UCEPROTECT DNSBL Level 1
UCEPROTECT Level 1 is an IP blacklist and blocklist for reported spam IPs. Use Suped to monitor if your IP addresses are listed for unauthorized relaying.
Updated on 17 Jun 2026: We updated this guide with clearer Level 1 lookup details and remediation steps.
Summarize with
Check if you are listed on UCEPROTECT DNSBL Level 1
And 143 other blocklists.
Spamhaus
0Spam
Cisco
NoSolicitado
URIBL
abuse.ro
ALPHANET
Anonmails
Ascams
BLOCKEDSERVERS
Calivent Networks
EFnet
JustSpam
Kempt.net
NordSpam
RV-SOFT Technology
Scientific Spam
Spamikaze
SpamRATS
SPFBL
Suomispam
System 5 Hosting
Team Cymru
Validity
www.blocklist.de Fail2Ban-Reporting Service
ZapBL
2stepback.dk
Fayntic Services
ORB UK
technoirc.org
TechTheftSpamhaus0SpamCiscoNoSolicitadoURIBLabuse.roALPHANETAnonmailsAscamsBLOCKEDSERVERSCalivent NetworksEFnetJustSpamKempt.netNordSpamRV-SOFT TechnologyScientific SpamSpamikazeSpamRATSSPFBLSuomispamSystem 5 HostingTeam CymruValiditywww.blocklist.de Fail2Ban-Reporting ServiceZapBL2stepback.dkFayntic ServicesORB UKtechnoirc.orgTechTheftSpamhaus0SpamCiscoNoSolicitadoURIBLabuse.roALPHANETAnonmailsAscamsBLOCKEDSERVERSCalivent NetworksEFnetJustSpamKempt.netNordSpamRV-SOFT TechnologyScientific SpamSpamikazeSpamRATSSPFBLSuomispamSystem 5 HostingTeam CymruValiditywww.blocklist.de Fail2Ban-Reporting ServiceZapBL2stepback.dkFayntic ServicesORB UKtechnoirc.orgTechTheftSpamhaus0SpamCiscoNoSolicitadoURIBLabuse.roALPHANETAnonmailsAscamsBLOCKEDSERVERSCalivent NetworksEFnetJustSpamKempt.netNordSpamRV-SOFT TechnologyScientific SpamSpamikazeSpamRATSSPFBLSuomispamSystem 5 HostingTeam CymruValiditywww.blocklist.de Fail2Ban-Reporting ServiceZapBL2stepback.dkFayntic ServicesORB UKtechnoirc.orgTechTheftSpamhaus0SpamCiscoNoSolicitadoURIBLabuse.roALPHANETAnonmailsAscamsBLOCKEDSERVERSCalivent NetworksEFnetJustSpamKempt.netNordSpamRV-SOFT TechnologyScientific SpamSpamikazeSpamRATSSPFBLSuomispamSystem 5 HostingTeam CymruValiditywww.blocklist.de Fail2Ban-Reporting ServiceZapBL2stepback.dkFayntic ServicesORB UKtechnoirc.orgTechTheftWhat is UCEPROTECT DNSBL Level 1?
UCEPROTECT DNSBL Level 1 is an IP-based blacklist that lists individual IPv4 addresses as /32 entries. An IP is added to this blocklist when it sends email to a spamtrap, attempts unauthorized relaying through systems that report to UCEPROTECT, or matches other abuse signals in UCEPROTECT's Level 1 policy. The project lists IPs using reports from 'Trusted REPORTING SYSTEMS' and UCEPROTECT-Orga members, with additional spamtrap data from anonymous contributors.
This DNS-based blocklist (DNSBL) is one of three levels offered by the organization. Level 1 is the most specific because it targets single IPs, while Level 2 focuses on allocations and Level 3 focuses on ASNs. The list is rebuilt hourly, so new spam sources are added quickly. The primary goal of UCEPROTECT DNSBL Level 1 is to identify and block mail from individual compromised or abusive systems in near real time.
Who runs UCEPROTECT DNSBL Level 1?
UCEPROTECT DNSBL Level 1 is operated by UCEPROTECT, a project with a stated mission to stop global email abuse. Its stated philosophy is that spam should be stopped by network operators before it reaches user inboxes. UCEPROTECT uses blacklist pressure to push providers and administrators to secure mail infrastructure and stop repeat abuse.
The network's database is fed by a cluster of servers across several countries. Spammers and other abusers are listed automatically when their email hits spamtrap networks operated by UCEPROTECT's members. UCEPROTECT-Orga members can also make manual listings and removals under the project's policy.
How to check and query UCEPROTECT Level 1
For a single IP address, the Level 1 DNSBL zone is dnsbl-1.uceprotect.net. A direct DNS query reverses the IP octets and appends that zone. For example, 192.0.2.15 becomes 15.2.0.192.dnsbl-1.uceprotect.net.
UCEPROTECT's query page asks individual senders to test IP addresses and providers to test ASNs. It also says only manual queries are allowed, so automated or excessive checks can lock out the source IP that performs the lookup.
- Check the exact sending IP in the SMTP bounce or mail logs before investigating the listing.
- Query the Level 1 hostname when you need to confirm the single-IP blacklist or blocklist result.
- Confirm whether the affected recipient uses UCEPROTECT Level 1, because a listing only blocks delivery where that DNSBL is consulted.
- Keep Level 2 and Level 3 separate during triage. A Level 1 result means a single IP listing, not an allocation or ASN listing.
How do I get removed from UCEPROTECT DNSBL Level 1?
The standard delisting process from the UCEPROTECT DNSBL Level 1 blocklist is automatic and free. An IP address is removed from the blacklist 7 days after the last abusive activity was detected. Fix the cause before waiting out the timer, because any new spam report resets the 7-day window. Use UCEPROTECT's query page for manual status checks.
UCEPROTECT also offers optional paid immediate removal for senders who cannot wait the full 7 days, but this option is restricted. According to its policy, express delisting is unavailable in these cases:
- The IP owner or the ISP has opted out of the express removal option.
- Abuse from the IP address has been detected within the last 3 hours.
- The IP is part of a larger network range listed on Level 2, and the listing limit has been exceeded by a factor of 10 or more.
- The Autonomous System (AS) is listed on Level 3 and is ranked in the top 5 of the Level 3 charts.
- The number of Level 2 or Level 3 listings is still increasing.
Before requesting or waiting for delisting, review authentication and sending behavior. Suped's DMARC reporting product can show which services send with your domain and whether SPF and DKIM align under DMARC. Use that evidence to remove unauthorized sources before mail resumes at normal volume.
What is the impact of a UCEPROTECT Level 1 listing?
The impact of a listing on UCEPROTECT DNSBL Level 1 is generally medium. UCEPROTECT claims wide use, but adoption is not universal because some mail server administrators avoid its broader blacklist policies. Being listed causes email delivery failures only at recipients whose mail servers consult this specific DNSBL or a filtering policy that includes it. Because Level 1 targets individual IPs, it is more precise than Level 2 allocation listings or Level 3 ASN listings. Treat the listing as a serious sender reputation issue, especially if bounce logs show repeated rejections by recipients that use this blacklist or blocklist.
Other UCEPROTECT DNSBL Level 1 blocklists
UCEPROTECT BACKSCATTERER Blacklist
Organization
UCEPROTECT
Zone
ips.backscatterer.org
Type
IP
Impact
Low
Delisting
Automatic
UCEPROTECT DNSBL Level 2
Organization
UCEPROTECT
Zone
dnsbl-2.uceprotect.net
Type
IP
Impact
Low
Delisting
Manual
UCEPROTECT DNSBL Level 3
Organization
UCEPROTECT
Zone
dnsbl-3.uceprotect.net
Type
IP
Impact
Low
Delisting
Manual
