NordSpam IP Address Blacklist (BL)
The NordSpam IP blacklist (blocklist) identifies IPs used for spam and abuse, with a specific focus on activity targeting Nordic and European countries.
Updated on 17 Jun 2026: We updated this guide with NordSpam's current DNSBL usage, lookup, and delisting details.
Summarize with
Check if you are listed on NordSpam IP Address Blacklist (BL)
And 143 other blocklists.
Spamhaus
0Spam
Cisco
NoSolicitado
URIBL
abuse.ro
ALPHANET
Anonmails
Ascams
BLOCKEDSERVERS
Calivent Networks
EFnet
JustSpam
Kempt.net
NordSpam
RV-SOFT Technology
Scientific Spam
Spamikaze
SpamRATS
SPFBL
Suomispam
System 5 Hosting
Team Cymru
Validity
www.blocklist.de Fail2Ban-Reporting Service
ZapBL
2stepback.dk
Fayntic Services
ORB UK
technoirc.org
TechTheftSpamhaus0SpamCiscoNoSolicitadoURIBLabuse.roALPHANETAnonmailsAscamsBLOCKEDSERVERSCalivent NetworksEFnetJustSpamKempt.netNordSpamRV-SOFT TechnologyScientific SpamSpamikazeSpamRATSSPFBLSuomispamSystem 5 HostingTeam CymruValiditywww.blocklist.de Fail2Ban-Reporting ServiceZapBL2stepback.dkFayntic ServicesORB UKtechnoirc.orgTechTheftSpamhaus0SpamCiscoNoSolicitadoURIBLabuse.roALPHANETAnonmailsAscamsBLOCKEDSERVERSCalivent NetworksEFnetJustSpamKempt.netNordSpamRV-SOFT TechnologyScientific SpamSpamikazeSpamRATSSPFBLSuomispamSystem 5 HostingTeam CymruValiditywww.blocklist.de Fail2Ban-Reporting ServiceZapBL2stepback.dkFayntic ServicesORB UKtechnoirc.orgTechTheftSpamhaus0SpamCiscoNoSolicitadoURIBLabuse.roALPHANETAnonmailsAscamsBLOCKEDSERVERSCalivent NetworksEFnetJustSpamKempt.netNordSpamRV-SOFT TechnologyScientific SpamSpamikazeSpamRATSSPFBLSuomispamSystem 5 HostingTeam CymruValiditywww.blocklist.de Fail2Ban-Reporting ServiceZapBL2stepback.dkFayntic ServicesORB UKtechnoirc.orgTechTheftSpamhaus0SpamCiscoNoSolicitadoURIBLabuse.roALPHANETAnonmailsAscamsBLOCKEDSERVERSCalivent NetworksEFnetJustSpamKempt.netNordSpamRV-SOFT TechnologyScientific SpamSpamikazeSpamRATSSPFBLSuomispamSystem 5 HostingTeam CymruValiditywww.blocklist.de Fail2Ban-Reporting ServiceZapBL2stepback.dkFayntic ServicesORB UKtechnoirc.orgTechTheftWhat is NordSpam IP Address Blacklist (BL)?
The NordSpam IP Address Blacklist (BL) is a DNS-based Blackhole List (DNSBL) that lists IP addresses believed to be controlled by, used by, or made available for spammers and abusers in unsolicited bulk email (UBE) or other internet abuse, including phishing, online scams, ransomware, and webspam. Its stated focus is activity targeting Nordic and European countries. Mail server administrators can use this blacklist (blocklist) data to classify or block inbound mail.
NordSpam also maintains a separate domain blacklist at dbl.nordspam.com. This page focuses on the IP address blacklist at bl.nordspam.com.
According to NordSpam, its listing policy is based on tracking sources of spam and abuse. The exact criteria for getting on the blocklist are not disclosed, so spammers do not get instructions for avoiding the filters. All additions to this blacklist are manually moderated to help prevent false positives.
Technically, NordSpam IP Address Blacklist (BL) is an RFC5782 compliant DNSBL, and NordSpam states that it follows DNSBL BCP RFC6471 when operating the service. The IP query zone is bl.nordspam.com, and it supports both IPv4 and IPv6 addresses. When a listed IP is queried, the blacklist returns a positive response of 127.0.0.2. Queries can be made for A records to confirm the listing and TXT records to get extra information.
Who runs NordSpam?
This blocklist is run by The NordSpam Project, a nonprofit organization. The project is privately funded and sponsored by a few companies. Its stated goal is to track spammers and spam-related activity, with a particular focus on activity affecting European and Nordic countries. The service is free for both commercial and non-commercial use.
How to check and use NordSpam
NordSpam documents bl.nordspam.com as active IP address data and recommends blocking at the MTA level when a receiving operator chooses to use the list. For direct DNS checks, reverse the IPv4 octets before appending the query zone. For IPv6, expand the address first, then reverse the nibbles before appending the zone.
- Use an A lookup to check whether an IP is listed. A positive listing returns 127.0.0.2.
- Use a TXT lookup when you need extra information about the listing response.
- Verify the DNSBL testpoints before relying on the zone: 127.0.0.1 must not exist, and 127.0.0.2 must exist.
- Contact NordSpam before exceeding 10,000 queries per day. For thousands of queries per hour, API or zone transfer access is reviewed case by case.
IPv4 DNSBL lookup examplebash
$ dig +short A 2.0.0.127.bl.nordspam.com 127.0.0.2 $ dig +short TXT 2.0.0.127.bl.nordspam.com "RFC5782 TEST-record."
How to get delisted from NordSpam
Getting removed from NordSpam IP Address Blacklist (BL) is a strictly manual process, and all removals are free. Listings do not automatically expire, although old entries can be rechecked and removed if they no longer appear to be sources of spam. Before requesting removal, identify and resolve the issue that caused the listing. Delisting requests without an explanation of how the spam problem was fixed are almost certain to be ignored.
- Resolve the root cause before contacting NordSpam. Fix the spam or abuse issue originating from your IP address or domain, such as a compromised server, an abusive user account, or a vulnerable web form.
- Send the delisting request in English text format to delist@nordspam.com. There is no automated delisting form.
- For an IP address delisting, the request must come from the owner of the IP block. For a domain delisting, the request must be sent from an email address at that domain, such as webmaster@yourdomain.com. Include evidence that the spam issues have been resolved.
NordSpam typically investigates and processes valid requests within 1 to 48 hours. NordSpam can delay or decline a removal request if the corrective actions taken are not sufficient to prevent future abuse, including when an operator continues to provide support services to the spammer.
What is the impact of a NordSpam listing?
The impact of being on NordSpam IP Address Blacklist (BL) is usually low, but any listing on a blacklist or blocklist can cause delivery failures when a recipient system uses that data. NordSpam itself does not block mail. It publishes reputation data that receiving operators choose to use. If one of your recipient systems uses this list at the MTA level, your messages can be rejected or filtered before inbox placement.
Because NordSpam focuses on spam activity targeting Nordic and other European countries, the delivery risk is higher when sending to recipients in those regions. Treat a listing as a sign to investigate the abuse source, server compromise, weak account controls, and email authentication. For legitimate sending domains, confirm that SPF, DKIM, and DMARC pass for the mail streams in use. Suped's DMARC reporting workflow can help identify unauthorized sending sources and authentication failures while the blacklist issue is being fixed.
