blacklist queried at once. Spamhaus (ZEN, SBL, XBL, PBL, DBL), Barracuda, SORBS (multiple sub-lists), SpamCop, UCEPROTECT (levels 1–3), Spamrats, MailSpike, IBM X-Force, AbuseIPDB, Proofpoint DRBL, Cisco IronPort, NIX-Spam, Cymru Bogon, and ~60 others. Total wall-clock under 8 seconds.

Per-list listing status (Listed / clean)

For each list, returns whether the IP is currently listed plus the precise DNS response code (some lists return different codes for different reasons — 127.0.0.2 vs 127.0.0.4 for SORBS subcategories, etc).

Listing reason and category (Where available)

Some lists publish TXT records explaining why an IP is listed — open relay, snowshoe spam, dynamic IP, hijacked netblock, etc. The tool fetches and surfaces these where the list supports it (Spamhaus, SORBS, UCEPROTECT, others).

Reputation score (0 to 100)

Composite reputation score weighing the listings — Spamhaus carries more weight than smaller lists, and listings reflecting active malicious behavior weigh more than 'listed because dynamic'. 100 = no listings. 70+ = some listings on niche lists, likely fine. Below 50 = problem worth investigating.

List categorization (Spam · malware · proxy · policy)

Lists categorized by what they list. Spam lists (SpamCop, Barracuda) signal outbound spam. Malware lists (Spamhaus XBL, Cymru Bogon) signal infected hosts. Proxy/anonymizer lists (Sorbs DUHL, ProjectHoneyPot) signal proxy/VPN. Policy lists (Spamhaus PBL) reflect ISP statements rather than behavior. Context matters when deciding what to fix.

Per-list delisting links (Action)

For every listing, links to the delisting form or process for that specific list. Most major lists offer self-service delisting once the underlying issue is fixed; some require contact via email; a few (Spamhaus SBL) require demonstrated fix and review.

02 · WHY THIS MATTERS

Why being blacklisted is silent until it isn't

Most IPs don't know they're blacklisted until something else breaks — mail bouncing, web requests blocked, services rejecting connections. Five reasons proactive checking matters:

  • Spamhaus alone is enough to break mail delivery. Spamhaus's blocklists are consumed by major mailbox providers — Google, Microsoft, Yahoo, hundreds of corporate mail filters. A listing on Spamhaus ZEN, SBL, or XBL means most large receivers will reject mail from the IP outright. You won't know until customers complain about not receiving your email.
  • Inheriting a 'used' IP is the most common surprise. Cloud providers (AWS, Azure, GCP) reassign IPs to new tenants. The previous tenant's behavior persists in blacklists — sometimes for months. Fresh-launch services get assigned IPs and immediately discover Spamhaus listings inherited from whoever held the IP before.
  • Compromised hosts get listed within hours. Malware-infected hosts that start sending spam or scanning the internet usually appear on multiple blacklists within hours of activity. The blacklist is often how IT first finds out about the compromise.
  • Delisting is mostly self-service — once you find the listing. Most major lists let you submit a delisting request once the underlying issue is fixed. Spamhaus's process is straightforward for ZEN; SBL is more involved. The hard part is knowing you're listed in the first place.
  • Some 'lists' are policy lists, not threat lists. Spamhaus PBL lists dynamic/end-user IP ranges per ISP statement — not bad behavior. Being on PBL is normal for residential and consumer IPs and doesn't reflect security issues. The tool surfaces this distinction so you don't try to delist a PBL listing for a static datacenter IP — which is the listing you would actually want fixed.
03 · HOW IT WORKS

Reverse the IP, query DNSBL zones, parse responses

DNSBLs (DNS-based Blocklists) work by encoding the IP into a DNS hostname under the blacklist's zone. We query 80+ such zones in parallel, parse the responses, and build the report.

  • Stage 1 — Reverse-encode the IP DNSBLs reverse the IP's octets and append the blacklist zone. `192.0.2.1` becomes `1.2.0.192.zen.spamhaus.org` for the Spamhaus ZEN list. This is the standard DNSBL query format defined in RFC 5782.
  • Stage 2 — Parallel A-record queries Query each blacklist's encoded hostname in parallel. A response with an A record (typically in 127.0.0.0/8) means the IP is listed; NXDOMAIN means clean. Wall-clock time bounded by the slowest list.
  • Stage 3 — Decode response codes Listed IPs return specific 127.0.0.x codes that vary by list. Spamhaus ZEN uses 127.0.0.2 (SBL), 127.0.0.4 (XBL CBL), 127.0.0.5 (XBL NJABL), 127.0.0.10 (PBL), 127.0.0.11 (PBL ISP). Each code maps to a specific listing category.
  • Stage 4 — Fetch TXT for context For lists that publish reasons via TXT records (Spamhaus, SORBS, UCEPROTECT, others), query the TXT alongside the A record. Returns the listing reason as registered by the blacklist operator.
  • Stage 5 — Categorize and score Map each listing to a category (spam, malware, proxy, policy) and a severity. Compute composite reputation score. Major-list listings weigh more; policy-list listings weigh less.
  • Stage 6 — Generate delisting guidance For each listing, surface the operator's delisting URL or process. Some are one-click forms; others require email submission with evidence of remediation. The link map is curated and updated as operators change their processes.
04 · DELISTING

How to remove your IP from a blacklist

Delisting requires fixing the underlying issue first, then requesting removal. Five things that determine how easy or hard it'll be:

  • Identify and fix the underlying behavior Before submitting a delisting request: stop the spam, remediate the malware infection, reconfigure the open relay, secure the compromised account. Most blacklists auto-monitor — they'll just relist immediately if the behavior continues. Spamhaus is particularly thorough about this.
  • Spamhaus ZEN / SBL ZEN auto-expires for clean IPs after the issue stops being detected (usually a few days). SBL listings are explicit — submit a delisting request via https://www.spamhaus.org/lookup/ with evidence the issue is resolved. Be honest; Spamhaus has heard every story and will relist if you don't actually fix the problem.
  • Barracuda Central Self-service delisting at https://barracudacentral.org/rbl/removal-request. Requires you to confirm you've fixed the underlying issue. Usually processes within a few hours.
  • SORBS (multiple sub-lists) Each SORBS sub-list (DUHL, SOCKS, HTTP, SMTP, ZOMBIE, etc) has its own delisting flow. DUHL (dynamic user) is removed by demonstrating the IP is static. Behavioral sub-lists require evidence the behavior has stopped. Process can take days to weeks for some lists.
  • What to do if you're listed on a niche list Less-well-known lists vary wildly in delisting quality — some are responsive, some are unmaintained, some require email contact. The per-list delisting links surface the right process for each. For lists no longer maintained, contact major mailbox providers directly to whitelist your IP if their filters consume the dead blacklist.
05 · API

Use this programmatically

Every listing, response code, listing reason, and reputation score is available as JSON. Useful for outbound-mail server monitoring, IP-allocation hygiene (check before assigning to a customer), security-operations alerting, and continuous blacklist monitoring.

cURL
curl 'https://api.domainscan.in/v1/security/blacklist?ip=1.1.1.1'
JavaScript (fetch)
const res = await fetch(
  'https://api.domainscan.in/v1/security/blacklist?ip=8.8.8.8'
);
const bl = await res.json();

console.log(bl.summary.reputationScore);     // 100
console.log(bl.summary.listedOn);            // 0
console.log(bl.summary.totalChecked);        // 80

// Iterate over listings
const listings = bl.lists.filter(l => l.listed);
listings.forEach(l => {
  console.warn(`Listed on ${l.name}: ${l.reason || 'no reason given'}`);
  console.warn(`Delist at: ${l.delistingUrl}`);
});

// Alert on any major-list listing
const major = ['Spamhaus ZEN', 'Spamhaus SBL', 'Barracuda', 'SpamCop'];
const onMajor = bl.lists.filter(l => l.listed && major.includes(l.name));
if (onMajor.length) alert('Major blacklist listing — investigate');
Response schema (abridged)
{
  "ip":       "8.8.8.8",
  "summary": {
    "reputationScore": 100,
    "totalChecked":    80,
    "listedOn":        0,
    "queryTimeMs":     5800
  },

  "lists": [
    {
      "name":         "Spamhaus ZEN",
      "zone":         "zen.spamhaus.org",
      "category":     "spam | malware | proxy | policy",
      "listed":       false,
      "responseCode": null,
      "reason":       null,
      "delistingUrl": "https://www.spamhaus.org/lookup/"
    }
  ]
}
06 · USE CASES

How teams use IP Blacklist Check

Six patterns we see most often:

Outbound mail server monitoring (Mail)

Cron the API against your sending IPs. Alert immediately on any major-list listing. Combined with your DMARC reports, this catches deliverability problems before customer complaints do.

Cloud-IP allocation hygiene (Cloud ops)

Newly-allocated cloud IPs may be inherited from previous tenants. Check every assigned IP at provisioning time — and reject any pre-listed IP rather than launching production behind it.

Mail-bounces investigation (Deliverability)

Customer reports mail bouncing from your service. First check: is your sending IP blacklisted? Faster than digging through bounce logs.

Compromised-host detection (Security)

A previously-clean host suddenly appears on multiple blacklists. Strong signal of compromise — the host is probably scanning or sending spam without IT's knowledge.

Pre-acquisition diligence (M&A)

Acquiring a company with their own mail and web infrastructure. Check every public IP they own. Inherited blacklist listings are post-close work you'll need to schedule.

Hosting-vendor evaluation (Procurement)

Evaluating a VPS or hosting provider. Sample a range of their IPs; widespread blacklist presence indicates a low-trust upstream — and your service will inherit that.

07 · QUESTIONS

Common questions

  • What is an IP blacklist? A list of IP addresses associated with spam, malware, abuse, or other unwanted behavior. Maintained by various organizations (Spamhaus, Barracuda, SpamCop, SORBS, IBM, and others). Consumed by mail servers, web filters, and security products to block or filter traffic from listed IPs. Most are operated as DNSBLs (DNS-based blocklists) so consumers can query them with a normal DNS lookup.
  • How do I check if my IP is blacklisted? Run this tool. It queries 80+ major blacklists in parallel and returns per-list listing status, reasons (where available), and delisting links. Faster than checking each list individually and more comprehensive than tools that only check a handful.
  • Why is my IP blacklisted? Most common reasons: (1) outbound spam from a compromised account or server, (2) a malware infection sending spam or scanning the internet, (3) hosting a phishing site, (4) snowshoe spamming pattern across a netblock, (5) inherited listing from the previous holder of a reassigned cloud IP, (6) policy listing because the IP is in a dynamic/end-user range (Spamhaus PBL). The blacklist-specific reason TXT record (when available) tells you which.
  • How do I remove my IP from a blacklist? Fix the underlying issue first (stop the spam, remediate malware, secure compromised accounts). Then submit a delisting request to each list — most major lists offer self-service forms. Spamhaus, Barracuda, and SpamCop are all delistable within hours once the issue is resolved. Some niche lists are slower or require email contact. The tool surfaces the right delisting URL per list.
  • What is Spamhaus and why does it matter? Spamhaus is the most consequential blacklist operator. Their lists (ZEN, SBL, XBL, PBL, DBL) are consumed by major mailbox providers (Google, Microsoft, Yahoo), corporate mail filters, and security products worldwide. A Spamhaus listing usually means mail rejection at most large receivers. Other lists matter too but no single list has Spamhaus's reach.
  • Why is my dynamic / residential IP on Spamhaus PBL? PBL (Policy Blocklist) lists dynamic/end-user IP ranges as identified by the operating ISP. Being on PBL is normal for residential and consumer IPs — it's not based on bad behavior, just on the ISP saying 'this range is for end users, not mail servers'. If you're sending mail from a residential IP, route through your ISP's smarthost instead. If your supposedly-static datacenter IP is on PBL, contact your provider to have the listing removed.
  • How long do blacklist listings last? Varies by list. Spamhaus ZEN auto-expires for clean IPs typically within a few days of behavior stopping. Spamhaus SBL is manual — requires explicit delisting request with evidence. Behavioral lists generally auto-expire over time (weeks to months) for IPs that stop the behavior. Policy lists (PBL) stay until the ISP changes the policy. Self-service delisting is faster than waiting for auto-expiry.
  • Can I check the reputation of an IP that isn't mine? Yes. Blacklist data is public. This tool checks any IP — yours, a sending mail server you're investigating, an attacker's IP from your logs, the IP of a connecting client your service is suspicious about. The reputation score is a useful signal for trust decisions.