When your Plesk server's IP address lands on a blacklist, outgoing email stops reaching inboxes — and the error messages your recipients see are confusing and alarming. Worse, many admins submit a delisting request and consider the problem solved, only to find themselves blacklisted again two weeks later because the root cause was never addressed.
This guide walks through the complete process: identifying which blacklists have flagged your IP, finding and stopping the spam source on your Plesk server, delisting from every major blacklist, and implementing the authentication and rate-limiting changes that prevent reblacklisting.
How to Know Your Plesk Server IP Is Blacklisted
Common symptoms include:
- Outgoing emails bounce with errors like
550 5.7.1 Message rejected due to spam content - Recipients using Gmail, Outlook, or Yahoo report your emails going to spam
- Postfix/Qmail mail queue grows but messages don't deliver
- You receive an NDR (non-delivery report) containing text like "blocked using zen.spamhaus.org"
Check your IP against major blacklists immediately:
# Replace with your actual server IP
SERVER_IP="203.0.113.10"
# Check against Spamhaus
dig ${SERVER_IP}.zen.spamhaus.org A +short
# Check against SpamCop
dig ${SERVER_IP}.bl.spamcop.net A +short
# Check against Barracuda
dig ${SERVER_IP}.b.barracudacentral.org A +shortA response of 127.0.0.x means you are listed. No response means you are clean on that list.
For a quick visual overview, use MXToolbox Blacklist Check (mxtoolbox.com/blacklists.aspx) — it checks your IP against 100+ blacklists at once.
Step 1: Find the Spam Source on Your Plesk Server
Submitting a delisting request before stopping the spam source is futile — you'll be relisted within days. Finding the source is the most important step.
Check Postfix Mail Logs
On Plesk servers running Postfix:
# Check for high-volume outbound senders
grep "status=sent" /var/log/maillog | awk '{print $7}' | sort | uniq -c | sort -rn | head -20
# Look for authentication errors (spam scripts guessing passwords)
grep "SASL LOGIN authentication failed" /var/log/maillog | tail -50
# Find which domains are sending the most mail
grep "from=<" /var/log/maillog | grep -oP 'from=<[^>]+>' | sort | uniq -c | sort -rn | head -20Check Plesk Mail Statistics
In Plesk → Tools & Settings → Mail Server Settings → Mail Queue. A large queue with messages all originating from one domain is a strong indicator of that domain being compromised.
Find PHP Scripts Sending Mail
Attackers often exploit vulnerable WordPress plugins or contact forms to send spam via PHP's mail() function, bypassing SMTP authentication entirely:
# Find PHP scripts that recently sent mail
find /var/www/vhosts -name "*.php" -newer /tmp/ref_time -exec grep -l "mail(" {} \; 2>/dev/null
# Check Plesk's mail script path logging
grep "script" /var/log/maillog | grep -v "^#" | tail -50Once you identify the offending domain or script, disable outgoing mail for that subscription in Plesk: Subscriptions → select domain → Mail → Change Settings → uncheck Activate mail service on this domain. Then work with the customer to clean the malware before re-enabling.
Step 2: Fix Email Authentication — SPF, DKIM, PTR
Missing or broken authentication records are the reason spam-filter operators blacklist IPs in the first place. Fix these before submitting any delisting request.
Set Up DKIM in Plesk
Go to Plesk → Tools & Settings → Mail Server Settings → check Enable DKIM spam protection system to sign outgoing email messages → Apply.
Verify each domain also has DKIM enabled per-domain: Subscriptions → domain → Mail → Mail Settings → check Use DKIM spam protection system to sign outgoing email messages.
Set Up SPF in Plesk
Go to Plesk → Tools & Settings → Mail Server Settings → SPF spam protection → enable Turn on SPF. Also ensure each domain's DNS zone has an SPF record. The default cPanel/Plesk SPF record for a domain hosted on the server is:
"v=spf1 +a +mx ip4:YOUR_SERVER_IP ~all"Set Up PTR (Reverse DNS) Record
A PTR record maps your server's IP address back to a hostname. Without it, many mail servers will outright reject your email. PTR records are set at the IP level, through your hosting or VPS provider (not in Plesk DNS).
Log into your VPS control panel (e.g., Hetzner, DigitalOcean, Vultr) and set the Reverse DNS (rDNS) for your server IP to match your mail hostname, e.g., mail.yourserver.com. Then verify:
dig -x YOUR_SERVER_IP +shortThis should return your server's mail hostname.
Step 3: Delist Your IP from Major Blacklists
With the spam source stopped and authentication fixed, submit delisting requests to each blacklist that has your IP flagged.
Spamhaus
Spamhaus operates the most widely-used blacklists. Go to check.spamhaus.org, enter your IP, and follow the removal links for each list (SBL, XBL, PBL). PBL listings are for dynamic/residential IPs — if your server IP is listed on PBL, you need to request removal by confirming it's a static server IP used for outbound email.
SpamCop
SpamCop listings expire automatically within 24 hours after spam reports stop. Focus on eliminating the spam source rather than submitting a removal request.
Barracuda
Go to barracudacentral.org/rbl/removal-request and submit your IP with a brief explanation of what caused the listing and what corrective actions you've taken.
Microsoft SNDS/JMRP (for Outlook/Hotmail delivery)
If your emails aren't reaching Outlook or Hotmail users, enroll in Microsoft's Smart Network Data Services at sendersupport.olc.protection.outlook.com and use their Junk Mail Reporting Program to delist your IP.
Step 4: Implement Outbound Spam Rate Limiting in Plesk
Even after delisting, your server needs safeguards to prevent reblacklisting. Plesk has built-in outbound spam protection that limits how many emails a domain can send per hour.
Go to Tools & Settings → Mail Server Settings → scroll to Limits for outgoing mail. Enable:
- Maximum number of messages per hour — set to 500 for shared hosting, higher for dedicated mail servers
- Maximum number of messages per day — set appropriate limits per your sending volume
- Notify administrator when the limit is exceeded — sends you an alert when a domain hits its limit
These limits trigger before a domain can blast thousands of spam messages per hour and get your IP blacklisted overnight.
Step 5: Consider Using an SMTP Relay Service
If your server IP has a poor reputation history, or if you send high volumes of transactional email, routing outbound mail through a dedicated SMTP relay service (SendGrid, Amazon SES, Mailgun, Postmark) eliminates the IP reputation risk entirely — your server IP is never exposed as the sending IP.
In Plesk: Tools & Settings → Mail Server Settings → Relay options → enable Switch on mail relay through the specified host → enter your relay provider's SMTP host, port, and credentials.
Managing Plesk email deliverability — especially after a blacklisting event — requires fixing multiple systems simultaneously. CloudHouse's team provides hands-on Plesk server management including blacklist delisting, authentication setup, and ongoing mail health monitoring.