Look Up Suspicious IP Addresses on DNS Blacklists

Verify and report spammers and hackers

Hands typing on keyboard of a laptop

Westend61/Getty Images

A Domain Name System Blacklist (also referred to as a DNS Blacklist or DNSBL) is a database that contains the IP addresses of known spam-generating hosts on the internet. These hosts are either email servers that generate volumes of unsolicited email messages or other internet servers used for network attacks. A DNSBL tracks servers by IP address and also within the internet Domain Name System.

There are dozens of DNSBLs available. Each maintains its own list based on its criteria for spammers. The standards of some are stricter than others, but most DNSBLs publish information on what a listing at their site means. One DNSBL may work better for you than another one.

Who Uses DNSBLs?

Most email servers use at least one DNSBL to prevent junk mail from ending up in your inbox. Mail servers are the largest users of DNSBLs. However, individuals also use DNSBLs to find out if their spam emails are coming from a known spam offender and to report their results for other internet users.

Use DNS blacklists to determine whether message senders may be spammers or hackers. You can also report spam and suspicious addresses to a DNSBL for the benefit of others on the internet. The largest blacklists contain millions of entries.

You Need an IP Address

To use one of the DNSBL services, type an IP address into the form it provides. The service looks for the IP address in the database and displays the results it finds.

Enter IP Address field on SpamRATS website

If you want to know the origin of a spam email you received, obtain its IP address from the email headers. You may need to expand the header to locate the IP address because most ISPs display short-form headers.

It's not possible to find the sender's IP address in a Gmail message. Gmail headers do not include the sender IP address information, only the Gmail IP address.

After you have the sender's IP address, enter it into one of the many DNS Blacklists, including:

A DNSBL contains only public addresses, not private IP addresses used on local networks.

What Is Spam?

The term spam refers to unsolicited commercial advertisements distributed online. Most spam comes to people through their email, but spam can also be found in online forums.

Spam consumes a tremendous amount of network bandwidth on the internet. More importantly, it can consume much of a user's personal time if it is not appropriately managed. Email applications have been enhanced over the years to effectively detect and filter spam, but some spam still slips through.

When you receive an email message you think is spam, report it to your Internet Service Provider (ISP). Many ISPs provide a Spam button just for that purpose.

Some people also consider internet advertising (such as pop-up browser windows) to be spam. In contrast to true spam, though, these forms of advertising are provided to people in the act of visiting websites and are a cost of doing business to support those sites' products and services.