What blacklists do I check and how should I?

Amongst our newer users, we often get some confusion between IP and Domain blacklist lookups and what the results mean. There is a distinct difference in the search and results and different benefits for performing the different lookups.  I’m hoping this will clear it up for many users and enable everyone to understand the unique benefits to each.

IP Blacklist Lookups

When you perform a blacklist lookup on an IP address, our system searches a list of 100 IP-based blacklists for the IP you gave us and returns both positive and negative results.  

An IP may be on this blacklist for any number of malicious activities:

  • Sending spam
  • Malware attacks
  • Operating a tor node
  • Hosting a botnet or virus
  • Many others…

Since an IP address represents a server on the Internet, any IP address could be blacklisted.  While any IP address may be listed, it is typically a webserver or email server that is the primary culprit.  We therefore recommend checking and monitoring the IP addresses of your web and email servers on a regular basis.

Domain Blacklist Lookups

When you perform a Domain blacklist lookup, you input a domain name.  MxToolbox algorithms do a DNS lookup of the Domain to produce the primary DNS record for that domain (an A record search).  We then run the IP address of the A record against all IP blacklists and simultaneously we run the domain name through a second set of domain blacklists.  Both could return results of blacklisting.

IP Blacklists vs Domain Blacklist

IP blacklists contain the IP addresses of known spammers, malware infectors, virus and botnet distributors and other bad actors.  When an IP is on a blacklist it is has been caught in some bad act.  Since an IP address identifies a particular server somewhere, you know that the server is performing some bad act.

Domain blacklists contain a list of domain names that have been included in known spam attempts.  This does not mean that the domain is the source of the spam, or that the server is a source of spam.  It only means that the domain name or domain URL was included in spam or malware laden emails. 

So, if you are sending email, you want to check the IP address of your mail server.  If you are running a web server, you want to check the IP address of the server.  If you are concerned about your domain’s reputation, you should check your domain against a domain blacklist.

Blacklist Monitors

MxToolbox Experts recommend that everyone with their own email servers monitor the IP addresses of those mail servers against IP blacklists.  This will give you warning that someone or something is performing a bad act through your email.  Further, it is highly recommended that you monitor you setup a domain blacklist monitor for your website.  Since domain blacklist monitors use both the IP of the web server and the domain in blacklist searches, you get extra protection of your reputation.  

Free Monitoring

MxToolbox offers one free IP blacklist monitor to our registered users.  This enables you to monitor your email server or webserver for blacklisting in the most common IP blacklists.  Our domain blacklist monitors are more comprehensive for web reputation and are therefore a paid feature.  While most of our customers find a free account sufficient for a small business, some want the additional reputation protection of a domain blacklist monitor or our Domain Health Monitoring.