sfw/fix
SURBL / URIBL listed high

Domain listed on a URI blocklist (SURBL / URIBL)

Your domain appears in spam or phishing message bodies, so SURBL or URIBL blocklisted the domain itself.

What you see

Rejected: message body contains a URI listed in
multi.surbl.org / multi.uribl.com
(550 5.7.1 Message contains a blacklisted URL)

What’s actually happening

Mail that mentions your domain — newsletters, password resets, plain replies with your link in the signature — gets bounced or dumped to spam, even when it's sent from a clean IP. The rejection names a SURBL or URIBL zone, not an IP blocklist like Spamhaus. The key tell: these lists check domains and hostnames found inside the message body, so your sending reputation can be spotless and mail still fails.

Common causes

  • Your domain was used in spam or phishing campaigns (often after a compromise), and spam traps caught the link
  • A hacked page, open redirect, or injected spam content on your site got crawled and flagged
  • You share a domain or link-shortener path with known-bad content
  • A redirect or tracking domain in your email points through a listed host
  • An expired-domain catcher or scraper picked up your URL from a leaked list

How to fix it

  1. Confirm the listing and which zoneCheck your domain directly at surbl.org/surbl-analysis and the URIBL lookup. Note the exact list (e.g., multi.surbl.org PH for phishing, ABUSE, or MW for malware) — the reason determines what you have to clean before delisting will stick.
  2. Find and remove the bad contentIf you're listed for malware or phishing, the site is almost certainly compromised. Scan for injected files and rogue redirects, audit recently modified files and .htaccess, rotate all credentials, and patch the CMS and plugins. Delisting without cleaning just gets you relisted.
  3. Fix open redirects and third-party linksLock down any /redirect?url= or /out?to= endpoints that let attackers bounce through your domain. If a tracking or shortener domain you use is the listed one, swap it.
  4. Submit a removal requestOnce the domain is clean, use the SURBL removal form and URIBL's removal process to request delisting. SURBL also auto-expires entries once the source stops seeing abuse, so removal can take a cycle even after you submit.
  5. Warm back up and monitorAfter delisting, watch bounce logs and recheck the lists for a couple weeks. A second listing soon after means you missed a piece of injected content.

Stop it recurring

Keep the CMS, plugins, and credentials current and monitor your domain against SURBL/URIBL weekly, so a compromise gets caught before spammers blast your links.

Related errors

Blocked by Project Honey Pot http:BL (DNS blacklist)

medium

A site security plugin queried Project Honey Pot's http:BL and blocked the visitor's IP as a flagged threat.

Cisco Umbrella / OpenDNS "This site is blocked" (DNS-layer category block)

high

A network's Umbrella or OpenDNS resolver classified the domain and returned its block page instead of the site.

Google Safe Browsing "Deceptive site ahead" warning

critical

Google Safe Browsing flagged the site for phishing or malware, so Chrome shows a full red interstitial before the page loads.

IP listed on Spamhaus blocklist (DNSBL)

high

Your sending IP is on a Spamhaus DNSBL as a spam source or compromised host, so receiving mail servers reject your messages.