Spamhaus — DNSBL Family, Listing Workflow, and Operational Reality

Founded: 1998 by Steve Linford Type: Non-profit (Project SLU, Andorra) + commercial (Technology) Active SBL listings: 30,000-40,000 average Zone refresh: Every 5 minutes, 24/7 Mirror servers: 80+ globally Reading time: 19 minutes
Definition

Spamhaus is a non-profit organization operating the most consequential family of email blocklists (DNSBLs) in production. Its data is consumed by Apple iCloud, Microsoft (Outlook.com / Hotmail / Microsoft 365), Yahoo, Proofpoint, Rackspace, and Cloudmark — roughly the non-Gmail half of major mailbox providers. A Spamhaus listing functions as an effective email kill switch for any sender whose audience is predominantly non-Gmail. Removal from any Spamhaus blocklist is always free; any service charging for delisting is a scam.

Most published material about Spamhaus reads as either generic listicles ("the top 10 email blacklists you should know about") or vendor blog posts trying to sell deliverability services. Operators who have actually had to delist a production IP know that Spamhaus is not a single list — it's a family of specialized blocklists with different listing criteria, different delisting mechanisms, and different return codes that mean very different operational things. Treating "Spamhaus" as a monolithic concept is the first mistake; the second is confusing the 127.255.255.x error-code range with real listings, which causes mail servers to wrongly reject legitimate mail. This entry documents the family, the workflow, and the operational reality at production scale.

The Spamhaus Project was founded in 1998 by Steve Linford as a UK-based response to the early-2000s spam epidemic; it now operates as Spamhaus Project SLU, a non-profit headquartered in Andorra. Its 2006-era data already protected 650 million email users — including the European Parliament, US Army, the White House, and Microsoft — from billions of spam emails per day. Twenty-eight years later, the organization is still the editorial backbone of email reputation infrastructure for Microsoft, Apple, Yahoo, and most non-Gmail mailbox providers.

Spamhaus Project (non-profit) vs Spamhaus Technology (commercial)

The structural distinction between the two entities matters operationally because it explains why Spamhaus listings are taken seriously by major mailbox providers — and why no amount of paid lobbying gets a domain or IP delisted faster.

Spamhaus Project SLU is the non-profit, Andorra-based, founded in 1998. It is responsible for the editorial decisions about what gets listed: the OSINT (Open Source Intelligence) research team that investigates SBL candidates, the dedicated investigators and forensics specialists who maintain the active 30,000-40,000-listing SBL dataset, and the policy criteria that determine when an IP or domain is added to or removed from any Spamhaus zone. The Project retains editorial independence from any commercial relationship — a principle Spamhaus emphasizes explicitly.

Spamhaus Technology is the authorized commercial vendor. While small-volume users can query the public DNSBL mirrors for free (with the deprecation discussed below), high-volume senders, ISPs, and security companies must access the data via commercial Data Query Service (DQS) subscriptions which use rsync or BGP rather than public DNS. Pricing for commercial DQS typically runs hundreds to low-thousands USD per year depending on query volume.

Why this separation matters: Spamhaus Technology cannot influence Spamhaus Project to list or delist for commercial reasons. A spammer cannot pay Spamhaus Technology to escape an SBL listing. A large ESP cannot leverage its DQS contract to negotiate listing thresholds. This separation — combined with the fact that delisting is always free — is part of why Microsoft, Apple, and Yahoo treat Spamhaus data as authoritative. Any service offering paid delisting is operating outside the legitimate Spamhaus ecosystem.

The Spamhaus zone family: 8 datasets decomposed

Spamhaus operates eight distinct blocklist zones, each targeting a specific abuse pattern with its own listing criteria, operational use case, and delisting mechanism. Most operators interact with three or four; understanding all eight clarifies architectural decisions.

SBLIP-based

Spamhaus Blocklist — the manually-maintained core list. IPs of verified spammers, spam gangs, spam support services, snowshoe configurations, bulletproof hosting, spamware sales, botnet C&C, and malware/phishing/ransomware hosts.

127.0.0.2

Maintenance: OSINT research team, manual
Active listings: 30,000-40,000
Refresh: Every 5 minutes

XBLIP-based

Exploits Blocklist — automated, includes Composite Blocking List (CBL) data. Open proxies (HTTP/SOCKS/Wingate), botnet-infected machines, worms with spam engines. Self-service removal once issue is patched, otherwise auto-relists.

127.0.0.4

Maintenance: Automated sensors
Note: 127.0.0.5/.6/.7 reserved but not in use

PBLIP-based

Policy Blocklist — IP space that should NOT send mail directly to internet (residential dial-up, dynamic ranges, web servers). Use only at SMTP transaction connecting IP. SMTP Auth-exempt.

127.0.0.10 (ISP) / 127.0.0.11 (Spamhaus)

Managed via: ISP portal
Use case: SMTP-only, never URL blocking

DBLDomain-based

Domain Blocklist — RHSBL (Right-Hand Side Block List) for domain reputation. Used at content-stage filtering after SMTP accepts (URL checks, sender domain checks). Free for any use.

Multiple (per category)

Critical: Never query DBL with IP addresses
Use case: Post-acceptance content filtering

CSSIP-based

Composite SnowShoe (SBLCSS) — automated subset of SBL targeting snowshoe and high-volume spam patterns. Detects volume distribution patterns, frequent IP rotation, fresh-domain registration patterns.

127.0.0.3

Removal: Self-service at check.spamhaus.org
Time: 30 min - few hours

ZENComposite

Composite zone — combines SBL + CSS + XBL + PBL into a single DNS query. One query returns multiple distinct answers (one per dataset where IP is listed). Recommended for SMTP-time blocking.

Inherited from sub-zones

Hostname: zen.spamhaus.org
Note: Don't query subzones separately

DROPBGP/firewall

Don't Route Or Peer — JSON files with CIDR blocks + ASNs for hijacked netblocks. Designed for BGP route filtering, not SMTP. eDROP merged into DROP April 10, 2024 (now single unified list). Free for any use.

127.0.0.9

Delisting: Network operator only, not individual senders
Layer: BGP/firewall, not SMTP

BCL / ROKSOSpecialized

BCL (released June 2012) lists IPs operating botnet C&C infrastructure. ROKSO (Register of Known Spam Operations) historically tracked the ~100 organizations responsible for ~80% of world's spam — no longer publicly available since after 2023, law-enforcement-only access. New attribution mechanism in development per Spamhaus FAQ.

Various

ROKSO 2026: Not public; LE access only

Spamhaus explicitly recommends NOT querying the SBL, XBL, PBL, and CSS subzones separately when ZEN covers them. The reasoning is mechanical: a single DNS query to zen.spamhaus.org returns multiple distinct answers within the same DNS response packet — one per dataset where the IP is listed, with different return codes for each — using less infrastructure than four separate queries.

# Single query to ZEN returns combined results
$ dig +short 2.0.0.127.zen.spamhaus.org
127.0.0.2      # Listed in SBL (verified spam source)
127.0.0.4      # ALSO listed in XBL (exploit/botnet)
127.0.0.10     # ALSO listed in PBL (should not send direct)

# Equivalent to four separate queries:
#   dig 2.0.0.127.sbl.spamhaus.org
#   dig 2.0.0.127.xbl.spamhaus.org
#   dig 2.0.0.127.pbl.spamhaus.org
#   dig 2.0.0.127.css.spamhaus.org
# — but with one round-trip instead of four.

The IP is reversed in the query: 192.168.1.5 becomes 5.1.168.192.zen.spamhaus.org. The mail server interprets each return code and decides whether to reject the SMTP connection, defer it, or accept and route to spam folder.

Querying ZEN vs separate zones: If your application needs to take different actions based on which sub-list matched (e.g., reject SBL hits but only spam-folder PBL hits), you can still use ZEN — just inspect the specific return codes in the response. Querying separate zones is only justified when your DNS infrastructure can't parse multi-answer responses, which is rare in modern resolvers.

Return code reference (including the error range nobody covers)

Every Spamhaus DNSBL query returns an IPv4 address in the 127.x.x.x range. The mail server parses this code to decide what to do. Most published guides cover the reputation codes; almost none cover the 127.255.255.x error range — which is one of the most common production confusions.

Return codeMeaningSourceOperator action
127.0.0.2SBL listing — verified spam sourceManual SBL listingReject SMTP
127.0.0.3SBL CSS — composite snowshoeAutomated CSSReject SMTP
127.0.0.4XBL — CBL data, exploits/botnets/proxiesAutomated CBLReject SMTP
127.0.0.9DROP — hijacked netblockBGP-layer datasetBlock at firewall (not SMTP)
127.0.0.10PBL — ISP-managed, should not send directISP portalReject SMTP unless authenticated
127.0.0.11PBL — Spamhaus-managed rangeSpamhaus PBLReject SMTP unless authenticated
⚠ Error range — NOT reputation issues
127.255.255.252Quota exceededQuery infrastructureReduce query rate / upgrade to DQS
127.255.255.254Querying through public/open resolver — Spamhaus can't attributeQuery infrastructureSwitch to private resolver or DQS key
127.255.255.255Bad/malformed queryQuery infrastructureFix query syntax
The most common Spamhaus configuration mistake we see in production audits: mail servers misinterpreting the 127.255.255.x error range as a real reputation listing and rejecting all incoming mail. The 127.255.255.254 code in particular is triggered when the mail server's DNS resolver is a public/open resolver (8.8.8.8, 1.1.1.1, etc.) and Spamhaus can't attribute the query to your specific operator. The fix is to either use a private resolver (your own bind, unbound, or PowerDNS recursive) or to migrate to DQS with a key. Never reject mail based on 127.255.255.x — those codes mean YOUR query infrastructure has a problem, not that the sender is listed.

Who actually uses Spamhaus data (and who doesn't)

This is where the operational impact of a Spamhaus listing varies dramatically by audience. The receivers that consume Spamhaus data:

Apple iCloud Microsoft (Outlook.com / Hotmail / Microsoft 365) Yahoo Proofpoint Rackspace Cloudmark Most enterprise mail filters Most ISP mail systems globally

The receivers that do NOT consume Spamhaus data for delivery decisions:

Gmail (uses internal reputation systems)

Why Gmail doesn't use Spamhaus: Google operates internal reputation systems based on Postmaster Tools data, user engagement signals, and Gmail-specific spam classification models. These systems benefit from Gmail's massive scale (billions of accounts, trillions of messages) — they don't need third-party blocklists. The implication for senders: a Spamhaus listing has roughly zero direct effect on Gmail delivery. Indirect effects exist (industry reputation, downstream signals) but a sender 100% focused on Gmail audiences gets less practical benefit from Spamhaus avoidance than a sender focused on Microsoft and Apple.

How an IP gets listed: the SBL workflow

Understanding the listing process is the foundation for understanding the delisting process. Here's what happens when a new spam pattern is detected against an IP:

SBL listing workflow (manual investigation track)

1
Spam evidence accumulatesSpamhaus's spam-trap network and partner ISPs flag suspicious activity from an IP. The OSINT team correlates: spam volume, recipient patterns, content fingerprints, registration patterns of associated domains, hosting infrastructure, and any historical ROKSO-tracked operations associated with the IP space.
2
OSINT research and verificationThe Spamhaus research team — including dedicated investigators and forensics specialists — verifies the spam pattern is intentional rather than incidental. False positives are minimized by requiring multiple independent signals before listing. Source: Spamhaus's published listing criteria.
3
SBL listing publishedThe IP is added to the SBL zone. The DNS zone rebuild happens every 5 minutes, 24/7, so the listing is live globally within minutes via the 80+ public DNSBL mirror servers. Mail servers querying ZEN (or SBL directly) immediately see 127.0.0.2 for that IP.
4
Effective immediately at major receiversApple iCloud, Microsoft, Yahoo, Proofpoint, Rackspace, Cloudmark all begin rejecting or filtering mail from the listed IP within minutes. The "delivery shutdown" the sender experiences is real and global within ~15 minutes of listing.

For automated zones (XBL, CSS), the listing flow is faster — sensors observe a problem signature and list the IP automatically without human review. For DROP, the listing requires evidence of netblock hijacking or wholesale criminal control and is rare but persistent.

Delisting workflow per zone (operational gap most guides miss)

The delisting mechanism varies by zone, and conflating them leads to wasted effort. The four operational patterns:

SBL — Manual review

Open ticket via SBL Team

24+ hours typical

The SBL Team will not process a removal request if the spam issue that caused the listing is still active. Fix the problem first. If contested, escalate to the European Review Team. This team handles cases where the initial process did not resolve to the sender's satisfaction. Removal is always free; paid delisting services are scams.

XBL — Self-service

Automated removal at check.spamhaus.org

Minutes — IF patched

Self-service removal works if the security breach is patched (open proxy closed, malware removed, botnet infection cleaned). If the underlying issue is still active, automated sensors will relist within minutes. Do NOT request removal until the root cause is fixed.

CSS / SBLCSS — Self-service

Self-service form at check.spamhaus.org

30 min - few hours

Submit the self-service removal request. Allow time for DNS propagation. CSS targets snowshoe-style sending patterns (volume distribution, fresh-domain registrations) — fix the underlying pattern before requesting removal or you'll be relisted automatically.

PBL — ISP portal

Through your ISP's PBL portal

Minutes

PBL listings are managed by ISPs. If your IP is in a residential range and your mail program needs to send via SMTP Auth, configure SMTP Authentication correctly — the listing remains but your authenticated mail flows. For static business IPs in PBL ranges, contact the ISP to remove the range from their PBL listing.

DROP — Network operator only

ISP/network operator must contact Spamhaus

Variable

Individual senders cannot delist DROP entries. The network operator (ISP or owner of the listed netblock) must contact Spamhaus with evidence the netblock is no longer under malicious control. If you're a victim of being in a DROP-listed netblock, contact your hosting provider or ISP first, not Spamhaus.

ROKSO — 6+ months clean activity

Demonstrated remediation history

Months

ROKSO listings (now law-enforcement-only post-2023) historically required 6+ months of demonstrated non-spam activity before delisting was considered. Removal is the slowest of any Spamhaus zone, reflecting the seriousness of operating-level spam attribution.

The escalating-penalty system: Spamhaus uses a tiered removal model that operators rarely understand until they hit it. First removal: automated and instant. Second removal: requires human review — the SBL Team will scrutinize whether the root cause was actually fixed. Third removal: can result in a permanent block requiring ISP intervention. The lesson: don't delist while the underlying issue is still active. Each premature delisting attempt counts toward the escalation, and a third-strike block on a production IP can mean ISP-level remediation that takes weeks.

Real-world delisting timing

Published guides typically state delisting "takes minutes to 24 hours" — true for clean cases, misleading for shared infrastructure. The actual production reality:

~15 min
XBL self-service after security patch deployed
Spamhaus FAQ
30 min - few hours
CSS/SBLCSS self-service form
Spamhaus, Warmy 2026
24+ hours
SBL manual review (typical)
Spamhaus FAQ
Up to 3 months
Staying delisted on shared/VPS ranges if neighbors continue spamming
Prospeo 2026
FREE
Always — paid delisting services are scams
Spamhaus explicit
6+ months
ROKSO historical remediation requirement
ISIPP 2022

The shared-infrastructure trap is the most common surprise. If your IP is in a shared hosting range or VPS provider's pool, and other tenants on the same range continue spamming, your IP can keep being relisted for weeks or months even after your own remediation is complete. The fix is operational: move to dedicated IPs (which is what production deliverability requires anyway) or migrate to a hosting provider with cleaner range hygiene.

DQS migration: the public mirrors are deprecating

Spamhaus is gradually deprecating the old public DNSBL mirror approach in favor of the free Data Query Service (DQS). The transition affects every operator running their own mail infrastructure.

AspectPublic mirrors (legacy)DQS (current)
AuthenticationNone — free anonymous queriesDQS key per operator
Open-resolver detectionTriggers 127.255.255.254 errorsSolved by DQS key authentication
Cost (free tier)Free, low-volume onlyFree for qualifying users; SBL/XBL/CSS/DROP/DBL/PBL/ZRD/AuthBL
Cost (commercial)N/A — required upgrade for high-volumeHundreds to low-thousands USD/year, includes support + extra datasets
Technical supportNoneFree tier: none. Paid tier: yes
Plugin availabilitySpamAssassin, Rspamd pluginsSame plugins, DQS-keyed
2026 statusStill works, deprecatingRecommended for new deployments
DQS migration recommendation: for any new mail infrastructure deployment in 2026, configure DQS from the start — get a free DQS key, configure your mail server's DNSBL plugin with the key, and you avoid the open-resolver attribution problem entirely. For existing deployments using public mirrors, plan the migration as part of regular infrastructure maintenance — there's no immediate cliff but the public mirror tier will eventually sunset.

Spamhaus monitoring in Cloud Server for Email infrastructure

Customer-specific Spamhaus integration on managed PowerMTA + MailWizz infrastructure includes:

  • Pre-delivery DNSBL checks against ZEN at the SMTP transaction layer. Inbound connections are filtered against Spamhaus reputation before message acceptance, reducing spam load and improving downstream filtering accuracy.
  • Outbound IP monitoring against all Spamhaus zones (SBL, XBL, CSS, PBL, DBL, DROP, ZRD). Continuous polling detects new listings within minutes of their publication, triggering automated alerts before customers experience meaningful deliverability impact.
  • Per-zone delisting playbooks. When a customer IP is listed, our deliverability team executes the appropriate workflow — SBL manual ticket, XBL self-service after root-cause fix, CSS form submission — based on the specific zone and the listing context. Detailed remediation procedures are documented in the operations library.
  • DQS-based query infrastructure. Our PowerMTA and SMTP filtering layers use DQS keys, avoiding the open-resolver attribution problem and the 127.255.255.254 false-listing risk. Customers never experience phantom rejections from misconfigured query infrastructure.
  • Snowshoe-pattern detection at the architecture level. Per-vMTA traffic isolation and per-domain throttling profiles in PowerMTA make accidental snowshoe patterns (which trigger CSS listings) very difficult to produce — clean per-IP volume distribution and explicit virtual MTA assignment defeat the heuristics CSS uses to flag distributed spam patterns.

For customers running their own mail infrastructure, we provide Spamhaus deployment consulting — DQS key acquisition, mail server DNSBL plugin configuration, and per-zone delisting workflow training as part of operational engagement.

Auditing your Spamhaus status

Standard verification commands and tools:

# 1. Manual DNS query against ZEN (single-query check across SBL/XBL/CSS/PBL)
#    Reverse the IP: 192.0.2.5 → 5.2.0.192
dig +short 5.2.0.192.zen.spamhaus.org

# 2. Check specific zone (rare — usually use ZEN instead)
dig +short 5.2.0.192.sbl.spamhaus.org
dig +short 5.2.0.192.xbl.spamhaus.org

# 3. Domain check against DBL
dig +short example.com.dbl.spamhaus.org

# 4. Online official tool (recommended for end users)
#    https://check.spamhaus.org
#    Shows specific listing reasons + delisting links

# 5. Test for the 127.255.255.x error range
#    If you see this, your DNS resolver is the problem, not the sender
dig +short 1.0.0.127.zen.spamhaus.org
# Expected: 127.0.0.2 (test address always listed)
# If: 127.255.255.254 — fix your resolver, then retry

The official tool at check.spamhaus.org is the canonical source for end-user lookups — it shows the specific listing reasons, links to delisting forms where applicable, and explains the listing context in operator-friendly language.

  • Sender Reputation — Spamhaus listings are one of the major reputation signals. Most receivers use Spamhaus data alongside their own internal reputation models.
  • IP Warming — accidentally triggering CSS (snowshoe) listings during warming is a common operational mistake. Per-IP volume distribution patterns matter.
  • SPF, DKIM, DMARC — authentication standards. Spamhaus listings are independent from authentication failures, but failing authentication frequently correlates with patterns that lead to Spamhaus listings.
  • PowerMTA — the MTA's per-domain throttling and virtual MTA isolation are the architectural defenses against accidentally producing the patterns CSS uses to flag spam.
  • Blacklist removal guide — operational walkthrough including Spamhaus + 14 other major DNSBLs.

Frequently asked questions

Can I pay to be delisted from Spamhaus faster?

No. Removal from any Spamhaus blocklist is always free, and any service charging for delisting is operating outside the legitimate Spamhaus ecosystem. Spamhaus is explicit that no third party can expedite or guarantee removal. Deliverability consultants do not have special access to the SBL Team or any back-channel for fast-track delisting. The actual fast-track is fixing the root cause cleanly the first time and submitting an accurate, technical, evidence-based delisting request — that combination produces the fastest review.

If my IP is on a Spamhaus list, will Gmail still deliver my mail?

Probably yes, with caveats. Gmail does not consume Spamhaus data directly, so a Spamhaus listing has no automatic effect on Gmail delivery. However, the patterns that produce Spamhaus listings (spam complaints, hitting spam traps, sending to dead lists) are also independently detected by Gmail's internal reputation systems — so by the time you're listed at Spamhaus, you're often also showing reputation degradation at Gmail. Treat a Spamhaus listing as a warning signal that Gmail-side metrics may also be deteriorating, even if the immediate Gmail delivery isn't affected.

What's the difference between SBL and SBLCSS?

SBL is the manually-maintained core list of verified spam sources, with listings made by Spamhaus's OSINT research team after investigation. SBLCSS (also called CSS) is a separate automated sub-list specifically targeting snowshoe and high-volume spam patterns — the difference is mechanism: SBL is humans deciding, SBLCSS is sensors detecting. The delisting flow differs accordingly: SBL requires a manual ticket via the SBL Team (24+ hours), SBLCSS has a self-service form at check.spamhaus.org (30 min - few hours). It's important to confirm which sub-list you're on before attempting removal. Both sub-lists are part of the ZEN composite zone.

How do I know if I'm being affected by the 127.255.255.x error range?

Test your DNS resolver against a known-listed test address. Spamhaus reserves 127.0.0.1 and similar test IPs that should always return a known listing for diagnostic purposes. Run dig +short 1.0.0.127.zen.spamhaus.org from your mail server. The expected response is 127.0.0.2 (a real test listing). If you see 127.255.255.254 instead, your DNS resolver is a public/open resolver (8.8.8.8, 1.1.1.1, etc.) and Spamhaus can't attribute your queries — fix this by using a private recursive resolver (your own bind, unbound, or PowerDNS recursive) or migrating to DQS with a key. Never reject mail when you see 127.255.255.x — those codes mean YOUR query infrastructure has a problem, not that the sender is listed.

Can I be on multiple Spamhaus lists simultaneously?

Yes — and the multi-listing scenario is what ZEN's multi-answer DNS response is designed to surface. A single IP can be in SBL (verified spammer), XBL (also running an exploited proxy), and PBL (in a residential range that shouldn't send direct) simultaneously. A query to ZEN returns all three return codes in one response. The delisting workflow must address each separately: fix the spam issue and submit an SBL ticket, patch the security breach and self-service the XBL, configure SMTP Auth to bypass PBL. Until all are resolved, the IP is effectively unusable for direct mail.

What was ROKSO and why is it no longer public?

ROKSO (Register of Known Spam Operations) was a database of spammers and spam operations that had been terminated from three or more ISPs due to spamming. It tracked roughly 100 organizations responsible for ~80% of the world's spam, with publicly-sourced information about their domains, addresses, and aliases. Per Spamhaus, it stopped being publicly available "at some point after 2023" — a special version remains available to law enforcement agencies, containing data on hundreds of spam gangs with evidence and logs of illegal activities. Spamhaus has stated that a new attribution mechanism is under development that will serve a similar purpose to ROKSO but won't be a direct replacement. ROKSO data still informs SBL listings internally; what changed is public visibility, not internal use.

Why did the e360 Insight LLC lawsuit matter for Spamhaus?

In September 2006, David Linhardt, owner of US bulk-emailing company e360 Insight LLC, filed a lawsuit in Illinois US against Spamhaus in the UK for blacklisting his bulk mailings. Spamhaus, being British with no ties to Illinois, asked for the case to be dismissed for lack of jurisdiction. Judge Charles Kocoras ignored the dismissal request and proceeded — prompting British MP Derek Wyatt to call for the judge to be suspended. Spamhaus refused to participate in what it considered an illegitimate proceeding. The case is operationally relevant because it established the precedent that Spamhaus does not capitulate to legal pressure regarding listings. This editorial independence is part of why mailbox providers trust Spamhaus data — there's no leverage that gets a real spammer delisted.

What's the relationship between Spamhaus and Postmaster Tools?

None directly. Google Postmaster Tools is Gmail's own reputation feedback system — IP reputation, domain reputation, spam complaint rates, authentication failure rates, all measured by Gmail's internal systems. Spamhaus is an independent non-profit operating its own DNSBL infrastructure consumed by other receivers (Microsoft, Apple, Yahoo, Proofpoint). Both are reputation signals operators must monitor, but they're separate systems with different methodologies and different audiences. A clean Postmaster Tools reputation does not protect against Spamhaus listings, and vice versa. Production senders monitor both.

Last updated: May 2026 · Sources: Spamhaus SBL official documentation, ZEN documentation, PBL documentation, DROP documentation, Spamhaus DNSBL Usage FAQ, Wikipedia: The Spamhaus Project, Prospeo 2026 Spamhaus guide, Warmy 2026 SBL/DROP delisting research.