We noticed that some of our users are doing this all wrong, so we thought it’d be a good thing to write a short guide on best practices when delisting your blacklisted IPs.
First and most important, when you get alerted that one or more of your IPs got blacklisted, don’t jump straight to delisting requests from the listed RBLs. It’s extremely important to investigate why the IP got blacklisted in the first place, and neutralize the threat, before requesting it to be delisted.
You may ask why is this such a critical part of the delisting process, because if you do not handle the issue that got the IP blacklisted in the first place (aka: spammer on your network, compromised client hosting malware, etc) and you request the IP to be delisted, it will just get blacklisted right back. Furthermore, some RBLs have a threshold of removals that you can ask for per IP or per block, in order to prevent people asking for delisting over and over and still keeping on spamming, so you’d be wasting these precious removal requests for nothing, up to a point where you won’t be allowed to delist your IP anymore for a period of time, or possibly forever (with some RBLs), which is a point where you do not want to get to.
The best practice is to investigate why your IP got blacklisted in the first place, see to which one of your clients the IP belongs to, check if that client has been compromised or is intentionally sending out spam, fix the problem, and only then, when you’re absolutely sure the problem cannot happen again, you should proceed to requesting the IP to be delisted from the listed RBLs.
What if I first request delisting and then immediately after I’ll look into fixing the issue?
That’s still not advisable, as some RBLs have an automatic delisting process, so you’d be delisting your IP immediately, while the spam/malware still exists. We advise you to first permanently fix the problem and only then request delisting.