Information

Everything you need to know about the AbuseBL blocklist — how entries are added, how long they last, and how delisting works.

Getting Listed

How Do You Get Listed?

An IP address or domain is added to the AbuseBL blocklist when our systems detect spam or abuse activity originating from or associated with it. Listings happen automatically — there is no human approval step. There are three primary sources that trigger a listing:

1. Spam to Honeypot Addresses

We operate a large network of email addresses (honeypots) that have never been used to send or receive legitimate email. These addresses are seeded across the internet in locations typically harvested by spam bots.

Any email sent to one of our honeypot addresses is, by definition, unsolicited. The originating IP address and sending domain are immediately logged and added to the blocklist. There is no grace period — a single hit on a honeypot address is sufficient to trigger a listing.

Why this matters: Legitimate mail servers never send email to addresses they have not received mail from first. A honeypot hit is a near-certain indicator of spam activity.

2. Direct Spam to Our Domains

AbuseBL manages a number of domains for the sole purpose of abuse detection. These domains do not belong to any organisation and are not used for any legitimate email communication.

Any email directed to addresses under these domains is treated as spam. Our systems automatically extract the originating IP address and the sender's domain and add them to the blocklist.

Note: If you are sending email to addresses at our managed domains, you have likely harvested those addresses illegitimately or are sending to purchased/rented lists containing invalid addresses.

3. Reports from Our Clients

Our network of partner organisations and clients submit verified spam reports to us. Each report undergoes automated cross-referencing and validation before it is used to generate a listing.

Client reports are weighted — a high volume of reports from multiple independent clients against the same IP or domain results in a faster and potentially longer listing. Reports from a single source undergo stricter validation before being actioned.

For senders: If your IP or domain has been reported by clients, it is likely that your sending infrastructure is compromised, misconfigured, or is being used to send unsolicited bulk email.
Delisting

How Does Delisting Work?

Delisting is fully automatic.

There is no manual delisting process. All listings expire on their own after the penalty period has elapsed. You do not need to submit a request to be removed from the blocklist — simply stop the abuse activity and wait for the listing to expire.

Escalation Policy: Longer Blocks for Repeat Offences

The length of a listing is not fixed. It depends on the history of abuse associated with the IP address or domain in question. Our escalation policy works as follows:

Offence Block Duration Notes
1st listing 24 hours Short block; opportunity to identify and fix the issue.
2nd listing 7 days The issue was not resolved after the first block.
3rd listing 30 days Persistent abuse pattern detected.
4th listing+ 90 days Severe or repeated abuse.
Permanent Indefinite Persistent, high-volume, or malicious abuse with no remediation. Does not expire automatically — manual review required.

The offence counter resets only after a significant clean period following the expiry of the previous listing. If a new listing occurs before the counter resets, the next escalation level applies automatically.

Important: Each new abuse event resets and extends the block timer. If you continue to send spam while you are already listed, the block duration will be extended.
Permanent listings are applied at our discretion for infrastructure that demonstrates persistent, high-volume, or deliberate abuse with no sign of remediation. Unlike all other tiers, permanent listings do not expire automatically. Removal requires a manual review request submitted via the contact form by the verified IP holder or domain owner.

What You Should Do

  1. Investigate the source of abuse. Check your sending infrastructure for compromised accounts, open relays, malware infections, or misconfigurations.
  2. Stop the abuse activity. Fix the underlying problem. Blocking port 25 for the affected IP and reviewing your email authentication (SPF, DKIM, DMARC) is a good start.
  3. Wait for the listing to expire. Once the abuse has stopped, do nothing. Your listing will expire automatically at the end of the block period.
Policy

Communication Policy

We only communicate with IP address holders and domain owners.

AbuseBL does not communicate with third parties, intermediaries, delisting services, or individuals who do not demonstrate ownership or administrative control over the listed resource.

If you contact us regarding a listing, you must be able to demonstrate that you are:

  • The registered holder of the IP address or IP range (as shown in WHOIS / RIR records), or
  • The administrative contact for the domain listed in WHOIS records, or
  • A designated abuse contact registered with the appropriate Regional Internet Registry (RIR).

Emails from hosting customers, end users, resellers, or anyone other than the direct IP holder or domain registrant will not receive a substantive response regarding listings.

Reminder: Since delisting is automatic, in most cases there is no need to contact us at all. If your block has not expired after the expected period and you believe there is an error, you may use the contact form to enquire.