Blacklist Check Try if for Free
Home what is blacklist? Order Free Signup Support Frequently asked questions

How do Blacklists work?


MAPS RSS is carefully maintained and only contains IP addresses that are known to have relayed spam via an open relay. All listings are investigated and confirmed to be an insecure server after notification. MAPS maintain samples of spam that was sent via each open relay as well as the results of the testing performed after spam is received. When an IP address is added to this list, effort is made to contact the owner of the server and alert them that they have an open relay that is being abused, allowing them to correct the problem


SPEWS is a list of areas on the Internet which several system administrators, ISP postmasters, and other service providers have assembled and use to deny email and in some cases, all network traffic from.
SPEWS identifies known spammers and spam operations, listing them as soon as they start, sometimes even before they start spamming. SPEWS does not run a request or nomination based list, entries in the list come from the knowledge and experience of the people who set up and use the SPEWS lists.
Any mail servers using the SPEWS list to filter can be configured to do several things with incoming mail from SPEWS listed IP addresses. The recommended method is to bounce the message back to the sender with a link to the SPEWS "Why was I referred to this website?" page.


The Spamhaus Block List ("SBL") is a database of IP addresses of direct spam sources; spammers, spam gangs and spam support services (but not open proxies or open relays), queriable in realtime by mail systems throughout the Internet for the purpose of refusing mail from known spam senders.

All SBL entries are backed up with evidence which has fully satisfied the Spamhaus Project team that the IP is under the control of a spammer, spam operation or a spam support service and that the IP or netblock represents an unwanted nuisance or threat to mail systems using the SBL.
SBL listings are immediate and, in the case of known spam gangs, are preemptive. The SBL does not require warnings or have a 'grace period' and does not require physical evidence of spam received from any specific IP to qualify a listing (in the case of known spam gangs, any IPs under their control are listed on sight). Warnings are however sent to block owners before listing large netblocks and for listings greater than single /32s the ISP and Block Owner (or upstream) is advised wherever possible of the listing.

Listing Criteria

The criteria for listing IPs in the SBL is:

Spam Sources

Spammers sending bulk email verified to be unsolicited (spam) directly from static IPs under the spammer's control.

Spam Gangs

Spam gangs listed in ROKSO - including preemptively listing new netblocks each time known spammers move to new hosts.

Spam Services

Spammers' mail servers, web servers, DNS and other servers used in spamming.

Spam Support Services

Services providing 'bullet-proof' hosting for spam service purposes, serving 'spamware' sites, or knowingly providing services for spam service purposes.

SORBS (Spam and Open Relay Blocking System)

SORBS scans a host when it attempts to send mail to one of the 'feeder' servers. This means two things:
  • First, if you are a spammer and never send mail to a domain using SORBS, you will never get blocked.
  • Second, SORBS considers scanning for vulnerable hosts' abuse. Scanning a host upon connection is not considered abuse by SORBS as the tested host is requesting a connection; the test is the terms of that connection.


Automatically test servers attempting to send mail to one of the 'feeder' servers. By sending mail to these servers the sender is requesting a cooperative connection. The administrators/owners of these sites will allow the cooperative connection on the basis that you allow the return connections of the SORBS servers to test your server.


Instead of trying to test, categorize and block the plethora of different systems at risk for Supposed Unsolicited Bulk Mail (SUBE), SpamCop blocks whichever the SUBE actually comes from, regardless of their technical merits. As a result, sites which have no technical problems but send a lot of SUBE will be listed. On the other hand, sites which fail some critical technical test but which remain SUBE-free will not be listed

This list contains IP addresses which have been reported to SpamCop as carriers of SUBE, whether directly or indirectly. Some of these reports come from 'spamtraps' (email addresses used strictly to receive spam). The reports about SUBE from a given system are weighted against a sampling of the total amount of mail from the same system to determine a ratio. Some systems which send SUBE may not be listed because they also send a lot of legitimate mail.

Legitimate mail is estimated by monitoring the use of the SpamCop blocklist by third-party sites. Whenever certain third-parties (picked manually as representative) check the blocklist for any given IP address, that host is given a non-SUBE point.

The majority of systems are either mostly SUBE or mostly legitimate mail. The trick is in deciding what to do with the ones in the middle. These are often the systems which send the most mail overall. In the end, an arbitrary line must be drawn.

The system currently operates based on these rules:

  • Systems with a large number of SUBE reports relative to non-SUBE points will be blocked. The threshold is balanced manually in an effort to allow most legitimate systems and block most SUBE.
  • SUBE is weighted by freshness: The most recently-reported SUBE sites are counted 4:1. Reports 48 hours and older are counted 1:1, with a linear sliding scale between now and 48 hours past. Reports older than one week are ignored.
  • Non-SUBE statistics above 1000 are counted at 1/2 their normal weighting. For instance, a host with non-SUBE metric of 2000 would only be judged as a host with a rating of 1500 (see AOL example above).
  • Spamtrap reports (mail sent to non-existant email addresses set up by SpamCop) are used to weight total reports. For spamtrap scores less than 6, the quantity of spamtrap is multiplied by 5 and added to the SUBE score. For larger spamtrap scores, the quantity is squared. For example, if a host has 2 spamtrap reports and 3 manual SUBE reports against it, its weighted SUBE score will be 13: 3 + (2 * 5) = 13. If a host has 7 spamtrap reports and 3 manual SUBE reports, its weighted SUBE score will be 52: 3 + (7 * 7) = 52.
  • SUBE reports regarding website and email-address spamvertisement ARE NOT counted at all. i.e. websites or email addresses used to receive replies from SUBE are not blocked, unless they are also the senders of the SUBE.
  • If a system has received reports regarding relaying spam while listed by an open-relay tracking service AND the same service now lists it as clean, an option is given for public-access manual delisting. If this option is utilized and no SUBE reports are received regarding more-recent SUBE incidents, the host will be delisted.
  • If a host has only 1 SUBE report against it, it will not be listed.
  • If a server has only 2 SUBE reports against it and it has some detectable mail traffic older than 24 hours, it will not be listed.
  • If a server has not been reported as sending SUBE within 48 hours, it will not be listed.

Sign-up for the full-featured BlacklistedIP Service for only $39.95 for 6 months. Peace of mind for less than
23 cents a day!

Untitled Document
What is Blacklist?  
Types of Blacklist?
How did you land in a Blacklist?
How do Blacklists work?
Delisting from Blacklist? 
How to avoid Blacklist?
(Good email marketing strategy?)
Email Marketing Do's and Don'ts?
Open Relay
Proposals offered to nip the spam bud?
Spam filters?
Spammer's notebook?
Synopsis of Can-Spam Act
Blacklist directory
   Spam Blacklist | Email Deliverability | Black list | Blacklisted Domain | Email Blacklist
   IP Blacklisted | Privacy Statement | About Us | Terms of Use | FAQ | Resources | Sitemap
    copyright © 2010 All rights reserved.