Did the CBL Blacklist block your email?

If, so, you are in the right spot.   Below, I detail our CBL blacklist removal process.

The Composite Blocking List (CBL)  lists IP addresses that exhibit spambot, open proxy or similarly behaving email servers.  The CBL blacklist does not list IPs based on volume alone.  The CBL also lists IP addresses used by botnets to facilitate spam, virus downloads and other attacks.   Unlike some email blacklist, the CBL does not list IP ranges.  They only list individual IP addresses.

You may say:

I am not a spammer.

Well, perhaps you are not a spammer, but your server may be exhibiting spam-like characteristics.

If your server’s IP is on the CBL blacklist, your server is either sending spam or participating in malicious botnet.  False positive rates on CBL are low, so if your server’s IP is on the list, you likely have a security issue.

Ready to remove your IP from the CBL Blacklist?  Here’s how:

    1. Check your IP at CBL Lookup Page.
    2. Discover why your IP is on the blacklist list.
    3. Complete the SBL Removal Process.
    4. Verify Blacklist Removal.
    5. Final Thoughts
TL;DR
Make sure your server is not sending spam, that you authenticate your email, and then submit the CBL Blocklist Removal Form.

1. CBL Blacklist Lookup

Typically, you will first discover you are on the block list by receiving a bounce with an error similar to this:

2020-01-30 09:57:10 H=o897.em.app.postmates.com [167.89.54.194]:18898 I=[198.15.70.42]:25 X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no F=<bounces+3633940-e5d9-admin=attorneysrealty.com@em.app.postmates.com> rejected RCPT <[email protected]>: "JunkMail rejected - o897.em.app.postmates.com [167.89.54.194]:18898 is in an RBL: 
Blocked - see https://www.abuseat.org/lookup.cgi

The exact error in the email bounce varies as the recipient’s server can set custom messages, but usually, you will see a reference to the https://www.abuseat.org/ website.

To confirm your IP is on the blocklist, you need to run a CBL lookup.  If your IP is on the list, you will see the following:

cbl blacklist lookup

 

 

2.  CBL’s Blacklist: Reason for Listing

Unlike some RBLs, the CBL will tell you why you are listed.

In the example above, CBL indicates that the computer in question contains a spam bot.  The CBL shows that the IP was detected 93 times in the past 28 days.  They also tell you the last date of detection.   Using this information, you can then examine your mail server logs to determine how the spammers are using your server.

The #1 reason for CBL blacklisting your server is a security breach in which a spam bot is flooding spam from your IP address.

The primary sources of the spam are:

  • Compromised user accounts.
  • Insecure contact forms.
  • Compromised web applications.

Compromised users accounts usually send 1000’s of emails.  By reviewing your email logs or mail statistics, you can easily find the user.   One quick way to find the user is to look for a large number of logins to the SMTP server.   The login string differs between servers, but if you search for the string, you can usually quickly spot the compromised user.  The compromised user will have 100’s if not 1000’s of logins from varying IPs.

Some spambots use legitimate SMTP logins to flood out their spam.  You can spot these by the high volume of SMTP authentications.

While security has improved, web contact forms remain a constant source of spam.  The CBL usually does not pick up these exploits unless they are part of a spam bot network.

Web application exploits can be more difficult to track down, but can land your server’s IP in the CBL.   Spammers use many web-based toolkits to flood spam from servers.  Some kits even include their own SMTP server software.  By including their own SMTP server, the spam never hits your email server’s log files.   These infections can be very difficult to track down.  You can usually spot them by looking for network connections to port 25 that do not correspond with normal email traffic.

3. CBL Blacklist Removal Form

Fixing the source of the spam is the hard part, unlike the Gmail blacklist, CBL features an auto-removal process.easy.

Automatic Removal

The CBL will provide you with an automatic removal link, but only if your IP has stopped sending spam.  Too many re-listings in 24 hours will prevent you from removing your IP address.  You must fix the spam problem before you can remove your IP from the CBL.

Just submit the form and you IP will be removed.

cbl blacklist removal

Problematic IPs

In some cases, you may think you have stopped the spam but continue to see listings at the CBL.  In these cases, you may need an expert to help you track down the source of the spam.  If you are not presented with a removal link, your server is likely still spamming.

4. Verify CBL Blacklist Removal

Send an email — that’s the easiest way to check for removal.
You can run the CBL lookup tools again. The tool should show your IP is not listed.

cbl lookup

5. Final Thoughts

Removing your IP address from the CBL blacklist is easy, but if you fail to stop the spam, your IP will be relisted.  To many re-listing and you will not be able to remove your IP.

Blacklisted elsewhere?  See our email blacklist removal posts on for details on how to remove your server IPs from other email block list.

Menu