Spamhaus rules block all mail or nothing

This article applies to:

  • Trustwave MailMarshal/SEG
  • Spamhaus reputation service (DNS block list)


  • Rules using the Spamhaus service block every message, even though the sources are not listed.
  • Rules using the Spamhaus service do not block any messages, but a manual lookup using the Spamhaus lookup tool shows the IP addresses of message sources are listed.


  • Spamhaus lookups fail if you directly use a public DNS server such as Google ( in MailMarshal.


See the Spamhaus FAQ page, and in particular note the following response:

Check what DNS resolvers you are using: If you are using a free "open DNS resolver" service such as the Google Public DNS or large cloud/outsourced public DNS servers, such as Level3's or Verizon's, to resolve your DNSBL requests, in most cases you will receive a "not listed" (NXDOMAIN) reply from Spamhaus' public DNSBL servers. We recommend using your own DNS servers when doing DNSBL queries to Spamhaus.


Configure MailMarshal/SEG to use a local DNS server.

  • Trustwave has always recommended use of a local DNS server as best practice for responsiveness in mail delivery and other lookups.

Last Modified 11/17/2022.