Email Domain Blacklist Checker
Pricing
from $5.00 / 1,000 websites
Email Domain Blacklist Checker
Check any domain against email blacklists (Spamhaus, SURBL, SpamCop, Barracuda, and more) and validate SPF, DMARC, and MX records in seconds, with no API keys required. Essential for who need to know whether a domain is clean before sending email from it, migrating to it, or purchasing it.
Pricing
from $5.00 / 1,000 websites
Rating
0.0
(0)
Developer
Trove Vault
Actor stats
1
Bookmarked
2
Total users
1
Monthly active users
2 days ago
Last modified
Categories
Share
Check any domain against 13 email blacklists — including SURBL, SpamCop, Barracuda, URIBL, and more — and validate SPF, DMARC, MX, and PTR records, all in parallel. No API keys. No proxies. Results in under 10 seconds per domain.
If your emails are landing in spam, or you're about to buy a domain for cold outreach, this is the first tool to run.
What it checks
Domain-based blacklists
Domain blacklists check the domain name itself — used by spam filters to block known spam and phishing sources at the URL level.
| List | Description |
|---|---|
| SURBL Multi | Aggregated spam URL intelligence used by Postfix, SpamAssassin, and major cloud email providers. |
| URIBL Multi | Broad-coverage spam domain list integrated into many spam filtering systems. |
| NordSpam DBL | Domain block list maintained by NordSpam, focused on spam-sourced domains. |
| MSRBL Phishing | Phishing-specific domain list sourced from Microsoft Research threat intelligence. |
| MSRBL Spam | Spam-specific domain list sourced from Microsoft Research threat intelligence. |
IP-based blacklists
The actor resolves the domain to its IP address(es), then checks each IP independently against 9 blacklists. A single IP can appear on multiple lists.
| List | Description |
|---|---|
| SpamCop | Crowd-sourced spam reporting network. Listings are based on user reports of spam received. |
| SORBS | Spam and Open Relay Blocking System. Multi-zone list covering spam sources, open relays, and proxies. |
| Barracuda | Barracuda Networks reputation database. Used by Barracuda email security appliances deployed in thousands of businesses. |
| UCEProtect L1 | Individual IP-level spam blacklist. L1 is the most targeted and specific level. |
| Blocklist.de | Aggregates brute-force attack reports, spam relays, and abuse reports from honeypots and community sensors. |
| PSBL | Passive Spam Block List — uses spam traps to identify actively spamming IPs. |
| Manitu | German-based spam blacklist with strong adoption in European mail infrastructure. |
| SPFBL | SPF-based block list that flags IPs actively violating their own SPF policy. |
Email authentication records
Beyond blacklists, the actor validates four key email authentication records. These are checked by receiving mail servers before deciding whether to deliver, quarantine, or reject your message.
| Record | What it validates |
|---|---|
| MX | Does the domain have a mail server configured? Without MX records, a domain cannot receive email. |
| SPF | Is the domain authorised to send email? Missing or misconfigured SPF causes many servers to treat messages with suspicion. |
| DMARC | Is the domain protected against email spoofing and impersonation? A missing or none policy leaves the domain open to phishing abuse. |
| PTR / rDNS | Does each sending IP reverse-resolve to a hostname? Many mail servers require valid PTR records and will soft-reject IPs that fail this check. |
How it works
All 15 blacklist checks run as parallel DNS queries using Node's built-in DNS resolver — no third-party APIs, no proxies, no browser.
Domain-based lookup: the actor constructs a DNS query in the form {domain}.{blacklist} and checks for an A record response. Any A record = listed. NXDOMAIN = not listed. A timeout or unreachable server returns null.
IP-based lookup: the actor first resolves the domain to its A records, then for each IP reverses the octets and queries {reversed-ip}.{blacklist}. For example, 1.2.3.4 becomes 4.3.2.1.bl.example.com.
Authentication records: standard DNS lookups for TXT records on the domain (_spf, _dmarc) and PTR lookups on each resolved IP.
All checks complete in under 10 seconds per domain because they run concurrently.
Output fields
| Field | Description |
|---|---|
domain | The domain checked |
isClean | true if not found on any blacklist |
totalFlagged | Number of blacklists that flagged this domain |
flaggedLists | Names of all blacklists that returned a match |
resolvedIps | IPv4 addresses the domain resolves to |
ptrRecords | Reverse DNS (PTR) record per IP |
hasMx | true if at least one MX record exists |
mx | MX records with exchange and priority |
hasSpf | true if a valid SPF record was found |
spf | Full SPF record value |
hasDmarc | true if a DMARC record exists |
dmarc | Full DMARC record value |
dmarcPolicy | Extracted DMARC policy: none, quarantine, or reject |
domainBlacklists | Per-list result for domain-based checks |
domainBlacklistCount | Number of domain-based blacklist hits |
ipBlacklists | Per-IP, per-list result for IP-based checks |
ipBlacklistCount | Total IP-based blacklist hits across all IPs |
How to use
- Add one or more domains in the
Domains to Checkinput — any format works (example.com,https://example.com,www.example.com) - Click Start
- Results appear in the dataset within seconds — all 15 blacklist checks run in parallel
No API keys. No proxy needed. No browser — pure DNS queries.
Use cases
Before sending a cold email campaign
A single blacklist listing on Spamhaus or SURBL can cause your entire campaign to land in spam — or get rejected outright. Run this actor against your sending domain before any outreach. If it returns isClean: false, investigate and request delisting before sending.
Buying an expired domain for email
Expired domains are often sold after their previous owners used them for spam. Run this actor before purchasing any domain you plan to send email from. Check not just the domain blacklists but also the SPF and DMARC configuration — a domain with suspicious existing DNS records may have been abused recently.
Email deliverability audit
Unexplained drops in email open rates are often caused by blacklisting that went unnoticed. Run this actor against all your active sending domains to catch new listings before they compound into major deliverability problems.
Benchmarking competitors' email infrastructure
Run this actor across a list of competitor domains to see how they've configured SPF, DMARC, and PTR records. Useful for understanding industry best practices or identifying competitors with weak email security posture.
Sysadmin and postmaster monitoring
Schedule the actor on a weekly cadence against your company's mail domain. Early detection of a blacklisting means you can act — request delisting, investigate a compromised account, or rotate IPs — before the problem impacts deliverability significantly.
Domain migration
Before migrating email infrastructure to a new domain or a new IP range, verify both are clean and correctly configured. A new domain that is already on a blacklist from a previous owner's abuse can take weeks to get delisted.
Understanding the results
What does isClean: false mean?
Being listed on a blacklist does not always mean your emails will be blocked. The impact depends on which list and which mail servers your recipients use:
- SURBL / URIBL — used in content-based filters by SpamAssassin and major cloud providers. May cause spam folder placement or outright rejection.
- Barracuda / SORBS — widely deployed in corporate environments. Affects B2B email more than consumer addresses.
- SpamCop — crowd-sourced reporting. Listings expire automatically once reports stop, but active listings affect deliverability with many providers.
- UCEProtect L1 / PSBL / Manitu — more conservative lists with lower universal adoption. Impact depends heavily on recipient infrastructure.
DMARC policy levels
none— monitoring only. No enforcement. Emails from unauthorised senders are not rejected. The domain is vulnerable to spoofing.quarantine— suspicious emails are sent to the spam folder.reject— suspicious emails are rejected outright. Strongest protection against domain impersonation.
null values in blacklist results
A null result for a specific list means the server was unreachable or timed out during the check — not that the domain is listed or clean. This is common for some smaller lists. Retry the run if you need a definitive answer for that specific list.
Advisory warnings
The actor logs warnings (visible in the actor log) for:
- Missing SPF record
- Missing DMARC record
- DMARC policy set to
none(no enforcement)
Frequently asked questions
How do I get my domain removed from a blacklist? Each blacklist has its own delisting process. Spamhaus requires you to fix the underlying issue (compromised account, open relay, etc.) before submitting a delisting request via their self-service portal. SpamCop listings expire automatically after the spam reports stop. Barracuda has a free self-service delisting form. Always fix the root cause before requesting removal.
How long does it take to get delisted? Spamhaus DBL and ZEN delist within hours once you submit a valid request and the issue is resolved. SpamCop listings expire automatically within 24–48 hours of inactivity. Some smaller lists like UCEProtect may require payment for expedited removal.
My domain is clean but emails still go to spam — why? Blacklist status is one factor. Others include: low sender reputation at the specific provider (Gmail, Outlook), missing or weak DMARC/SPF/DKIM, sending to stale addresses that trigger spam traps, or low engagement rates causing the provider to filter you. Use the companion Domain Security Scanner to rule out active malware or phishing associations.
Can I check multiple domains at once?
Yes. Add as many domains as needed to the Domains to Check input. All 15 checks per domain run in parallel, and domains are processed sequentially.
Does this check DKIM?
No. DKIM uses a selector-based DNS query ({selector}._domainkey.{domain}) and requires knowing the selector in advance, which varies by email provider. This actor checks SPF and DMARC, which are standardised and selector-independent.
Does this actor send any test emails? No. All checks are passive DNS queries and do not involve any email sending or SMTP connections.
Related actors
- Domain Security Scanner — scans for active threats in real time: URLHaus malware, ThreatFox IOCs (last 30 days), PhishTank phishing database, and Sucuri multi-vendor blacklist scan
- Domain History Checker — full historical footprint: RDAP registration data, Wayback Machine history, URLHaus and ThreatFox malware/IOC records, 6 DNS blacklists, and risk scoring
Changelog
2026-03-05 — v0.1.4
- Removed Spamhaus DBL (domain) and Spamhaus ZEN (IP) — both return positive results for all domains when queried from unauthorized datacenter IPs (anti-harvesting measure), causing false positives on every run
- Now checks 13 lists (5 domain-based, 8 IP-based) — all verified to work correctly without paid authorization
2026-03-05 — v0.1.0
- Initial release
- 15 blacklist checks (6 domain-based, 9 IP-based) via native DNS queries — no API keys required
- All checks run in parallel — full results in under 10 seconds per domain
- SPF, DMARC, MX, and PTR record validation included
- Advisory warnings logged for missing SPF, missing DMARC, and DMARC
nonepolicy
