What Is the Spamhaus Policy Blocklist (PBL)?
The Policy Blocklist (PBL) helps minimize the risk of spam and malware distribution, thereby protecting the integrity of email communication networks.
The Spamhaus Policy Blocklist (PBL) is a specialized email filtering tool aimed at preventing abusive email practices by blocking outbound email sent from dynamic or residential IP addresses. These IP ranges are typically not intended for direct mail delivery without proper authentication.
By enforcing this policy, the PBL helps minimize the risk of spam and malware distribution, thereby protecting the integrity of email communication networks. Internet Service Providers (ISPs) and mail server administrators can leverage the PBL to ensure that only authenticated and properly configured email servers are allowed to send mail, enhancing overall email security and reliability.
PBL: About the Data
The Policy Blocklist (PBL) is a vital dataset that identifies end-user IP ranges that should never directly send emails to their final destination. Primarily composed of IPv4 addresses, with some IPv6 ranges, it is formatted in Classless Inter-Domain Routing (CIDR).
How the Spamhaus Policy Blocklist Works
The PBL designates end-user IP ranges that must not send unauthenticated SMTP emails directly to Internet mail servers. Emails originating from IPs listed in the PBL should be routed through an SMTP server with authentication before being delivered. This SMTP server can be provided by the ISP or an external mail service.
The PBL includes both dynamic and static IP addresses that, according to policy (either the block owner’s or Spamhaus’ in the absence of one), should not send emails directly to third-party MX servers. It aids networks in enforcing their Acceptable Use Policies (AUP) for dynamic and non-MTA customer IP ranges.
End users can request to have their IP excluded from the PBL if it aligns with their network’s policy. Visit this link, input your IP, and follow the provided instructions.
Benefits of using the PBL Dataset
IPs in this dataset are not inherently “bad”; they simply should not send emails directly. Many ranges are added and maintained by networks, ensuring high data accuracy. Spamhaus’ researchers also identify end-user IP spaces with high concentrations of “botnet zombies,” which are major spam sources. This dataset covers over 1.4 billion IPv4 addresses, nearly 40% of routable IPv4 space, and is actively maintained and expanding.
Email administrators can utilize this real-time DNSBL to reduce spam and malicious emails from residential addresses. User-generated exclusions help prevent legitimate mail from being rejected, ensuring industry-leading catch rates with minimal false positives. This reduces security risks, email infrastructure costs, and human resource requirements.
How to Use the Policy Blocklist Dataset
To maximize the benefits of Spamhaus’ data, integrate blocklists at critical stages in the email filtering process. The PBL is specifically designed to be used against the connecting IP during the initial SMTP connection.
Spamhaus Blocklists Work Well Because They Are Free
Each blocklist targets a distinct type of behavior. Relying on a single blocklist limits the effectiveness of the data. Spamhaus offers three other IP-based blocklists for free:
- Spamhaus Blocklist (SBL)
- Combined Spam Sources blocklist (CSS)(included in the SBL DNSBL zone)
- Exploits Blocklist (XBL)
These IP blocklists can be accessed via ZEN, which consolidates these datasets for easier and faster querying. While most malicious emails are intercepted at the SMTP transaction stage, some sophisticated actors invest significantly to evade IP detection. To enhance your catch rates, also employ domain and hash blocklists to filter emails post-acceptance. Spamhaus offers the Domain Blocklist (DBL) for free for this purpose.
Technical Information
You can utilize the data through SMTP server configuration for connection and transaction checks, and use open-source tools like SpamAssassin and Rspamd for content analysis. Plugins for these tools are readily available to reduce configuration time for users of Spamhaus Technology’s free Data Query Service.
How to Access the PBL Dataset
Spamhaus DNSBLs are available at no cost for low-volume, non-commercial users. Unsure if you qualify? Review our DNSBL usage criteria. Free accounts can be acquired through our partner, Spamhaus Technology. Sign up for data access via the Data Query Service.
Best Practices for Maintaining Positive IP Reputation
Spamhaus data protects billions of mailboxes worldwide. To avoid being listed and ensure uninterrupted email service, adhere to these best practices:
- Restrict Outbound SMTP Traffic – Configure your firewall to allow outbound SMTP traffic (port 25) only from your mail server’s internal IP.
- Segment Your Network – Isolate your email infrastructure from the rest of your network’s IP space.
- Verify Infrastructure Providers – Ensure your internet infrastructure providers, such as ISPs, are reputable.
- Implement Double Opt-In – Avoid spam traps by ensuring emails are sent only to real, interested recipients.
- Ensure Proper Configuration – Match your hostname with your HELO and ensure your reverse DNS (PTR record) points to the same hostname.
Note: These actions may require coordination with network administrators and deliverability specialists.
Removal from Policy Blocklist
IPs in this dataset aren’t inherently “bad.” If your IP is mistakenly listed on the Policy Blocklist, visit https://check.spamhaus.org for more information and PBL removals.
How to Use Policy Blocklist (PBL) Ranges
Network owners and ISPs can manage their IP space by submitting PBL ranges. Modify IP ranges to implement specific policies, including allowing or disallowing removals.