Tornevall Networks DNS-based Blackhole List (DNSBL)
Tornevall Networks DNSBL is a blacklist (or blocklist) for IP addresses involved in proxy use, phishing, and email or web-based spam.
Updated on 17 Jun 2026: We updated this guide with current Tornevall delisting status and clearer DNSBL lookup steps.
Summarize with
Check if you are listed on Tornevall Networks DNS-based Blackhole List (DNSBL)
And 143 other blocklists.
Spamhaus
0Spam
Cisco
NoSolicitado
URIBL
abuse.ro
ALPHANET
Anonmails
Ascams
BLOCKEDSERVERS
Calivent Networks
EFnet
JustSpam
Kempt.net
NordSpam
RV-SOFT Technology
Scientific Spam
Spamikaze
SpamRATS
SPFBL
Suomispam
System 5 Hosting
Team Cymru
Validity
www.blocklist.de Fail2Ban-Reporting Service
ZapBL
2stepback.dk
Fayntic Services
ORB UK
technoirc.org
TechTheftSpamhaus0SpamCiscoNoSolicitadoURIBLabuse.roALPHANETAnonmailsAscamsBLOCKEDSERVERSCalivent NetworksEFnetJustSpamKempt.netNordSpamRV-SOFT TechnologyScientific SpamSpamikazeSpamRATSSPFBLSuomispamSystem 5 HostingTeam CymruValiditywww.blocklist.de Fail2Ban-Reporting ServiceZapBL2stepback.dkFayntic ServicesORB UKtechnoirc.orgTechTheftSpamhaus0SpamCiscoNoSolicitadoURIBLabuse.roALPHANETAnonmailsAscamsBLOCKEDSERVERSCalivent NetworksEFnetJustSpamKempt.netNordSpamRV-SOFT TechnologyScientific SpamSpamikazeSpamRATSSPFBLSuomispamSystem 5 HostingTeam CymruValiditywww.blocklist.de Fail2Ban-Reporting ServiceZapBL2stepback.dkFayntic ServicesORB UKtechnoirc.orgTechTheftSpamhaus0SpamCiscoNoSolicitadoURIBLabuse.roALPHANETAnonmailsAscamsBLOCKEDSERVERSCalivent NetworksEFnetJustSpamKempt.netNordSpamRV-SOFT TechnologyScientific SpamSpamikazeSpamRATSSPFBLSuomispamSystem 5 HostingTeam CymruValiditywww.blocklist.de Fail2Ban-Reporting ServiceZapBL2stepback.dkFayntic ServicesORB UKtechnoirc.orgTechTheftSpamhaus0SpamCiscoNoSolicitadoURIBLabuse.roALPHANETAnonmailsAscamsBLOCKEDSERVERSCalivent NetworksEFnetJustSpamKempt.netNordSpamRV-SOFT TechnologyScientific SpamSpamikazeSpamRATSSPFBLSuomispamSystem 5 HostingTeam CymruValiditywww.blocklist.de Fail2Ban-Reporting ServiceZapBL2stepback.dkFayntic ServicesORB UKtechnoirc.orgTechTheftWhat is Tornevall Networks DNS-based Blackhole List (DNSBL)?
The Tornevall Networks DNS-based Blackhole List (DNSBL) is a blacklist (or blocklist) that identifies IP addresses associated with spam, proxy abuse, phishing, and other malicious activity. DNSBLs are also called Realtime Blackhole Lists (RBLs), deny lists, blocklists, or blacklists. Tornevall uses DNS so mail servers and other systems can check an incoming connection in real time. Its policy focuses heavily on open and anonymous proxies, including Tor exit nodes, because those services can hide the source of abusive traffic. It also lists sources tied to phishing, email spam, and web form abuse.
Technically, the blacklist uses DNS A responses with bitmask return codes to show specific reasons for a listing. A server normally queries the reversed IP address under a DNSBL zone, and a listed IP returns a code that maps to one or more listing categories. The main zones are dnsbl.tornevall.org and bl.fraudbl.org. The return codes include:
- Confirmed proxy (2) means the IP has been confirmed as a working proxy.
- Phishing (4) means the IP is linked to phishing or fraudulent activity.
- Email spam (16) means the IP has been identified as a source of email spam.
- Second entry (32) indicates the IP is a Tor exit node or has another entry point.
- Abuse (64) means the IP is marked for general abuse, such as spam or attacks through web forms.
- Anonymous (128) means the IP is associated with a web-based anonymity service.
Who runs Tornevall Networks DNS-based Blackhole List (DNSBL)?
Tornevall Networks operates the DNSBL. It describes itself as a private, non-profit service provider and open-source developer. The DNSBL is one of its long-running projects, originally built to reduce web-based spam and later expanded to include email spam. The project has multiple parts, including a standard blacklist for proxies and mail spam, and FraudBL, a separate blacklist with a higher spam score.
How to check a Tornevall DNSBL listing
Confirm the listing before changing infrastructure. A DNSBL hit should appear in the rejection message, mail log, or manual DNS lookup. For IPv4 lookups, reverse the octets of the sending IP address, append the zone, and query for an A record. Query a TXT record as well when you need the listing reason.
DNSBL lookup exampleBASH
dig +short 10.2.0.192.dnsbl.tornevall.org A dig +short 10.2.0.192.dnsbl.tornevall.org TXT
An A response means the IP is listed. NXDOMAIN or no answer generally means the IP is not listed in that zone. If you send email from several providers, check the actual outbound IP in the bounce or message headers instead of checking only your website or MX server IP.
How do I get removed and delisted from Tornevall Networks DNS-based Blackhole List (DNSBL)?
To get delisted from this blacklist, first resolve the cause. For Tornevall, that usually means closing an open proxy, removing compromised software, stopping web form abuse, or confirming that your mail stream is no longer sending spam. For email senders, Suped's DMARC aggregate reports can help identify which legitimate services are using your domain so you can separate authentication issues from an IP blacklist problem before requesting removal.
The Tornevall removal page currently says its main removal form is under upgrade and disabled for reference. Check the removal page first, use the API or tooling option it points to when available, and contact Tornevall support if the self-service path does not work.
Keep the following points in mind during the removal process:
- After you submit a delisting request, the database can update before DNS responses synchronize, so a listing can appear to remain for a short time.
- Repeated delisting requests in a short period can add penalty time to the IP address, which delays removal.
- Do not request removal through page comments. Tornevall's FAQ directs users to the removal page and support channels instead.
What's the impact of being listed on Tornevall Networks DNS-based Blackhole List (DNSBL)?
The impact of being listed on the Tornevall Networks blacklist is low for broad email deliverability, but meaningful for systems that use this specific list. Major mailbox providers tend to rely on a small set of high-impact public DNSBLs plus private internal deny lists, and Tornevall is not generally one of the lists that causes broad rejection across large consumer mailbox providers. The impact is still real for recipients, web applications, or mail systems that use this specific DNSBL in filtering. A listing can produce SMTP rejections, scoring penalties, or blocked web interactions depending on how the receiving system has configured the blocklist (blacklist). Treat it as a targeted reputation issue: confirm the affected destinations, remediate the cause, request delisting, and monitor bounces after DNS propagation.
