Free Email Tool
Check your domain against 18 URI/domain blacklists — Spamhaus DBL, all 7 SURBL components, URIBL, HostKarma, Invaluement. Weighted score, risk assessment, and recommendations.
When email is filtered as spam, two separate blacklisting systems may be responsible. The first — IP blacklists — targets the sending server's IP address. The second — domain blacklists, also called URI blacklists or URIBLs — targets the domain itself as it appears in the email body, From header, or links. This distinction matters because domain blacklisting is fundamentally more serious for legitimate brands: while a blacklisted IP can be replaced, a blacklisted domain follows your brand everywhere until it's removed from each list.
This tool checks your domain against 18 URIBL and domain blacklists, including Spamhaus DBL, all seven SURBL components individually, URIBL black/red/grey/multi, HostKarma, Invaluement ivmURI, and additional lists. Results include a weighted domain reputation score, provider-by-provider breakdown, risk assessment, and targeted recommendations based on which lists show active listings.
IP blacklists filter based on the sending server's network address — the technical infrastructure that delivers the mail. Domain blacklists filter based on the domain names found inside the email — the content. Spam filters that use URIBLs extract every domain from links, the From header, the Return-Path, and the message body, then query each domain against one or more URIBL providers. A match on any domain in the message triggers a spam score increase or outright rejection.
This creates a critical difference in remediation. Changing your IP — or using a different sending infrastructure entirely — doesn't help with a domain listing. If yourdomain.com is on URIBL black or Spamhaus DBL, every message sent from any infrastructure that contains yourdomain.com in its content will be affected. The listing follows the domain.
The Spamhaus Domain Block List (DBL) is to domain reputation what ZEN is to IP reputation — the most widely deployed and most impactful list in its category. Maintained by Spamhaus researchers with manual review, the DBL contains domains associated with spam operations, phishing campaigns, malware distribution, and known spam networks.
DBL listings use specific return codes to indicate why the domain is listed. 127.0.1.2 indicates a spam domain. 127.0.1.4 indicates a phishing domain. 127.0.1.5 indicates a malware distribution domain. 127.0.1.6 indicates an abused legit domain — one with legitimate ownership but content or subdomains being abused. The distinction matters for remediation: an abused legit domain listing (127.0.1.6) often involves an open redirect or compromised subdomain that can be fixed and removed relatively quickly.
SURBL (Spam URI Realtime Blocklist) was the first widely deployed URI blacklist and remains central to most Spamassassin-based filtering configurations. What makes SURBL distinctive is its modular component structure — multiple data sources contributing to independent component lists, combined into the multi.surbl.org combined list. Spamassassin and most anti-spam systems query multi rather than individual components, but checking components individually reveals which data source contributed to a listing — critical for understanding the nature of the problem.
SC (SpamCop) — Domains extracted from messages reported by SpamCop users. Dominated by commercial spam operations. An SC listing means your domain appeared in spam reported by real users.
WS (Stearns) — Data contributed by Bill Stearns, covering domains associated with general spam activity. One of the original SURBL components.
OB (OutBlaze) — Phishing domain data contributed by OutBlaze, covering domains associated with phishing campaigns. Particularly prevalent for typosquatted domains and domains impersonating financial institutions.
AB (AbuseButler) — Combined phishing and malware distribution domains. AbuseButler data tends to be highly accurate with low false positive rates — a listing here is a strong signal.
JP (Joewein) — Japanese-origin spam domain data contributed by Joe Wein. Important for senders in the Asia-Pacific region, less critical for pure Western audiences.
CR (Cracked) — Compromised and cracked domains used in spam campaigns. CR listings often affect legitimate domain owners whose websites have been compromised and are being used without their knowledge to host or redirect spam content. Check your web hosting for malware or unauthorized files if you receive a CR listing.
URIBL operates multiple lists representing different confidence levels in domain spam association:
URIBL black — The highest confidence tier. Domains here have been observed in spam messages across URIBL's sensor network with high frequency and are confirmed spam-associated. A black listing causes immediate high spam scores in most filter configurations.
URIBL red — Highly spam-associated domains with slightly less certainty than black. Red listings are still significant and will increase spam scores materially in most filters.
URIBL grey — Recently active or suspicious domains. Grey is a staging area — domains that URIBL's system has flagged for monitoring but hasn't yet promoted to red or black. A grey listing may self-expire if no further spam activity is observed. Check if this is your situation with the checker, then monitor over the following 7–14 days.
HostKarma is unusual in operating both a block list and a whitelist as part of the same system. Being listed on the HostKarma whitelist (wl.hostkarma.junkemailfilter.com) is a positive reputation signal — mail filters using HostKarma will give whitelisted domains a reputation benefit. This tool checks both: if your domain appears on the whitelist, the result is marked as "Whitelisted ✓" rather than "Clean." The block list (bl.hostkarma.junkemailfilter.com) functions like a standard URIBL and is checked independently.
Invaluement is a commercial threat intelligence provider known for its exceptionally low false positive rate. Their URI list (ivmURI) is used by several tier-1 ISPs and commercial email security vendors. Unlike spam-trap-heavy lists that can generate legitimate false positives during warming, Invaluement's approach uses multi-source correlation that virtually eliminates false positives. This means an ivmURI listing is a very strong signal — Invaluement has high confidence your domain is involved in spam. Check carefully for compromised accounts, phishing abuse, or acquired lists before requesting removal.
A fundamental asymmetry exists between IP and domain reputation: IP reputation can be rebuilt in 4–8 weeks through proper warming of a new dedicated IP. Domain reputation, once damaged, may take months to repair and may never fully recover in some filter configurations that use long-decay historical data.
This makes domain reputation one of the most valuable long-term assets in email marketing. Brands that have maintained clean domain reputation for 5+ years benefit from a form of deliverability capital that no amount of money can quickly replace. Protecting domain reputation through strong DMARC enforcement, consent-based acquisition, and active complaint monitoring is one of the highest-ROI investments in email program health.
Visit check.spamhaus.org and look up your domain. The page will show the listing category and a removal request option. Spamhaus typically processes removal requests within 48 hours for domains that have genuinely addressed the cause. Note that if the listing is 127.0.1.6 (abused legit domain), Spamhaus may ask you to identify and fix the compromised element first.
SURBL grey is a staging list. It contains domains flagged by SURBL's system that haven't been confirmed as active spam domains. If your domain is on grey but not on any other list, and your email practices are clean, the listing may expire on its own within 7–14 days without action. Monitor using this tool. If it's also on SC or AB, investigate those specifically.
DMARC p=reject prevents unauthorized senders from using your domain in the From header of emails that will be delivered to DMARC-aware receivers. This addresses phishing and spoofing as a cause of domain listing. However, DMARC doesn't protect against listings caused by your own list hygiene problems, spam trap hits, or compromised sending infrastructure. It's an important part of domain reputation defense but not a complete solution.
Our dedicated infrastructure clients benefit from proactive domain reputation monitoring, DMARC enforcement guidance, and immediate alerting on any domain or IP blacklist event. Protecting domain reputation starts with infrastructure that separates your sending identity from other senders.
Explore dedicated infrastructureRelated Tools
IP Blacklist Checker Domain Blacklist Checker Bulk IP Blacklist Bulk Domain Blacklist SPF Validator DMARC Checker PTR / rDNS LookupOur dedicated IP clients get automated blacklist monitoring every 4 hours with instant alerts.
Get dedicated IPs