Reputation
DNS-based blocklists: the silent reason your emails land in spam.
Published 2026-06-21 · Last updated 2026-06-21 · Vantyris editorial
If your business emails started landing in your customers' spam folders without anything changing on your end, the most likely cause is that your domain or sending IP has ended up on one of the major DNS-based blocklists (RBLs). Mail servers worldwide consult these lists in real time, and a single listing can drop your deliverability from 99% to 30% within hours. Most listings are accidental; the delisting process is short once you know how it works.
What this means for your business
- An RBL is a DNS zone that returns a positive answer when an IP or domain is on the list. When a mail server receives an inbound message, it queries the relevant RBL(s) and, depending on the response, accepts, quarantines, or rejects. The big lists, in rough order of impact: Spamhaus ZEN (IPs), Spamhaus DBL (domains), Barracuda Reputation Block List, SpamCop, SURBL, URIBL.
- Listings happen for three common reasons: (1) your sending IP was reused from a previous customer who spammed; (2) one mailbox in your domain got compromised and was used to send spam, even briefly; (3) the URL in your transactional email links to a domain that itself is listed (e.g., a tracking-link service you use). The third is the most surprising — your domain gets blocked because of a third-party shortener.
- Listings are time-limited but persistent. ZEN auto-delists if the IP behaves for a few days; DBL listings often require a manual delisting request after you've cleaned up. Some lists are aggressive; some are conservative.
How to fix
Identify which list flagged you, find and fix the underlying cause (compromised mailbox, malware, third-party domain), then submit a delisting request to each list directly.
- Confirm the listings. Use mxtoolbox.com/blacklists.aspx to check your sending IP against ~80 RBLs in one go. Or query directly: dig <reversed-ip>.zen.spamhaus.org. Note which lists you're on.
- Read each list's specific listing reason. Spamhaus ZEN: spamhaus.org/lookup. Each list explains what triggered the listing (compromised mailbox sending spam, IP reputation, domain hosting malware-payload URLs). The reason determines the cleanup path.
- Find and fix the source. Most common cause for SME listings: a compromised mailbox in your Google Workspace or Microsoft 365 tenant. Symptoms: 'sent items' contain spam emails you didn't send, or your usage shows unusual outbound volume. Reset the password, enable MFA on every mailbox, audit OAuth apps. For domain listings (DBL): check whether any URL on your domain hosts content the list flagged, often forgotten subdomains.
- Submit a delisting request. Each list has its own form. Spamhaus ZEN auto-delists after ~48 hours of clean behaviour. Spamhaus DBL needs a manual request at spamhaus.org/removal. Barracuda: barracudacentral.org/rbl/removal-request. SpamCop, SURBL, URIBL: each lists its delisting URL on the lookup page.
- Monitor your sender score after delisting. Use a free tool like Google Postmaster Tools (postmaster.google.com) for your domain reputation, plus your ESP's sending reputation dashboard if you have one. Listings that recur quickly indicate the underlying issue isn't fully fixed.
Owner: Your email administrator (Google Workspace / Microsoft 365 admin) for compromised-mailbox cleanup; your DNS administrator if the issue is a forgotten subdomain. · Time: 1-3 hours for cleanup; 24-72 hours for delisting to propagate.
Common gotchas
- Don't submit a delisting request before the underlying issue is fixed. Most lists will refuse a repeat delisting if they re-detect the same issue within the same week.
- If you can't find a compromised mailbox, check OAuth apps: a token from an old SaaS tool can be used to send mail on your behalf even after the user's password rotates. Revoke unfamiliar OAuth apps.
- Some lists never delist if you've been there long enough. URIBL in particular treats long-history listings as evidence of pattern abuse.
How to verify the fix
Run a Vantyris scan; the Reputation category queries all six major RBLs and shows you which (if any) currently list your IP or domain. Or check mxtoolbox.com/blacklists.aspx for a one-shot view.
Cyber Essentials alignment
This finding informs the following UK NCSC Cyber Essentials control areas:
- A2. Secure configuration — devices and services hardened against the inherent default vulnerabilities.
Vantyris is not a CE certifying body. The mapping above is informational.
Common follow-up questions
Why don't my customers report seeing my emails as spam?
Most modern mail clients (Gmail, Outlook, Apple Mail) silently move suspicious mail to spam without alerting the recipient. Your customer just never sees the email — they don't tell you it went to spam because they don't know it was sent. The first signal is usually a customer asking why you didn't reply to their question.
Can I bypass RBLs by sending through an ESP like Mailgun or Postmark?
Partly. Reputable ESPs have clean sending IPs and reputation, so the IP-level RBL listings (Spamhaus ZEN, Barracuda) won't bite. But domain-level lists (Spamhaus DBL, SURBL) check your domain regardless of who sent the email. Fix the domain issue, not the sending path.
Does HSTS or DMARC help with RBL listings?
Indirectly. DMARC closes the impersonation vector that compromises sending reputation. HSTS doesn't affect email. Both are upstream of the RBL question.
How often should I check my reputation?
Vantyris continuous monitoring queries the six major lists on every scheduled scan (weekly, biweekly, or monthly cadence). Or run a one-off Vantyris verified scan whenever you notice deliverability dropping.
References
- Spamhaus: removal guide Vendor
- Barracuda Reputation Block List Vendor
- MX Toolbox: blacklist check Vendor
- Google Postmaster Tools Vendor
Related explainers
- Google Safe Browsing: how it flags sites and how to clear yours.
- What is DMARC, and why every business with a domain needs one.
- SPF records, explained: the first line of defence against email spoofing.
Want Vantyris to scan your domain for this and 80 other findings?
Free teaser scan, no card. Verified scan from €10 with the full workspace around it: workflow, score trend, three PDF layouts, share links, monitoring.
Vantyris editorial team · methodology v1.0.0