Listed on Spamhaus AuthBL? How to get delisted
Spamhaus AuthBL, a subset of the XBL, lists IP addresses seen using stolen credentials or brute-forcing logins (SMTP-AUTH, IMAP and similar protocols). It targets the authentication and submission path, not inbound delivery.
Confirm whether your domain and mail servers are listed.
Why Spamhaus AuthBL lists a IP
An IP is listed after login abuse originates from it, which usually means a compromised host, malware, or a shared or NAT address with an infected device behind it.
How to get delisted
- Identify and clean the compromised source: scan the host for malware and isolate any infected device sharing the IP.
- Rotate the affected mailbox passwords and enable two-factor authentication so stolen credentials stop working.
- Once the abuse has stopped the listing expires on its own; to speed that up you can request removal through the Spamhaus IP and Domain Reputation Checker.
Removal request page: https://check.spamhaus.org/
Prevent re-listing
Delisting only holds if the cause is fixed. Enforce a DMARC policy, keep SPF and DKIM aligned, secure sending accounts, and monitor for compromise. A clean deliverability report is the best signal that the underlying setup is sound.