A Spike in Spamhaus Listings: Here’s What HappenedLuke Martinez
On June 7, 2021 at 6:00 a.m. PST, Twilio SendGrid’s automated systems alerted us to a significant spike in Spamhaus listings. Spamhaus is the email industry’s most prominent and impactful email blocklist provider. A Spamhaus listing usually occurs when Spamhaus detects a significant amount of unwanted mail coming from an IP address and then adds that IP address to a list of known spam-emitting IP addresses.
However, this spike in listings impacted hundreds of our customers’ IP addresses, even blocking some customer mail during this time period. While investigating the Spamhaus listings, other email service providers also reported seeing an unprecedented spike in Spamhaus listings.
This made it clear that the listings were not the result of increased spam or malicious sending coming from Twilio SendGrid customers, nor did the listings only impact SendGrid customers.
Spamhaus has not made any public statement about the incident but has confirmed that the spike in listings was due to a change to its system that resulted in IPs being erroneously added to its blocklist. Spamhaus quickly rolled back the change and the issue was resolved almost immediately.
These excess listings were very short-lived and disappeared after just a few minutes, but there is still a good chance that Spamhaus blocked portions of senders’ messages during this time period. Messages blocked between 6:00 a.m. and 9:00 a.m. PST that reference Spamhaus as the reason for the block are almost entirely related to these short-lived, erroneous Spamhaus listings, and you can ignore them in almost all cases.
This incident caused a brief disruption in email delivery for many responsible and trustworthy senders. No one wants that. Least of all, Spamhaus.
It is important to remember that Spamhaus plays an integral role in protecting email as a viable form of communication.
Its track record as a reliable source for identifying malicious or unwanted email communications is impeccable, and we know it doesn’t take incidents like this lightly.
We’ll continue to monitor developments and do our best to keep our customers updated as we learn more.
While this incident was an unexpected consequence of changes made by a blocklist provider, legitimate blocklistings happen all the time. For more information on blocklists and email sending best practices, take a look at these resources: