IP listed on Spamhaus blocklist (DNSBL)

What’s actually happening

Mail to Gmail, Outlook/Hotmail, and many corporate domains bounces immediately with a 5.7.1 rejection naming Spamhaus and a query URL. It is not a spam-folder problem — the receiving server refuses the message at SMTP time, before it is ever delivered. One blocked IP can take down a whole office or an entire shared mail host. The bounce usually links straight to the list and the listing ID.

Common causes

• SBL listing: the IP (or its range) is a confirmed spam source — often a misconfigured app server blasting mail, or a shared host where another tenant spammed
• XBL listing: the host is compromised or running an open proxy/relay, frequently a malware-infected box or a hijacked WordPress install sending mail via a backdoor
• CSS listing: a subset of the SBL for IPs that automatically tripped Spamhaus's spam-source detection, common for new IPs sending at volume or with poor reverse DNS
• PBL listing: the IP falls in a range the provider designated as dynamic/end-user space that should send through a smarthost, not deliver mail directly
• No or mismatched PTR (reverse DNS), missing SPF/DKIM, and sudden volume spikes that look like a snowshoe/spam pattern

How to fix it

1. Find out which list and whyEnter the IP at check.spamhaus.org (the IP and Domain Reputation Checker). It tells you SBL, XBL, CSS, or PBL and shows the listing record. The list matters: PBL is a policy/configuration issue, while SBL/XBL/CSS mean actual abuse or a compromise you must fix before delisting.
2. Stop the abuse at the source — do not request delisting yetFor XBL/SBL/CSS, find what is sending. Check mail queues (`mailq`, `exim -bp`, or `postqueue -p`), look for a hijacked form/contact script or a compromised CMS account, kill any malware, and patch the hole. Delisting a still-infected host just gets you relisted within hours and can earn an escalation.
3. Fix sending hygieneSet a matching PTR record for the IP (ask your host/provider), publish a correct SPF record, sign with DKIM, and confirm you are not an open relay. For PBL specifically, the right move is to send through your provider's authenticated smarthost (port 587) rather than delivering directly from a residential/dynamic IP.
4. Request removalUse the Blocklist Removal Center linked from the lookup. PBL self-removals are near-instant. SBL/CSS/XBL removals require the underlying problem to actually be resolved — submit the request with what you fixed. Removal propagates fast once approved, but receiving servers may cache the old result for a short while.
5. Warm the IP and monitorIf this was a fresh or high-volume IP, ramp sending gradually and keep complaint rates low. Watch your bounce logs and re-check the IP periodically so you catch a relisting early.