spamhaus logo

Get to Know the Spamhaus Project: The Biggest Name in Blocklists

0

The more you learn about email deliverability and spam, the more you hear the term ‘blocklist.’ But what is a blocklist? Why are they bad to be on? Furthermore – who owns and runs these blocklists? Well, one of the biggest players is Spamhaus. No, it is not a German restaurant that serves processed mystery meat.

While blocklist providers like Spamhaus sound scary, they’re the good guys (as long as you stay on their good side that is). In this article, you get to peek behind the curtain and learn all about Spamhaus blocklists. 

What is Spamhaus?

The Spamhaus Project is an international anti-spam non-profit organization. It is primarily a collection of different blocklists designed to track spam and related cybersecurity threats like phishing, malware, and botnets. Spamhaus provides real-time actionable intelligence to cybersecurity firms, corporations, and the internet’s major networks. They even assist law enforcement agencies like the FBI in cybercrime investigations.

To put it simply, Spamhaus provides tools for identifying, filtering, and blocking spam as well as malicious email messages.

It’s important to note that Spamhaus isn’t exactly the entity blocking senders’ emails. Spamhaus provides IP and domain reputation data that its users apply when deciding how to filter or whether to block a sender’s messages.

When they detect a potential spammer, Spamhaus first works to identify the suspicious sender’s digital identification information. Then, they place that sender on a blocklist, which inhibits their ability to continue sending emails that actually reach the intended recipients. 

Spamhaus has been around since 1998. That was the same year that Google entered the scene. So, you know this is a blocklist that has seen a lot over the years and knows how to stop the bad stuff from getting to inboxes. Want to see a list of the biggest spammers on the planet? Check out the ROKSO (Register of Known Spam Operations). It has details on the 100 organizations responsible for 80% of the world’s spam.

Spamhaus.org is an open-source project, and low-volume, non-commercial users can apply its blocklists for free (See the DNSBL Terms of Use for more information). Email senders can also find tools on the site to check if they’re listed on any of the blocklists. Spamhaus.com is a related entity that sells enterprise cybersecurity solutions, including email protection.

Still curious? Find out more about what Spamhaus does in the company’s own words.

Spamhaus blocklists

There’s more than one Spamhaus blocklist. Though you really don’t want to end up on any of them, some pose greater restrictions on email delivery than others.

As previously mentioned, Spamhaus doesn’t block emails. Its users take the IP and domain reputation data to create their own policy on how to filter email. Check out the Spamhaus flowchart below to see how a DNSBL blocklist works.

Spamhaus blocklist flowchart

Here’s a brief look at the primary Spamhaus blocklists:

  1. Spamhaus Block List (SBL)
  2. Composite Snowshoe Block List (CSS)
  3. Domain Block List (DBL)
  4. Exploits Block List (XBL)
  5. Policy Blocklist (PBL)

1. SBL – Spamhaus Block List

The Spamhaus Block List (SBL) catalogs IP addresses that have been identified as sending spam, participating in snowshoe spamming, or using bulletproof hosting. How does Spamhaus identify these IP addresses?

One way is from spam complaints. If too many of the messages you send out are marked as spam emails by your recipients, Spamhaus and other similar organizations start to take notice. If it keeps happening, they’ll put your IP address on a blocklist like the SBL. 

Once that happens, it will impair your ability to deliver emails, even to people who haven’t marked you as spam. 

(Note: Getting delisted from the SBL may require working with your email service provider (ESP) or internet service provider (ISP) to make the official removal request.)

Some innocent email senders can get caught on blocklists if their IP addresses are compromised by spammers. This is one symptom suffered by victims of malware. Not all malware seeks to hold your computer hostage until you pay money. Sometimes, bad actors just want to use your computer’s IP to send spam, without your knowledge. Find out more about the SBL from Mailgun.

2. CSS – Composite Snowshoe Block List

The Spamhaus Composite Snowshoe Blocklist is a component of the SBL that is specifically reserved for email spam violators such as snowshoe spammers, risky senders, and compromised hosts. 

What is ‘snowshoe spamming?’ That’s a technique used by real spammers to spread out their email distribution across a wide swath of IP addresses to avoid spam filters. 

You can end up on the CSS in a number of ways, like continuing to send unsolicited emails, even when someone hasn’t opted in or has asked you to stop. Likewise, poor email list hygiene, a poor email reputation, and indications of abusive practices can land you on the CSS blocklist.

This blocklist uses IP addresses, and being listed here will again have a severe impact on your email deliverability. Find out more about the CSS blocklist from Mailgun.

3. DBL – Spamhaus Domain Block List

The main difference between this and the SBL is that the Spamhaus Domain Blocklist DBL lists domains, while the SBL lists IP addresses. Ending up on the DBL is caused by many factors, such as the ones already discussed.

And once again, if your domain ends up on the domain blocklist, it can cause great damage to your email deliverability. If your domain is on the DBL, and that domain appears anywhere in your emails, they may not be delivered. It also might get you added to the CSS blocklist, which we’ll discuss next. 

The good news here is that your domain may automatically be removed if you improve your email reputation. That’s because DBL listings can automatically expire after sender reputation factors change. But this isn’t guaranteed – and may take longer than you’re willing to wait. So, you may need to manually request removal from the DBL. Find out more about the DBL from Mailgun.

4. XBL – Exploits Block List

The XBL is a real-time database of the IP addresses of hijacked computers. These are PCs that have been infected with illegal third-party exploits. That may include open proxies, worms or viruses with built-in spam engines, and other types of trojan-horse exploits.

If you end up listed on the XBL, it’s because there are signs that your IP or devices connected to it are infected with something malicious.

5. PBL – Policy Block List

Of these four Spamhaus blocklists, this is the one that causes you the least amount of trouble, in theory. You still don’t want to be on it, but unlike the others, being on the Spamhaus Policy Blocklist won’t immediately affect your deliverability. 

Some IP addresses haven’t been designated as email senders. These include IPs related to internet broadband and dial-up customers, which can’t send email. Because of the “wonders” of the internet, sometimes your IP can be flagged as one that shouldn’t be sending email, and placed on the PBL.

One way this can happen is if you aren’t using proper SMTP authentication. Find out more about the PBL from Mailgun.

What is Spamhaus Zen?

One way Spamhaus is making all these blocklists a bit easier and more convenient is with Spamhaus Zen. Instead of using separate blocklists, Spamhaus Zen combines its IP-based blocklists into one (SBL, XBL, CSS, and PBL). That creates a comprehensive solution for mailbox providers and administrators.

Fun fact… the name Zen has nothing to do with finding an enlightened inbox (although that would be cool. It’s actually named for a dog. Zen was the name of Spamhaus founder Steve Linford’s German Shepherd.

Spamhaus delisting and blocklist removal

What do you do if you find yourself on a Spamhaus blocklist?

First, take a breath, because you’re not alone. It’s actually quite common to end up on an email blocklist, and it’s often not because of anything you did. About 25% of bulk email senders in one survey found themselves on at least one blocklist over the course of a year. Sometimes it happens because of things you failed to do, like clean up your lists to remove inactive emails. We’ll get to that in a second. Other times, it’s a technical issue, or it could be that you’ve been compromised by cybercriminals.

The good news is, Spamhaus and other blocklist providers have ways to get delisted as soon as possible.

Here are the steps to take:

1. Confirm you’re on a Spamhaus blocklist

If you’re worried that you’ve been added to a blocklist, the first thing to do is to find out for sure.

You can do that using Spamhaus’ free blocklist lookup tool.

The Spamhaus Lookup Tool

Go there and enter either your IP address, domain, or hash, and see what comes up. If you do find you’re on one of the other IP or domain blocklists, it’s best to pause all email sending until you get things figured out and fixed.

2. Find the steps to get removed

If you are on a blocklist, figure out what you need to do to get removed. Most blocklist vendors, including Spamhaus, will show you the steps you must take to delist yourself. For example, here’s what a sender might see if they are listed on the DBL:

Screenshot from Spamhaus Lookup tool results

When the sender examines the “Show Details” dropdown shown above, there are recommended steps for potentially mitigating the listing. Getting listed on the SBL will require a request from your Internet Service Provider (ISP), or whatever organization owns the IP address from which your email is coming. Before anyone submits a removal request, you’ll want to address any issues and fix any problems that got you there in the first place.

3. Get help if you need it

Every situation is different. You may need to work with your IT department to fix certain issues. Your ESP may be able to help you in other situations.

For example, if you’re on a shared IP, being on a blocklist may not be your fault. It could be the bad behavior of another sender using the same IP to send spam. That’s why ESPs like Mailgun have Acceptable Use Policies, which contain guidelines for using the platform responsibly. The policy helps protect other users on the platform from getting blocklisted.

If you end up on the SBL, Spamhaus requires that the entity that owns the sending IP make the removal request. In some cases, the IP owner will be your ESP. If you’re on a shared IP, or your ESP is providing you with a dedicated IP, then your provider needs to handle the request.

How to avoid getting blocklisted

Rather than working to get removed from blocklists, we’re guessing you’d rather stay off them in the first place. Here are some tips and articles to help you out…

First, make sure there’s a clear and easy way for people to unsubscribe if they no longer want to hear from you, and that you’ve received consent to email contacts in the first place.

One common way email senders end up on a blocklist is through spam traps. The use of these email addresses are an indication to blocklist organizations, like Spamhaus, that the sender isn’t practicing good list hygiene or could be obtaining addresses in less-than-legitimate ways.  

By growing your email list organically and practicing good email list hygiene, you can avoid most of these traps. Still, an email validation service offers the best protection. 

To stay off of blocklists, you’ll also want to set proper email authentication protocols and keep your spam complaints low. Understanding these basics, and understanding what constitutes spam-like activity, will help you stay off of blocklists. 

What Spamhaus wants email marketers to know

The folks at Spamhaus want email marketers to know they’re not out to get you and they don’t want to ruin your day. The blocklist provider has been making an effort lately to be more approachable and friendly to senders. Besides catching and stopping the bad guys, they also want to work with people who use email marketing for legitimate reasons.

Recently, Spamhaus industry liaison, Matt Stith, was a guest on the Mailgun podcast Email’s Not Dead. He told hosts Eric Trinidad and Jonathan Torres that transparency is a big part of the new Spamhaus image. That includes being clear and helpful when Spamhaus detects an issue and a sender ends up on a blocklist due to an honest mistake.

“And the thing that we’re really trying to evolve right now is how you got listed. How do you fix it? And we’re trying to be able to get that to the community, and it’s something that we need constant feedback on.”

Matt Stith, Industry Liaison, Spamhaus

Matt also talks about how senders need to keep evolving and learning as well. Things are always changing in the email industry. That can make the job of stopping spammers and scammers tough. It can also create email deliverability challenges. However, blocklists like Spamhaus serve an important purpose.

“We don’t just want to block all your mail. We actually want to help you guys fix things. We want to help you educate others and educate yourselves.”

Matt Stith, Industry Liaison, Spamhaus

By helping to make the inbox a safer, spam-free place, Spamhaus also ensures that email continues to be an effective way for brands to connect and communicate with customers and subscribers. That’s why responsible senders and organizations like Spamhaus should see themselves as being on the same team.

emails not dead podcast logo of skull

Hear it for yourself…

Check out Season 4 Episode 2 of Email’s Not Dead, with special guest Matt Stith of Spamhaus. Subscribe now on Apple Podcasts or wherever you listen so you’ll never miss one of our exclusive interviews.

Get blocklist monitoring with Mailgun Optimize

Blocklists don’t have to be scary, and email deliverability doesn’t have to be hard. There are tools to help you monitor and improve email delivery while watching for issues that can trip you up. With Mailgun Optimize, you get an email deliverability suite that comes with many of the tools you need.

Using a curated list of blocklists, Deliverability Monitoring checks to see if your campaigns are at risk of being blocked before you hit send. It also monitors for spam traps and provides actionable advice for getting delisted if needed.

Mailgun Optimize Email Validations help you verify email addresses and keep your list clean while preventing lost leads and new subscribers. Plus, Inbox Placement provides a clear picture of where you can expect your emails to land.

Sign up for a free month of Mailgun Optimize to discover how powerful our email deliverability solutions really are.

Leave a Reply

Your email address will not be published. Required fields are marked *