Spamhaus is a nonprofit threat intelligence organization that maintains several widely used blocklists of IP addresses and domains associated with spam, malware, and other abuse.

What is the difference between the SBL, XBL, PBL, and DBL?

The SBL lists known spam sources, the XBL lists compromised or exploited hosts, the PBL covers end-user and dynamic IP ranges that should not send mail directly, and the DBL is a domain blocklist.

How do I know if I'm on a Spamhaus list?

Query the IP or domain against the relevant zone, or use a blocklist checker, then read the listing reason that Spamhaus provides for the entry.

Spamhaus Explained: The SBL, XBL, and DBL

Spamhaus is a nonprofit that tracks spam and malware sources and publishes that data as blocklists. Mail providers query those lists in real time to decide whether to accept, defer, or reject a message. If your sending IP or your domain shows up on a Spamhaus list, a large share of the email world may quietly stop trusting your mail. That makes Spamhaus one of the single biggest factors in whether your messages reach an inbox, which is why it sits at the center of Domain reputation explained.

The organization started in 1998 and has grown into one of the most referenced abuse databases on the internet. Its lists are not the only ones in use, but they are arguably the most consequential, because so many receivers consult them. To understand why a listing carries weight, it helps to know what each list actually covers and how receivers query them. For the underlying query mechanism, see what is a DNSBL, and for the recovery side, see how to get delisted from a blocklist.

Who Spamhaus is and why receivers trust it

Spamhaus maintains its data through a mix of automated sensors, spam traps, malware analysis, and human research. The result is not a single list but a family of them, each scoped to a different kind of problem. Some target the IP address that connected to a mail server; others target the domain found in the message body or envelope. Receivers pick the lists that match their risk tolerance.

The reason all this matters comes down to volume. When a major provider or a corporate mail gateway rejects on a Spamhaus hit, the sender does not get a second chance for that message. Listings are reputational rather than punitive, so the path out always runs through fixing whatever triggered the entry.

The main Spamhaus lists

Each list answers a different question about a connecting host or a referenced domain. The combined zone, ZEN, bundles the IP-based lists into one query so receivers do not have to check each separately.

List	What it covers
SBL (Spamhaus Block List)	IP addresses Spamhaus verifies as sources of spam, plus known spam operations and their infrastructure.
XBL (Exploits Block List)	Hijacked, infected, or otherwise exploited machines: open proxies, worms, and compromised hosts sending without the owner's knowledge.
PBL (Policy Block List)	Ranges of end-user and dynamic IP addresses that should not be delivering mail directly to the internet, typically home and dynamic ISP space.
DBL (Domain Block List)	Domains with poor reputation, including spam, phishing, and malware domains, regardless of which IP sends them.
ZEN	A single combined zone covering SBL, XBL, and PBL data so a receiver can query everything IP-based in one lookup.

The split is deliberate. An IP on the PBL is not accused of anything; it simply sits in a range that should route mail through a provider's relay instead of talking to receivers directly. An IP on the XBL is usually a victim, a machine taken over without its owner noticing. An entry on the SBL or DBL points to actual spam activity tied to that address or domain.

How providers use the lists

Receiving mail servers query these zones over DNS, the same protocol covered by the standard for DNS-based blocklists. When a connection arrives, the server reverses the sending IP, appends the list's zone, and looks it up. A match returns a coded answer that tells the receiver which list fired and, in some cases, why.

What happens next is the receiver's choice. Some reject outright on any hit; others raise a spam score, defer the message, or apply extra filtering. A DBL hit often weighs into content scoring rather than a flat block, since the domain might appear in otherwise legitimate mail. Because policies vary, a listing does not guarantee a bounce everywhere, but it reliably erodes deliverability across the board.

What a listing actually means

A Spamhaus entry is a statement that something looked wrong, and every entry carries a reason. The SBL records the evidence behind a listing. The PBL reflects a network policy, not abuse. The XBL signals a likely compromise that needs cleaning. Reading the listing reason is the first real step, because it tells you whether you are dealing with a hacked server, a bad neighbor on shared infrastructure, a misconfigured relay, or genuine spam coming from your systems.

Removal is never just a request. A delisting that skips the underlying fix tends to reverse itself within hours or days, because the same behavior trips the same detection again. Diagnose the cause, repair it, then ask for removal in that order.

Want to know whether a domain or its mail servers are showing up on Spamhaus or other lists? Run a free reputation check at DomainIntel and see exactly where it stands.