Look Up Suspicious IP Addresses on DNS Blacklists

Verify and report spammers and hackers

Hands typing on keyboard of a laptop

Westend61/Getty Images

A Domain Name System Blacklist (also referred to as a DNS Blacklist or DNSBL) is a database that contains the IP addresses of known spam-generating hosts on the internet. These hosts are typically email servers that generate large volumes of unsolicited email messages or other internet servers used for network attacks. A DNSBL tracks servers by IP address and also within the internet Domain Name System.

There are dozens of DNSBLs available. Each of them maintains its own list based on its criteria for spammers. The standards of some of them are stricter than others, but most DNSBLs publish information on what a listing at their site means. One DNSBL may work better for you than another one.

Who Uses DNSBLs?

Although you may not be aware of it, most email servers use at least one DNSBL in an effort to prevent junk mail from ending up in your inbox. Mail servers are the largest users of DNSBLs. However, individuals also use DNSBLs to ascertain whether their spam emails are coming from a known spam offender and to report their own results for other internet users.

DNS blacklists help you determine whether message senders may be spammers or hackers. You can also report spam and suspicious addresses to a DNSBL for the benefit of others on the internet. The largest blacklists contain millions of entries.

You Need an IP Address

Enter IP Address field on SpamRATS website

To use one of the DNSBL services, type an IP address into the form it provides. The service looks for it in the database and displays any results it finds. If you are researching the origin of a spam email you received, you obtain its IP address from the email headers. You may need to expand the header to locate the IP address because most ISPs display short-form headers. However, the information is there if you know where to look.

Gmail headers do not include the sender IP address information, only its own IP address, so it is impossible to find the sender's IP address in a Gmail.

After you have the sender's IP address, enter it into one of the many DNS Blacklists, including:

A DNSBL contains only public addresses, not private IP addresses used on local networks.

What Is Spam?

The term spam refers to unsolicited commercial advertisements distributed online. Most spam comes to people via email, but spam can also be found in online forums.

Spam consumes a tremendous amount of network bandwidth on the internet. More importantly, it can consume much of a user's personal time if it is not appropriately managed. Email applications have been enhanced significantly over the years to do a better job of detecting and filtering spam, but some spam still slips through.

When you receive an email message you think is spam, you can (and should) report it to your Internet Service Provider (ISP). Many ISPs provide a Spam button just for that purpose.

Some people also consider internet advertising (such as pop-up browser windows) to be spam. In contrast to true spam, though, these forms of advertising are provided to people in the act of visiting websites and are a cost of doing business to support those sites' products and services.