Lookup · 16 DNSBLs in parallel

IP blacklist checker

Check any IP against Spamhaus, Barracuda, SORBS, SpamCop, UCEPROTECT, CBL, Mailspike, and 10 more major DNSBLs in a single query. Per-list status, reason codes, direct delisting links.

IPv4 and IPv6 supported; v6 coverage varies by zone

What a DNSBL is

A DNS-based blocklist (DNSBL, also called RBL or just "blacklist") is a zone in the DNS published by an anti-abuse organization. Each operator decides what activity qualifies for a listing — spam sending, open-proxy behavior, residential origin, recent malware C&C — and publishes the list as DNS records. Mail servers query the zone before accepting a connection; web platforms query it before letting a user post; security teams query it to triage incident IPs. The same protocol (DNS), so any system that resolves names can consult the list.

To check whether 1.2.3.4 is on zen.spamhaus.org, you reverse the IPv4 octets and query 4.3.2.1.zen.spamhaus.org for an A record. A response of 127.0.0.x means listed (the last byte often encodes which sub-list flagged the address); NXDOMAIN means clean.

The lists this tool queries

We fan out to 16 zones in parallel and aggregate. The set covers the major mail-focused lists (Spamhaus, Barracuda, SORBS, SpamCop, CBL, UCEPROTECT, Mailspike, PSBL, Backscatterer) plus a handful of broader-purpose ones (Hostkarma, GBUdb Truncate, s5h.net). For each list, the result table shows status, return code, friendly reason where decodable, and a direct link to the delisting page so you can act immediately.

How to read the results

  • Listed — the zone returned at least one 127.0.0.x answer. The specific code often distinguishes between sub-lists (e.g. Spamhaus ZEN's SBL vs CSS vs XBL vs PBL). When the code is decodable into a human reason, we show it.
  • Clean — the zone returned NXDOMAIN, or NOERROR with no 127.0.0.x records. Either way, this list isn't flagging the IP.
  • Error — the DoH lookup failed, often because the blocklist rate-limited Cloudflare's resolver. Try again in a minute, or check that specific list's own removal page directly.
  • Timeout — no response within 5 seconds. Some operators are slow; try again.

If you're listed

Read the full IP reputation explainer for the recovery playbook. The short version:

  1. Identify and fix the cause first. If you delist before fixing, you'll be re-listed in hours.
  2. Audit SPF / DKIM / DMARC with the email auth checker. Most mail listings stem from auth-record problems.
  3. Submit removal at each listing site — each result above has a direct link to the right form.
  4. Warm up carefully after delisting — don't blast a backlog of mail through the IP in the first hour; the listing will return.
  5. Consider migrating outbound mail to a managed sender (SendGrid, Postmark, AWS SES with a dedicated IP) if your IP's reputation is fundamentally compromised.

Common false-positive patterns

  • UCEPROTECT Level 2 / Level 3 listings often catch IPs that are individually clean but share a /24 or ASN with abusive neighbors. Some mail admins ignore these levels for that reason.
  • Spamhaus PBL listings on residential and mobile IPs are by-design — the list says "this range shouldn't be sending mail" not "this specific IP misbehaved." If you're running a home mail server, expect to be on PBL and route outbound mail through a smart-host instead.
  • SORBS dynamic IP lists include large ranges based on ISP declarations rather than per-IP observation.

What this tool is NOT

  • Not the authoritative oracle. Each blocklist is the authoritative source for its own zone; we're querying them via DoH and showing what comes back. A successful "clean" here means the lookup succeeded, not that the IP is universally trusted.
  • Not a full reputation score. For deeper threat intel, consult AbuseIPDB, Shodan, GreyNoise — they aggregate signals beyond DNSBL listings.
  • Not a removal service. We link to each blocklist's removal form; the request itself happens on their site.

Adjacent tools