The Spamhaus DROP (Don’t Route Or Peer) list is a database of IP netblocks that have been hijacked or are controlled by cybercriminal operations. Unlike standard email blacklists, DROP is designed for BGP route filtering at the router level. Delisting requires the network operator, not the individual sender, to contact Spamhaus with evidence that the netblock is no longer under malicious control.
Finding your IP on the Spamhaus DROP list is one of the more serious email deliverability situations you can encounter, and also one of the most misunderstood.
Most senders assume DROP works like other blacklists: you get listed, you fix the issue, you request removal. But Spamhaus DROP is different. It operates at a different layer of the internet, lists entire IP ranges rather than individual addresses, and has a removal process that usually requires action from your ISP or network operator rather than from you directly.
Three things make DROP distinct from other Spamhaus lists:
- It lists netblocks, not individual IPs. DROP does not list a single IP address. It lists entire ranges, sometimes thousands of addresses, that are under criminal control. If your individual IP falls within one of those ranges, it is affected by the listing even if your specific address never sent a single spam message.
- It is designed for BGP route filtering, not just email. Most email blacklists are consulted by mail servers to decide whether to accept a specific message. DROP is designed to be deployed at the router and firewall level. ISPs and large networks use it to block all traffic from listed netblocks, not just email. This makes DROP listings more severe in their potential impact.
- Listings reflect infrastructure hijacking, not just spam behavior. The reason IPs end up on DROP is not that they sent spam. It is that the netblock they belong to was seized by criminal gangs through BGP hijacking, fraudulent registry allocations, or unauthorized sub-leasing from legitimate holders.
The Spamhaus DROP Datasets: DROP, DROPv6, and ASN-DROP
Important update: As of April 10, 2024, Spamhaus merged the EDROP (Extended Don’t Route Or Peer) data into the main DROP list. EDROP no longer exists as a separate dataset as its coverage is now unified under DROP. If you’ve come across older documentation referencing EDROP as a distinct list, that information is out of date.
Today, Spamhaus maintains three DROP datasets:
| Dataset | What It Covers | JSON Feed |
|---|---|---|
| DROP | IPv4 netblocks hijacked or controlled by professional cybercriminals and spam operations (includes former EDROP coverage) | drop_v4.json |
| DROPv6 | IPv6 netblocks under criminal control | drop_v6.json |
| ASN-DROP | Autonomous System Numbers (ASNs) hijacked or leased by professional spam or cybercrime operations | asndrop.json |
All three datasets are available free of charge from Spamhaus in JSON format. The DROP list is re-evaluated on a daily basis. Listings can change as Spamhaus investigators track the continuous movement of rogue networks attempting to evade detection.
What DROP covers and what it does not
- DROP will not list IP space that has been legitimately allocated to a network and then reassigned, even if reassigned to confirmed spammers.
- DROP is specifically for netblocks that are directly hijacked or allocated to criminal operations from the start.
- Standard spam-related listings against legitimate IP space remain on the main SBL instead.
This also means all DROP-listed netblocks are simultaneously listed in the SBL.
What about ASN-DROP?
- Beyond IP address ranges, Spamhaus also tracks hijacked or leased Autonomous System Numbers (ASNs), the routing identifiers that determine how traffic flows between networks.
- An ASN can be hijacked just like an IP range: abandoned ASNs are sometimes taken over by spammers or their suppliers to announce various IP ranges, meaning both the netblock and the ASN advertising it can be compromised simultaneously.
- If you believe your ASN is incorrectly listed on ASN-DROP, use the Spamhaus IP and Domain Reputation Checker to search for it and follow the removal steps provided.
Why IP netblocks end up on the DROP list
Unlike spam-based listings that result from sending behavior, DROP listings reflect infrastructure-level control by malicious actors. The most common scenarios:
- BGP hijacking. Criminal operators exploit weaknesses in the Border Gateway Protocol to fraudulently announce routes for IP space they do not legitimately control, rerouting traffic through their infrastructure.
- Registry fraud. Netblocks are obtained through fraudulent applications to regional internet registries using falsified documentation, then used exclusively for spam and cybercrime operations.
- Compromised or abandoned space. Legitimate IP allocations that fall dormant are sometimes seized or squatted upon by criminal operations, particularly in regions with looser enforcement of registry agreements.
- Sub-allocation to criminal networks. In the EDROP case, a legitimate holder sub-allocates a portion of their IP space (knowingly or unknowingly) to operations that use it for malicious activity.
If your IP is within a DROP-listed netblock, your situation is most commonly one of two things:
- You are using an ISP or hosting provider whose IP space was compromised
- You acquired IP space that was already in criminal use before it reached you.
How to check if your IP is on the Spamhaus DROP list
The fastest way to check is through the Spamhaus IP and Domain Reputation Checker. Enter your IP address and the tool will return its status across all active Spamhaus datasets.
Pro Tip: Even if your IP clears the Spamhaus DROP checker, run Warmy’s free Email Deliverability Test immediately afterward. A DROP listing can leave residual reputation signals across other blacklists and inbox providers that the Spamhaus tool alone will not reveal. Warmy’s test checks your authentication status, blacklist standing across multiple datasets, and inbox placement across Gmail, Outlook, and Yahoo simultaneously.
The Spamhaus DROP delisting process
Step 1: Understand your position before acting
Before submitting any removal request, establish the facts:
- Confirm your IP is within a DROP-listed netblock and not another Spamhaus list. The code must be 127.0.0.9.
- Identify who controls the netblock. Is it your ISP, your hosting provider, or a range you own directly?
- Determine whether you are the network operator of the listed range or a user within someone else’s listed space
This distinction is critical because individual senders cannot directly request DROP delisting. The removal process requires action from the network operator or ISP responsible for the listed IP space. If you are an end user, your first step is contacting your ISP, not Spamhaus.
Step 2: If you are the network operator
If you or your organization directly controls the listed netblock, you can initiate the delisting process:
Research the listing. Review Spamhaus’s DROP documentation at spamhaus.org to understand their criteria and process for DROP removals.
Gather evidence of remediation. Spamhaus requires proof that the netblock is no longer under malicious control. This may include:
- Documentation showing legitimate registry allocation or reallocation
- Evidence of infrastructure cleanup (removal of malware, botnet command-and-control servers, spam infrastructure)
- Security audit reports from qualified third parties
- Correspondence with your upstream provider demonstrating corrective action
Contact Spamhaus through the SBL removal process. Because DROP is a subset of the SBL, every DROP listing is tied directly to a corresponding SBL record referenced in the DROP data file.
Once Spamhaus removes the underlying SBL record, the DROP listing is automatically removed as well. This means your removal request should go through the SBL process, locate the specific SBL record associated with your netblock and initiate removal from there, not by contacting the DROP team separately.
Use Spamhaus’s official IP and Domain Reputation Checker at spamhaus.org to find the linked SBL record. In your request:
- Include the specific IP range and the return code (127.0.0.9)
- Reference the associated SBL record number
- Provide your contact details and organizational affiliation
- Summarize the remediation steps taken and attach supporting documentation
Step 3: If you are an end user (not the network operator)
If you are a sender whose IP falls within a DROP-listed range but you do not control the netblock:
- Contact your ISP or hosting provider immediately and report the Spamhaus DROP listing
- Request that they either remediate the issue with Spamhaus or assign you a new IP address from a clean range
- If your ISP is unresponsive or the situation is not resolved, consider migrating to a different provider with a clean IP allocation
In this scenario, your deliverability problem is fundamentally an infrastructure problem — it will not be resolved by sender-side actions alone.
Step 4: After submitting your request
Spamhaus typically responds to DROP delisting requests within a few days, though timing varies based on the complexity of the case and request volume. Responses may include:
- Immediate delisting if evidence is satisfactory
- A request for additional documentation or clarification
- A denial with specific reasons, requiring further remediation before reapplication
If denied, review the stated reasons carefully, address every outstanding issue, and reapply only after each point has been resolved. Reapplying before completing remediation typically results in a second denial and may delay the overall process.
Not sure whether a DROP listing is the only issue affecting your email deliverability? Run a free Email Deliverability Test from Warmy.io with full blacklist check across multiple datasets, authentication status, and inbox placement across Gmail, Outlook, and Yahoo.
Post-delisting: How to rebuild your sender reputation
Getting removed from the Spamhaus DROP list closes the listing, but it does not undo the reputation damage that accumulated during the period your IP was listed. To make things worse, inbox providers and other blacklist operators may have already built negative signals about your IP range. Restoring deliverability requires active work.
Expert perspective: The most effective post-delisting strategy is not passive monitoring. It is actively generating positive signals through consistent, legitimate sending that rebuilds the trust inbox providers lost.
1. Monitor your IP status continuously
Regular monitoring prevents a re-listing from escalating into a sustained deliverability crisis. Set a recurring schedule to check your IP across Spamhaus and other major blacklists. Warmy’s Domain Health Hub provides continuous visibility into:
- DNS record health (SPF, DKIM, DMARC)
- Inbox placement test results across providers
- Google Postmaster metrics
- Deliverability percentage trends
- Blacklist status across multiple datasets
Catching a re-listing within hours of it occurring is far less damaging than discovering it days later through declining open rates.
2. Implement proper email authentication protocols
If SPF, DKIM, and DMARC were not properly configured before the DROP listing, now is the time to fix them. Authentication signals to inbox providers that your sending infrastructure is controlled and accountable.
- SPF: Use Warmy’s free SPF Record Generator to build a correctly formatted record
- DKIM: Enable signing through your email service provider
- DMARC: Use Warmy’s free DMARC Record Generator to publish a policy and begin receiving aggregate reports
3. Warm up your IP and domain with Warmy.io
Warmy.io is an AI-driven email warmup and deliverability platform built specifically to rebuild the kind of sender reputation that DROP-level incidents destroy.
After a serious listing, inbox providers have either no positive history with your IP or actively negative signals. Sending at full campaign volume immediately after delisting (even with perfect authentication) will not work. Inbox providers need to see a pattern of consistent, engaged sending before they extend trust again.
What Warmy does:
AI-powered warmup. Warmy’s Adeline AI gradually increases sending volume from your domain and IP, generating authentic opens, replies, and inbox rescues from real mailboxes. This rebuilds the engagement signal that inbox providers use to assess whether your mail is wanted without the risk of triggering filters by scaling too fast.
Real engagement signals. Every warmup email generates a genuine interaction: opens, scrolls, replies, and when necessary, spam rescues that move messages from spam to inbox. These signals are weighted heavily by Gmail and Outlook when scoring your domain’s trustworthiness. Warmy provides this with our email warmup solution. Adding Seed List or Warmup With Clicks adds even higher engagement signals like clicks.
Continuous domain health monitoring. Warmy tracks your deliverability percentage, blacklist status, and inbox placement in real time, giving you confirmation that the warmup is working and early warning if any new listing appears.
4. Maintain strong email hygiene practices
Post-delisting discipline is what prevents re-listing:
- Keep bounce rates below 2% by removing invalid addresses immediately
- Keep spam complaint rates below 0.1% by making unsubscribing easy and visible
- Avoid sudden sending volume spikes. Increase volume no more than 20–30% per week
- Conduct regular security audits to ensure your network is not compromised
- Use double opt-in to ensure your list contains recipients who genuinely want your emails
Spamhaus DROP drops deliverability
A Spamhaus DROP listing reflects infrastructure-level criminal activity, not individual sending behavior. Understanding that distinction is the first step toward resolving it correctly.
Getting delisted requires the right person (the network operator) to take the right action (evidence-backed contact with Spamhaus) through the right channel (Spamhaus’s official process). So individual senders who try to shortcut this or who skip straight to resending without rebuilding reputation typically find that deliverability problems persist long after the DROP listing is removed.
The complete path is: confirm the listing, identify who owns the netblock, remediate the infrastructure, request removal with evidence, then actively rebuild reputation through warmup and continuous monitoring.
Talk to an expert if you have an active deliverability crisis that needs immediate attention. Let Warmy rebuild the sender reputation that a DROP listing damaged, with AI-powered warmup and domain health monitoring that works from day one.
