Listed on Spamhaus AuthBL? How to get delisted

Spamhaus AuthBL, a subset of the XBL, lists IP addresses seen using stolen credentials or brute-forcing logins (SMTP-AUTH, IMAP and similar protocols). It targets the authentication and submission path, not inbound delivery.

Confirm whether your domain and mail servers are listed.

Why Spamhaus AuthBL lists a IP

An IP is listed after login abuse originates from it, which usually means a compromised host, malware, or a shared or NAT address with an infected device behind it.

How to get delisted

  1. Identify and clean the compromised source: scan the host for malware and isolate any infected device sharing the IP.
  2. Rotate the affected mailbox passwords and enable two-factor authentication so stolen credentials stop working.
  3. Once the abuse has stopped the listing expires on its own; to speed that up you can request removal through the Spamhaus IP and Domain Reputation Checker.

Removal request page: https://check.spamhaus.org/

Prevent re-listing

Delisting only holds if the cause is fixed. Enforce a DMARC policy, keep SPF and DKIM aligned, secure sending accounts, and monitor for compromise. A clean deliverability report is the best signal that the underlying setup is sound.

Frequently asked questions

How long does Spamhaus AuthBL delisting take?
It varies by list. Automatic lists clear within hours once the abuse stops. Manual removals apply as soon as the operator processes the request, provided the root cause is resolved.
Will delisting fix my deliverability?
Removing the listing helps, but receivers also weigh authentication and sending reputation. Pair delisting with a strong SPF, DKIM, and DMARC setup for lasting improvement.