Blocklist Checker

Check the domain or IP spam reputation.

Enter domain name or IP to search

Share on Social Media:

Our Blocklist Checker is a tool designed to help users assess the reputation of a given domain or IP address by querying over 70 IP-based DNS Block Lists (DNSBLs). 

How to Use

  • Input: Enter the domain name or IPv4 address you want to check into the provided input field. If a domain name was provided, the tool performs DNS resolution to obtain the corresponding IP address.
  • Initiate Query: Click the "Check Blocklists" button to start the lookup process.
  • Display Results: The tool initiates DNS queries to multiple DNSBL servers, each corresponding to a specific blacklist. If the queried IP is found in a DNSBL database, the tool returns a response of "Listed." If the IP is not found in the queried DNSBLs, the response is “Not Listed.”

DNSBLs

DNS Block Lists (also known as DNS Blacklists, DNS RBLs or DNSBLs) are databases containing IP addresses known for sending spam or malicious content. These lists are maintained by various organizations and service providers to help email servers filter out unwanted or potentially harmful emails. The BL maintenance process involves monitoring email traffic, analyzing patterns, and regularly updating the list of blacklisted IP addresses.

A typical DNSBL request requires a specially formatted A record DNS query. The queried record name is created by reversing the order of the octets of the IP address, and appending the domain name of the DNSBL. For example: 3.2.1.10.dnsrbl.example.com queries the  dnsrbl.example.com  BL for the 10.1.2.3 IP address.

If the domain or IP is not found in the DNSBL, the DNS server responds with a standard NXDOMAIN DNS response indicating that the record does not exist.

If the queried IP is found in the DNSBL database, the DNSBL server responds with a specific DNS A record containing an IP address from the loopback range (127.0.0.0/8), for example:  3.2.1.10.dnsrbl.example.com. IN A 127.0.0.2

Typically, the  value of 127.0.0.2 is used, however, many blacklists respond with different values to provide reason codes for why an IP address is blacklisted. The codes categorize the type of malicious activity associated with the IP, such as spam, malware distribution, or phishing. Such information is usually encoded in the lover octets of the returned IP address, for example 127.0.0.6, 127.0.1.1, etc.  Note that code values and their meanings vary significantly between different BLs. 

Additional details may be also provided as a free-form text in the corresponding TXT record. For example:  3.2.1.10.dnsrbl.example.com. IN TXT “Reason: Spam, Category: High Risk”

See Also:

RFC 5782 - DNS Blacklists and Whitelists

Blacklist Monitor » Statistics of accuracy and failure rates