How to Get Removed from Email Blacklists: A Step-by-Step Guide for NZ Businesses

If your emails are bouncing, landing in spam, or being rejected outright, there's a good chance your domain or sending IP has ended up on an email blacklist (also known as a DNSBL or RBL). For New Zealand businesses relying on email for quotes, invoices, and customer communication, being blacklisted can mean lost revenue within hours.

The good news? Most blacklistings can be resolved within 24–72 hours if you take the right steps. Here's how.

What Is an Email Blacklist?

An email blacklist is a real-time database used by mail servers and spam filters to identify IPs or domains known to send spam, malware, or unwanted email. When a receiving server like Gmail, Outlook, or Xtra checks incoming mail, it consults these lists. If you're on one, your message is likely rejected or dumped into the junk folder.

Common blacklists include:

  • Spamhaus (SBL, XBL, PBL, DBL)
  • Barracuda Reputation Block List (BRBL)
  • SpamCop
  • SORBS
  • Invaluement
  • UCEPROTECT

Step 1: Confirm You're Actually Blacklisted

Before panicking, verify the issue. Check bounce messages for phrases like blocked using Spamhaus or listed on zen.spamhaus.org. You can also run a multi-blacklist lookup using tools like MXToolbox or xteam's free MailCheck.

You'll want to check both:

  1. Your sending IP address (the server actually delivering mail)
  2. Your domain name (e.g. yourbusiness.co.nz)

If you use Microsoft 365, Google Workspace, or a provider like SMTP2GO, the sending IP belongs to them — but your domain reputation is still yours.

Step 2: Identify the Root Cause

You won't stay delisted for long if you don't fix what got you listed in the first place. Common causes include:

  • Compromised mailbox — a staff account phished and used to send spam
  • Insecure web form or contact page exploited by bots
  • Missing or misconfigured SPF, DKIM, and DMARC records
  • Purchased or scraped email lists being used for marketing
  • Open relay or misconfigured mail server
  • Shared hosting where another tenant sent spam

Check Your Authentication Records

Run a dig or nslookup on your domain and verify your SPF, DKIM, and DMARC records exist and are correct. A basic SPF record for a Kiwi business using Microsoft 365 looks like this:

yourbusiness.co.nz. IN TXT "v=spf1 include:spf.protection.outlook.com -all"

Your DMARC record should at minimum be:

_dmarc.yourbusiness.co.nz. IN TXT "v=DMARC1; p=quarantine; rua=mailto:dmarc@yourbusiness.co.nz"

If these are missing, receiving servers have no way to verify your mail is legitimate — and you're far more likely to be flagged.

Step 3: Clean Up Before Requesting Delisting

Blacklist operators will re-list you immediately if the problem persists. Before submitting any removal request:

  1. Force password resets on all mailboxes, especially any that show suspicious sent items.
  2. Enable multi-factor authentication (MFA) across your tenant.
  3. Patch your CMS and plugins (WordPress contact forms are a common attack vector).
  4. Review mail flow rules for unauthorised forwarding or auto-replies.
  5. Remove any purchased lists and stop sending to unengaged contacts.
  6. Check outbound volume — a sudden spike often triggers listings.

Step 4: Submit a Delisting Request

Each blacklist has its own process. Here's how to approach the major ones:

Spamhaus

Visit the Spamhaus Lookup Tool and enter your IP or domain. If listed, you'll see which list (SBL, CSS, DBL, etc.) and a link to request removal. Spamhaus will want evidence that you've fixed the issue — be honest and specific.

Barracuda

Go to barracudacentral.org/rbl/removal-request and submit your IP with a brief explanation. Removal is typically within 12 hours if the issue is resolved.

SpamCop

Listings usually expire automatically after 24 hours of clean sending. If volume continues, the listing persists. SpamCop doesn't accept manual removal requests — you must fix the behaviour.

Microsoft & Google Blocklists

If you're blocked by Outlook.com specifically, use the Microsoft Sender Support form. For Gmail, there's no public blocklist — focus on improving your domain reputation through Google Postmaster Tools.

Step 5: Monitor and Prevent Reoccurrence

Getting delisted is only half the battle. To stay off blacklists long-term:

  • Enforce DMARC — move from p=none to p=quarantine and eventually p=reject
  • Monitor DMARC reports to detect unauthorised sending early
  • Warm up new sending IPs gradually if migrating platforms
  • Segment your mailing lists and remove bounces promptly
  • Use a dedicated IP if you send over 100,000 emails per month
  • Implement BIMI to further verify your brand and boost deliverability

A Note for NZ Businesses

Under the Unsolicited Electronic Messages Act 2007, marketing emails must have clear consent, sender identification, and an unsubscribe link. Breaching this isn't just a legal issue — complaints fed into blacklists like SpamCop can land you in the RBLs fast. Always use double opt-in where possible and respect unsubscribes within five working days.

How Long Does Delisting Take?

Blacklist Typical Removal Time
Spamhaus SBL 24–48 hours
Barracuda 12 hours
SpamCop 24 hours (auto-expires)
SORBS 48 hours – 2 weeks
UCEPROTECT L1 7 days (auto)

Deliverability to inboxes may take longer to recover as reputation rebuilds — expect 2–4 weeks of cautious sending.

Check Your Status in 60 Seconds

Not sure if you're blacklisted? xteam's free MailCheck tool scans your domain across dozens of major blacklists, validates your SPF, DKIM, and DMARC records, and tells you exactly what needs fixing — no signup required.

👉 Run a free MailCheck on your domain at xteam.co.nz

Protect your sender reputation before your next campaign goes out — because in email, trust is everything.