Suped

Spamhaus Exploits Blocklist (XBL)

Spamhaus Exploits Blocklist (XBL)
The Spamhaus Exploits Blocklist (XBL) tracks IP addresses compromised by malware or third-party exploits for malicious email activity (blacklist).
Updated on 17 Jun 2026: We updated this guide with current XBL scope, filtering use cases, and cleanup steps for compromised sending IPs.
Summarize with
Check if you are listed on Spamhaus Exploits Blocklist (XBL)
And 143 other blocklists.
www.spamhaus.org logoSpamhaus0spam.org logo0Spam
Blocklist icon
Abusix
Blocklist icon
Barracuda Networks
www.spamcop.net logoCisco
Blocklist icon
Mailspike
www.nosolicitado.org logoNoSolicitado
Blocklist icon
SURBL
Blocklist icon
UCEPROTECT
uribl.com logoURIBL
Blocklist icon
8086 Consultancy
abuse.ro logoabuse.rowiki.alphanet.ch logoALPHANETanonmails.de logoAnonmailsascams.com logoAscamswww.blockedservers.com logoBLOCKEDSERVERS
Blocklist icon
Brukalai.lt
dnsbl.calivent.com.pe logoCalivent Networks
Blocklist icon
dan.me.uk
Blocklist icon
DrMx
Blocklist icon
DroneBL
rbl.efnetrbl.org logoEFnet
Blocklist icon
Fabel
Blocklist icon
GBUdb
Blocklist icon
ImproWare
Blocklist icon
JIPPG Technologies
Blocklist icon
Junk Email Filter
www.justspam.org logoJustSpamwww.kempt.net logoKempt.net
Blocklist icon
Mail Baby
www.nordspam.com logoNordSpam
Blocklist icon
nsZones
Blocklist icon
Polspam
rv-soft.info logoRV-SOFT Technology
Blocklist icon
Schulte
www.scientificspam.net logoScientific Spam
Blocklist icon
Spam Eating Monkey
psbl.org logoSpamikazewww.spamrats.com logoSpamRATSspfbl.net logoSPFBLsuomispam.net logoSuomispamwww.usenix.org.uk logoSystem 5 Hosting
Blocklist icon
Taughannock Networks
www.team-cymru.com logoTeam Cymru
Blocklist icon
Tornevall Networks
senderscore.org logoValiditywww.blocklist.de logowww.blocklist.de Fail2Ban-Reporting Servicezapbl.net logoZapBL2stepback.dk logo2stepback.dkfaynticrbl.org logoFayntic Servicesorbz.gst-group.co.uk logoORB UK
Blocklist icon
RedHawk
dnsbl.technoirc.org logotechnoirc.orgwww.techtheft.info logoTechTheftwww.spamhaus.org logoSpamhaus0spam.org logo0Spam
Blocklist icon
Abusix
Blocklist icon
Barracuda Networks
www.spamcop.net logoCisco
Blocklist icon
Mailspike
www.nosolicitado.org logoNoSolicitado
Blocklist icon
SURBL
Blocklist icon
UCEPROTECT
uribl.com logoURIBL
Blocklist icon
8086 Consultancy
abuse.ro logoabuse.rowiki.alphanet.ch logoALPHANETanonmails.de logoAnonmailsascams.com logoAscamswww.blockedservers.com logoBLOCKEDSERVERS
Blocklist icon
Brukalai.lt
dnsbl.calivent.com.pe logoCalivent Networks
Blocklist icon
dan.me.uk
Blocklist icon
DrMx
Blocklist icon
DroneBL
rbl.efnetrbl.org logoEFnet
Blocklist icon
Fabel
Blocklist icon
GBUdb
Blocklist icon
ImproWare
Blocklist icon
JIPPG Technologies
Blocklist icon
Junk Email Filter
www.justspam.org logoJustSpamwww.kempt.net logoKempt.net
Blocklist icon
Mail Baby
www.nordspam.com logoNordSpam
Blocklist icon
nsZones
Blocklist icon
Polspam
rv-soft.info logoRV-SOFT Technology
Blocklist icon
Schulte
www.scientificspam.net logoScientific Spam
Blocklist icon
Spam Eating Monkey
psbl.org logoSpamikazewww.spamrats.com logoSpamRATSspfbl.net logoSPFBLsuomispam.net logoSuomispamwww.usenix.org.uk logoSystem 5 Hosting
Blocklist icon
Taughannock Networks
www.team-cymru.com logoTeam Cymru
Blocklist icon
Tornevall Networks
senderscore.org logoValiditywww.blocklist.de logowww.blocklist.de Fail2Ban-Reporting Servicezapbl.net logoZapBL2stepback.dk logo2stepback.dkfaynticrbl.org logoFayntic Servicesorbz.gst-group.co.uk logoORB UK
Blocklist icon
RedHawk
dnsbl.technoirc.org logotechnoirc.orgwww.techtheft.info logoTechTheftwww.spamhaus.org logoSpamhaus0spam.org logo0Spam
Blocklist icon
Abusix
Blocklist icon
Barracuda Networks
www.spamcop.net logoCisco
Blocklist icon
Mailspike
www.nosolicitado.org logoNoSolicitado
Blocklist icon
SURBL
Blocklist icon
UCEPROTECT
uribl.com logoURIBL
Blocklist icon
8086 Consultancy
abuse.ro logoabuse.rowiki.alphanet.ch logoALPHANETanonmails.de logoAnonmailsascams.com logoAscamswww.blockedservers.com logoBLOCKEDSERVERS
Blocklist icon
Brukalai.lt
dnsbl.calivent.com.pe logoCalivent Networks
Blocklist icon
dan.me.uk
Blocklist icon
DrMx
Blocklist icon
DroneBL
rbl.efnetrbl.org logoEFnet
Blocklist icon
Fabel
Blocklist icon
GBUdb
Blocklist icon
ImproWare
Blocklist icon
JIPPG Technologies
Blocklist icon
Junk Email Filter
www.justspam.org logoJustSpamwww.kempt.net logoKempt.net
Blocklist icon
Mail Baby
www.nordspam.com logoNordSpam
Blocklist icon
nsZones
Blocklist icon
Polspam
rv-soft.info logoRV-SOFT Technology
Blocklist icon
Schulte
www.scientificspam.net logoScientific Spam
Blocklist icon
Spam Eating Monkey
psbl.org logoSpamikazewww.spamrats.com logoSpamRATSspfbl.net logoSPFBLsuomispam.net logoSuomispamwww.usenix.org.uk logoSystem 5 Hosting
Blocklist icon
Taughannock Networks
www.team-cymru.com logoTeam Cymru
Blocklist icon
Tornevall Networks
senderscore.org logoValiditywww.blocklist.de logowww.blocklist.de Fail2Ban-Reporting Servicezapbl.net logoZapBL2stepback.dk logo2stepback.dkfaynticrbl.org logoFayntic Servicesorbz.gst-group.co.uk logoORB UK
Blocklist icon
RedHawk
dnsbl.technoirc.org logotechnoirc.orgwww.techtheft.info logoTechTheftwww.spamhaus.org logoSpamhaus0spam.org logo0Spam
Blocklist icon
Abusix
Blocklist icon
Barracuda Networks
www.spamcop.net logoCisco
Blocklist icon
Mailspike
www.nosolicitado.org logoNoSolicitado
Blocklist icon
SURBL
Blocklist icon
UCEPROTECT
uribl.com logoURIBL
Blocklist icon
8086 Consultancy
abuse.ro logoabuse.rowiki.alphanet.ch logoALPHANETanonmails.de logoAnonmailsascams.com logoAscamswww.blockedservers.com logoBLOCKEDSERVERS
Blocklist icon
Brukalai.lt
dnsbl.calivent.com.pe logoCalivent Networks
Blocklist icon
dan.me.uk
Blocklist icon
DrMx
Blocklist icon
DroneBL
rbl.efnetrbl.org logoEFnet
Blocklist icon
Fabel
Blocklist icon
GBUdb
Blocklist icon
ImproWare
Blocklist icon
JIPPG Technologies
Blocklist icon
Junk Email Filter
www.justspam.org logoJustSpamwww.kempt.net logoKempt.net
Blocklist icon
Mail Baby
www.nordspam.com logoNordSpam
Blocklist icon
nsZones
Blocklist icon
Polspam
rv-soft.info logoRV-SOFT Technology
Blocklist icon
Schulte
www.scientificspam.net logoScientific Spam
Blocklist icon
Spam Eating Monkey
psbl.org logoSpamikazewww.spamrats.com logoSpamRATSspfbl.net logoSPFBLsuomispam.net logoSuomispamwww.usenix.org.uk logoSystem 5 Hosting
Blocklist icon
Taughannock Networks
www.team-cymru.com logoTeam Cymru
Blocklist icon
Tornevall Networks
senderscore.org logoValiditywww.blocklist.de logowww.blocklist.de Fail2Ban-Reporting Servicezapbl.net logoZapBL2stepback.dk logo2stepback.dkfaynticrbl.org logoFayntic Servicesorbz.gst-group.co.uk logoORB UK
Blocklist icon
RedHawk
dnsbl.technoirc.org logotechnoirc.orgwww.techtheft.info logoTechTheftwww.spamhaus.org logoSpamhaus0spam.org logo0Spam
Blocklist icon
Abusix
Blocklist icon
Barracuda Networks
www.spamcop.net logoCisco
Blocklist icon
Mailspike
www.nosolicitado.org logoNoSolicitado
Blocklist icon
SURBL
Blocklist icon
UCEPROTECT
uribl.com logoURIBL
Blocklist icon
8086 Consultancy
abuse.ro logoabuse.rowiki.alphanet.ch logoALPHANETanonmails.de logoAnonmailsascams.com logoAscamswww.blockedservers.com logoBLOCKEDSERVERS
Blocklist icon
Brukalai.lt
dnsbl.calivent.com.pe logoCalivent Networks
Blocklist icon
dan.me.uk
Blocklist icon
DrMx
Blocklist icon
DroneBL
rbl.efnetrbl.org logoEFnet
Blocklist icon
Fabel
Blocklist icon
GBUdb
Blocklist icon
ImproWare
Blocklist icon
JIPPG Technologies
Blocklist icon
Junk Email Filter
www.justspam.org logoJustSpamwww.kempt.net logoKempt.net
Blocklist icon
Mail Baby
www.nordspam.com logoNordSpam
Blocklist icon
nsZones
Blocklist icon
Polspam
rv-soft.info logoRV-SOFT Technology
Blocklist icon
Schulte
www.scientificspam.net logoScientific Spam
Blocklist icon
Spam Eating Monkey
psbl.org logoSpamikazewww.spamrats.com logoSpamRATSspfbl.net logoSPFBLsuomispam.net logoSuomispamwww.usenix.org.uk logoSystem 5 Hosting
Blocklist icon
Taughannock Networks
www.team-cymru.com logoTeam Cymru
Blocklist icon
Tornevall Networks
senderscore.org logoValiditywww.blocklist.de logowww.blocklist.de Fail2Ban-Reporting Servicezapbl.net logoZapBL2stepback.dk logo2stepback.dkfaynticrbl.org logoFayntic Servicesorbz.gst-group.co.uk logoORB UK
Blocklist icon
RedHawk
dnsbl.technoirc.org logotechnoirc.orgwww.techtheft.info logoTechTheft

What is Spamhaus Exploits Blocklist (XBL)?

The Spamhaus Exploits Blocklist (XBL) is a real-time DNSBL for IPv4 and IPv6 sources that show signs of compromise by third-party exploits. For IPv6, Spamhaus lists /64 or larger CIDR blocks rather than single /128 addresses. This blacklist includes machines infected with malware, open proxies, worms, viruses with built-in spam engines, and other trojan-horse exploits. Spamhaus automatically adds an IP to this blacklist or blocklist when there is strong evidence that a device using the IP is insecure or compromised, including infected devices. This is not a list of IPs that intentionally send spam, but rather legitimate IPs that have been hijacked for malicious email activity without the owner's knowledge.
Spamhaus does not reveal exact listing criteria because detailed rules would help attackers avoid detection. However, common behaviors that can result in an IP address being added to this blocklist include:
  1. The presence of malware on a device, often downloaded inadvertently.
  2. Security vulnerabilities on devices that permit unauthorized access and malicious activity.
  3. The use of "Free VPN" applications that use the device as a proxy for unknown third parties.
  4. Participation in brute force attacks on a specified service.
  5. Rapid changes in identity during attempts to deliver mail.
  6. Frequent connections to sinkholes in a pattern consistent with malware activity.
  7. Attempts to relay email using stolen or illegitimately obtained credentials.
Spamhaus says the XBL dataset averages about 2 million listings and about 650,000 new exploited-IP detections every 24 hours, with updates made in real time.

What's the impact of being listed on Spamhaus Exploits Blocklist (XBL)?

The impact of being on the Spamhaus Exploits Blocklist (XBL) is high. A listing on this blacklist can cause significant email delivery problems because many mail systems use the XBL, often through Spamhaus DNSBL data, during filtering. If your sending IP address is listed, your emails are likely to be rejected or placed in the spam folder, damaging sender reputation and customer communications, including email marketing performance.

Who runs Spamhaus Exploits Blocklist (XBL)?

The Spamhaus Exploits Blocklist (XBL) is operated by the Spamhaus Project, a not-for-profit organization founded by Steve Linford in 1998. Based in Andorra, Spamhaus tracks IP and domain reputation data related to spam, phishing, malware, botnets, and other threats.
Spamhaus says its data protects billions of mailboxes globally. It provides free blocklist (blacklist) datasets to low-volume, non-commercial users and works with network operators and law enforcement to identify spam and malware abuse.

How is XBL used in email filtering?

Email administrators use XBL as a DNSBL during the email filtering process. It is most useful when checked at the SMTP connection and transaction stage, then as a supporting signal after a message is accepted.
  1. Check the connecting IP address when the remote server opens the SMTP session.
  2. After accepting message data, inspect IP addresses in the Received header chain.
  3. Look up IP addresses that host URLs found in the message body.
  4. Combine the result with local policy, authentication results, and other Spamhaus IP data before deciding whether to reject, quarantine, or score the message.
Do not treat an XBL hit as a complete incident report. It points to exploit-driven behavior, so remediation still requires endpoint, gateway, firewall, and mail server checks.

How do I get delisted from Spamhaus Exploits Blocklist (XBL)?

Before requesting removal, know that XBL listings are often temporary and can be removed automatically. Once the malicious activity from the compromised device or IP address stops, the listing typically expires after a period of time. Your first step should be to identify and resolve the security issue causing the listing. This can include antivirus scans, software patching, securing routers or NAT gateways, restricting outbound SMTP on port 25 to approved mail servers, and removing malicious software.
After you have fixed the problem, check your IP's status and request delisting. The only place to handle removal from this blacklist is the official Spamhaus IP and Domain Reputation Checker. Look up your IP address and follow the removal instructions there. Spamhaus does not process XBL removal requests by email or other channels.
If you use Suped's DMARC reporting product, compare aggregate report sources with your approved sending inventory during cleanup. That helps separate legitimate authenticated senders from a compromised endpoint or unauthorized service before you request delisting.
DMARC monitoring

Start monitoring your DMARC reports today

Suped DMARC platform dashboard
What you'll get with Suped
Real-time DMARC report monitoring and analysis
Automated alerts for authentication failures
Clear recommendations to improve email deliverability
Protection against phishing and domain spoofing