dnswatchdog.iodocs
Issues

IP Blocklisted

An IP address associated with your DNS records appears on one or more IP reputation blocklists.

Severity: Critical

What does this mean?

One of the IP addresses your DNS records resolve to has been found on one or more IP reputation blocklists. These blocklists are maintained by security organisations and track IP addresses associated with malicious activity such as spam, malware distribution, phishing, or botnet command-and-control.

DNS Watchdog checks all IP addresses in your inventory against multiple blocklist providers every 6 hours. When an IP is found on any list, this issue is raised with the specific blocklist providers that flagged it.

Blocklist providers checked

DNS Watchdog aggregates data from the following upstream blocklist providers:

ProviderDescription
Spamhaus DROPThe Don't Route Or Peer list — IP ranges hijacked or leased by spammers and cyber criminals
Spamhaus EDROPExtended DROP list — additional netblocks delegated to spammers
Barracuda BRBLBarracuda Reputation Block List — IPs sending spam or known to be compromised
SORBSSpam and Open Relay Blocking System — IPs involved in spam, open proxies, or vulnerable servers
SpamCopSpamCop Blocking List — IPs reported by SpamCop users for sending unsolicited email

The aggregated blocklist is refreshed every 6 hours. Each IP in your inventory is checked against the combined dataset during daily scans and whenever new IPs are discovered.

Why this is a problem

A blocklisted IP can cause:

  • Email delivery failures — mail servers reject messages from blocklisted IPs
  • Reputation damage — your domain may be associated with malicious activity
  • Service disruption — some firewalls and security tools block traffic from blocklisted IPs
  • SEO impact — search engines may penalise sites hosted on blocklisted IPs

If the IP is blocklisted because of activity on your infrastructure, it may indicate a compromise that needs investigation.

What you should do

  1. Check the blocklist providers listed in the issue details to understand why the IP was flagged
  2. Determine if the IP is shared — if you're on shared hosting, another tenant's activity may have caused the listing
  3. Investigate your infrastructure — if the IP is dedicated to you, check for signs of compromise (unexpected outbound traffic, open relays, malware)
  4. Request delisting — most blocklist providers have a delisting process once the underlying issue is resolved
  5. Consider migrating — if the IP is on shared infrastructure you don't control, moving to a clean IP may be faster than waiting for delisting

Automatic resolution

This issue resolves automatically when the IP is no longer found on any blocklist during a subsequent scan. DNS Watchdog re-checks every 6 hours, so resolution typically appears within 6–12 hours of the IP being delisted.

Ignoring this issue

If you've determined the blocklisting is a false positive or doesn't affect your use case, you can mark the issue as Ignored with a reason. Ignored issues are preserved across scans and won't generate new notifications.

Inactive IP Address

No open ports or services detected on a resolved IP address.

Expired Certificate

The SSL/TLS certificate has expired.

On this page

What does this mean?Blocklist providers checkedWhy this is a problemWhat you should doAutomatic resolutionIgnoring this issue