Blacklist & Reputation Guides

What Is a DNSBL and How Does It Work

Learn what DNSBLs are, how email blacklists work through DNS lookups, and why listed IPs or domains can affect mail delivery.

By CheckDomainHealth Editorial Team Reviewed by Dionis Ceban Updated Jun 28, 2026 8 min read Beginner

Introduction

DNSBL stands for DNS-based blacklist. It is a reputation list that mail systems can query through DNS to check whether an IP address or domain is associated with spam, malware, abuse, open relays or poor sending behavior.

DNSBL checks are common in email delivery. A listed sending IP or domain can cause bounces, spam folder placement or delays, even when SPF, DKIM and DMARC look correct on paper.

Quick answer

Quick answer

A DNSBL is a DNS-based blacklist used to check IP or domain reputation during email delivery. Receiving mail servers query DNSBL lists and may reject, defer, quarantine or score messages from listed senders. Check your sending IP, mail hostname, reverse DNS and domain reputation with blacklist and mail tools.

What is a DNSBL?

DNSBL stands for DNS-based blacklist. Instead of browsing a website to check reputation, mail systems perform a DNS lookup against a blacklist zone.

DNSBLs are used to identify senders associated with spam, malware, compromised accounts, open relays, suspicious bulk mail or poor sending history. A listing does not always mean every provider blocks mail, but it can reduce deliverability.

How DNSBL works

  1. A sender connects to a receiving mail server.
  2. The receiver checks IP or domain reputation.
  3. A DNSBL lookup is performed through DNS.
  4. If listed, the receiver may reject, defer, quarantine or score the message as suspicious.
  5. Each mail provider decides how much weight to give a DNSBL result.

A DNSBL result is a reputation signal, not a universal on/off switch for all email delivery.

Types of DNSBLs

IP blacklists

List sending IP addresses associated with spam or abuse.

Domain blacklists

List domains used in spam campaigns or suspicious mail.

URI/domain reputation lists

Focus on links or domains found in message content.

Open relay lists

Identify mail servers that relay mail without proper controls.

Malware/phishing lists

Flag IPs or domains tied to malicious activity.

Spamtrap-based lists

Built from spam sent to unused or monitored addresses.

Why this matters

Why this matters

DNSBL listings can affect email delivery, especially for shared hosting, VPS providers, bulk senders and transactional email systems. A listed IP may cause mail to bounce, land in spam or be delayed.

Blacklist problems are often symptoms of compromised websites, weak mail authentication, poor sending practices or bad IP reputation on shared infrastructure.

How to check DNSBL

Use Blacklist Checker, Reverse DNS Checker, MX Lookup and DNS Lookup to review the sending path and reputation signals.

When checking DNSBL status, review

These checks help identify why mail may be filtered.

Sending IP

Check the IP address that actually sends mail.

Mail hostname

Review the hostname used by the mail server.

Reverse DNS

Confirm PTR points to a valid mail hostname.

HELO/EHLO name

Check whether the server introduces itself consistently.

Domain reputation

Review domain-based blacklist and trust signals.

Recent bounce errors

Look for blacklist or reputation-related rejections.

Check DNSBL listings

Use Blacklist Checker to see whether your sending IP or domain appears on common DNSBL lists.

Run Blacklist Check →

Common problems

Sending IP is listed

High

The IP address used to send mail appears on one or more DNSBLs.

Next step: Identify the listing reason, stop abuse and request delisting only after cleanup.

Shared hosting IP has poor reputation

High

Another account on the same IP may have damaged shared reputation.

Next step: Ask the host about the issue or move mail to dedicated or transactional infrastructure.

Compromised website sent spam

High

A hacked site, form or script may have sent spam from the server.

Next step: Scan the server, remove malware and secure mail scripts and accounts.

Weak SPF/DKIM/DMARC

Medium

Poor authentication makes suspicious mail harder to trust even after delisting.

Next step: Fix SPF, DKIM and DMARC before relying on reputation recovery alone.

Missing or wrong rDNS

Medium

The sending IP lacks valid reverse DNS or uses a generic hostname.

Next step: Set PTR with the IP provider and align HELO/EHLO with the mail hostname.

Server hostname mismatch

Medium

HELO/EHLO, PTR and mail hostname do not match consistently.

Next step: Align reverse DNS, server hostname and sending identity.

Bulk mail sent from wrong infrastructure

Medium

Marketing or bulk mail is sent from web hosting instead of a proper mail platform.

Next step: Use a dedicated email service or properly configured mail infrastructure.

Delisting requested before fixing abuse

Medium

The listing returns because the underlying spam or compromise was not fixed.

Next step: Stop the abuse first, then request delisting and monitor for re-listing.

How to fix listings

  1. Identify the exact listed IP or domain

    Use Blacklist Checker and bounce messages to find what is listed and where.

  2. Read the blacklist reason

    Review the provider’s listing page or reason code before taking action.

  3. Stop spam or abuse first

    Close compromised accounts, scripts, forms and weak mail paths.

  4. Scan websites and mail accounts

    Look for malware, spam scripts and unauthorized SMTP use.

  5. Fix SPF/DKIM/DMARC/rDNS/HELO

    Improve authentication and mail server identity signals.

  6. Reduce suspicious sending

    Pause bulk mail, clean lists and remove bad sending patterns.

  7. Request delisting only after cleanup

    Follow each DNSBL provider’s official delisting process.

  8. Monitor recurrence

    Recheck blacklist status and mail logs after delisting.

Examples

DNSBL lookup style example
IP 192.0.2.10 becomes:
10.2.0.192.dnsbl.example
Example dig-style query
dig 10.2.0.192.dnsbl.example A

If the DNSBL returns a listing response, the IP may be considered listed by that provider. Exact response codes and meanings vary by DNSBL.

These examples are illustrative. Use real blacklist lookup tools and official blacklist pages for production checks.

Frequently asked questions

What is a DNSBL?

A DNSBL is a DNS-based blacklist used to check whether an IP address or domain is associated with spam, abuse or poor sending reputation.

Is a DNSBL the same as a blacklist?

DNSBL is one type of blacklist lookup method. People often say “blacklist” when they mean a DNSBL or reputation list checked through DNS.

Does one listing block all email?

Not always. Each receiving mail provider decides how much weight to give a DNSBL result. Some may reject mail, others may quarantine or score it as suspicious.

Why is my clean domain affected by a listed IP?

Email reputation is often tied to the sending IP, especially on shared hosting or VPS mail servers. A listed IP can affect mail even when the domain itself looks fine.

Can shared hosting IPs be blacklisted?

Yes. If another account on the same IP sends spam or gets compromised, the shared IP reputation can affect other senders.

Should I request delisting immediately?

Only after fixing the abuse or spam source. Delisting without cleanup often leads to re-listing.

How do I prevent being listed again?

Stop abuse, secure the server, fix SPF/DKIM/DMARC and rDNS, send only to opted-in recipients, and monitor blacklist status regularly.

Use these free tools to verify your configuration after applying changes.

Browse all Blacklist & Reputation guides →

Need help applying this fix?

Send us your domain, report link or issue details. CheckDomainHealth will review the request and route it to the right technical team if hands-on support is needed.

Get Help Run Domain Health Check

Was this guide helpful?

Your feedback helps us improve our guides for everyone.