All guides

Check Your Email Domain for Blocklists Before Sending

InboxRadar grades your email deliverability free and emails you when it changes. Check your domain.

Check before the send, not after the damage

A clean-looking domain can still drag a campaign into spam if the sending IP, bounce domain, or tracking link is listed.

Before a cold email push or newsletter launch, check the full sender path. That means the domain in your visible From address, the envelope sender or Return-Path domain, the DKIM signing domain, your tracking or click domain, image hosts, landing pages, and the IPs your provider will use to send. If you use Google Workspace, Microsoft 365, Mailchimp, HubSpot, Apollo, Resend, SendGrid, or another ESP, the IP may be shared unless you are on a dedicated plan.

Start with lists that receivers and spam filters commonly use: Spamhaus ZEN, SBL, CSS, and DBL, SpamCop, Barracuda, URIBL, and SURBL. Check IP lists and domain or URI lists separately. Then read the bounce text from past sends. A real SMTP error from Gmail, Outlook, or a business gateway is stronger evidence than a random checker that flags a small private list your buyers may never use.

The pre-send blocklist checklist

Do this before you upload the list or schedule the campaign.

  • List every domain in the message: From, envelope sender or Return-Path, DKIM d= domain, tracking links, image host, unsubscribe link, and landing page.
  • Find the sending IPs. Ask your ESP or send a small test to a mailbox where you can read full headers.
  • Check IP blocklists and domain blocklists separately. An IP listing can hurt mail from that server. A domain or URI listing can hurt any message that links to that domain.
  • Treat Spamhaus, SpamCop, Barracuda, URIBL, and SURBL as high-signal checks. Do not panic over obscure lists unless your target receivers use them.
  • If a shared ESP IP is listed, open a ticket with the ESP. You usually cannot delist a shared IP yourself.
  • If your own domain or dedicated IP is listed, pause the send, fix the cause, then request delisting through that blocklist's official process.

A listing is a symptom. Common causes include a compromised mailbox, a bad purchased list, spam traps, high complaint rates, broken unsubscribe handling, open relay behavior, or a tracking domain that appeared in abusive mail. Sending more while you are listed usually makes the next review harder.

Fix authentication before blaming a blocklist

Many senders chase blocklists when the real problem is a weak sender setup.

SPF is the TXT record that authorizes mail sources for the envelope sender domain, also called the MAIL FROM or Return-Path domain. Publish one SPF record for that domain, include only real senders, and keep SPF evaluation under the 10 DNS-lookup limit from RFC 7208. End with ~all while you are still validating sources. Move to -all only when every real sender is covered. Never use +all.

DKIM signs each message with a private key at your mail provider and a public key in DNS. The public key is published under a selector, usually at selector._domainkey.example.com. Check that the provider is signing mail, that the selector exists, and that the DKIM d= domain matches or aligns with your visible From domain. If a newsletter platform signs only with its own domain, DMARC may still fail unless SPF also passes with alignment.

DMARC ties SPF and DKIM results to the visible From domain. A message passes DMARC when SPF or DKIM passes and the passing domain aligns with the From domain. A basic monitoring record is v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com. Move from p=none to p=quarantine and then p=reject after your real mail sources pass with alignment. Use aggregate RUA reports to find hidden senders before enforcement. If the XML is hard to read, the free DMARC report reader can turn it into a plain source list.

Also check MX records for reply handling, reverse DNS for dedicated sending IPs, and the current sender rules from Gmail and Microsoft. Gmail's published guidelines require SPF or DKIM for all senders and SPF, DKIM, and DMARC for bulk senders. Microsoft's Outlook.com high-volume sender guidance also points senders to SPF, DKIM, DMARC, and domain alignment. Authentication will not save unwanted mail, but missing authentication can bury good mail.

How to decide whether to send

Use the result to make a go, pause, or fix decision.

  • Go if your important domains are clear, your sending IP is clear, SPF passes within 10 lookups, DKIM signs, DMARC exists, and test mail lands without authentication warnings.
  • Pause if Spamhaus, Barracuda, URIBL, SURBL, or SpamCop lists the sending IP or a domain used in the message.
  • Fix first if DMARC is missing, SPF has more than 10 lookups, SPF uses +all, DKIM is not signing, or your From domain does not align with SPF or DKIM.
  • Reduce risk if you recently changed ESPs, added a tracking domain, imported an old list, or saw a spike in bounces or complaints.

Do not delist first and investigate later. Blocklists expect you to remove the abuse source. Clean the list, remove risky automations, rotate compromised keys, fix forms that can be abused, and confirm nobody is sending through an old tool you forgot about. Then file the delisting request with the facts.

For a quick read on DNS health, run the free InboxRadar domain scorecard. It checks SPF, DKIM, DMARC, and MX from live DNS and gives you the highest-impact fixes before you launch.

AI search visibility is a separate launch check

If your campaign points to a new landing page, make sure people and AI answer engines can read it.

The crawlers that decide whether you can appear in AI answers are OAI-SearchBot for ChatGPT search, Claude-SearchBot for Claude, PerplexityBot for Perplexity, Googlebot for Google AI Overviews through the normal Search index, and Applebot for Apple Intelligence. Disallowing those crawlers in robots.txt removes you from that engine's answer system.

Do not confuse those with training controls. GPTBot, ClaudeBot, CCBot, Google-Extended, and Applebot-Extended are training or opt-out controls. Blocking them does not remove you from live AI-search visibility. Google-Extended and Applebot-Extended are robots.txt control tokens, not separate crawlers that visit your site.

Robots.txt is a stated policy, not proof of behavior. Perplexity-User and Bytespider have been reported to ignore it, so logs and vendor docs matter. Googlebot documents JavaScript rendering. For other AI crawlers, client-side-only content is an undocumented risk, so put the core answer, pricing, proof, and contact path in server-rendered HTML when you can. The free AI visibility checker can flag the common crawlability mistakes.

Common questions

Can my domain be clean while my email still goes to spam?

Yes. Mailbox providers use more than blocklists. They look at authentication, alignment, complaint rate, bounce rate, engagement, content, URL reputation, sending pattern, and their own private reputation data.

Is an IP blocklist or domain blocklist worse?

It depends on what is listed and who uses that list. A sending IP listing can hurt all mail from that IP. A domain or URI listing can hurt any message that links to the domain, even when sent from a different provider.

Should I send from a new domain to avoid a listing?

No. That usually creates a second problem. New domains have little reputation, and mailbox providers can connect related domains through links, infrastructure, and behavior. Fix the cause first.

How often should I check before sending?

Check before every major launch, after changing ESPs, after adding a tracking domain, and whenever bounces mention reputation or blocklists. For active outbound, monitor weekly or daily during large sends.

Does a DMARC policy of p=none improve delivery?

It helps receivers see that you publish DMARC, and it gives you reports, but it does not ask receivers to quarantine or reject failing mail. Use p=none to find sources, then move toward quarantine or reject when legitimate mail passes.

Related guides

Check your domain free

InboxRadar grades your email setup A to F in about three seconds, then watches it and emails you the moment something breaks. Free, no login.

Check your domain