Help – I’m listed on the Exploit Blocklist

You can only be listed on the Exploit Blocklist if we have seen traffic that would indicate that the IP address is infected or compromised or is a NAT address and one of the hosts behind the NAT is either infected or compromised.

If the IP address is a genuine email server, then check for firewall misconfigurations e.g. the IP address being used as part of a NAT pool (email servers should NEVER share addresses with other hosts).

If the IP address is part of a NAT pool make sure that port 25 is firewalled and that outbound port 25/tcp is blocked by default, then look at the firewall logs to determine the internal IP address(es) that are trying to connect outbound on 25/tcp and you’ll find your compromised/infected hosts.

If the IP address is a router or IoT device, then it is likely compromised in some way.

Check with the manufacturer of the device and reflash it with the latest firmware and bootloader.

Please don’t request a delist until you’ve identified and fixed the issue first, otherwise you’re going to emit spam in large volumes and get immediately relisted

Back to FAQs
Share
Linkedin Icon Twitter Icon Facebook Icon E-mal Icon
Get in Touch

Talk to us

Do you want to remove your IP/domain from one of our blocklists?
Please use our lookup-service and follow the instructions there in order to get that resolved.