SURBL Blacklist Removal
Choose the right next step:
Content reviewed July 13, 2026.
By DrGlenn — USA-based WordPress security specialist· 290+ cleanups across 34 countries· Updated June 22, 2026
Is SURBL blocking your website?
If your site is listed by SURBL — your domain on the SURBL multi list, flagged AB (abuse), PH (phishing), or MW (malware) — it usually means it was hacked or abused at some point. Here is how to get cleaned up and delisted.
Step 1 — Make sure the site is actually clean
Requesting delisting while the problem is still live just gets you re-listed. Check first:
- Run my free Is My Site Hacked? checker.
- Cross-check on VirusTotal.
If anything turns up, get it fully cleaned first — removing the visible malware is not enough if a backdoor remains.
Step 2 — Request delisting from SURBL
SURBL takes delisting requests via the form linked from its lookup result. Start here: surbl.org/lookup
- Look up your domain at surbl.org/lookup and note which sub-list (AB/PH/MW) flagged it.
- Fix the root cause — clean the hacked/phishing/malware content and secure the site.
- Use the removal form linked from the lookup result, documenting exactly what you found and fixed.
- Save the ticket number returned.
- Allow 24–48h for delisting to propagate.
Good to know: SURBL lists websites/URLs that appear in spam, not senders — your domain can be listed even if you do not send email. Only the official ticket form gets requests handled.
Step 3 — If it keeps coming back
A listing that returns means the infection or abuse was never fully resolved — usually a backdoor, a rogue admin, or malware in the database. As a USA-based WordPress security specialist I remove it completely, submit the delistings for you, and harden the site so it stays clean.
Get my site cleaned · See how it works · read my client reviews.
More guides: Netcraft, SORBS, Microsoft Defender SmartScreen · all blacklist & antivirus guides · full report-link directory.
Evidence to include with a SURBL review
SURBL listings can originate from URLs found in message traffic. Record the listed domain, the lookup result, recent mail or link-abuse evidence and the remediation completed before requesting review.
- Save the exact detection and affected URL or file hash.
- Rule out a real infection and document what was checked or cleaned.
- Use the current official route shown above and keep the case number.
- Retest after the vendor confirms its review.