Reputation Monitor
Complete guide to VistoShield Reputation Monitor — domain blacklist checking, status change detection, remediation steps, and notification setup.
Overview
Reputation Monitor checks your domain against 12+ major blacklist and reputation providers to detect listings that could harm your email deliverability, search engine rankings, and visitor trust. The module uses real DNS-based blackhole list (DNSBL) lookups for providers that support it — the same technique email servers use to filter spam.
Why domain reputation matters:
- Email deliverability — Blacklisted domains get emails rejected by mail servers or sent straight to spam folders.
- Search engine rankings — Google Safe Browsing flags can trigger browser warnings and drop your site from search results.
- Visitor trust — Browser security warnings scare away visitors and damage your brand reputation.
- Business revenue — E-commerce sites lose sales when payment processors or browsers flag the domain.
Installation & Setup
- Install the plugin — Install from the WordPress plugin directory by searching for “VistoShield”, or upload the ZIP file via Plugins → Add New → Upload Plugin.
- Activate — Activate the plugin and enable the Reputation Monitor module from the VistoShield dashboard.
- Navigate to the dashboard — Go to VistoShield → Reputation Monitor in the WordPress admin menu, or view it in the cloud dashboard.
- Run your first check — Click the “Check Now” button. The module will query all 12+ blacklist providers and display the results.
- Configure notifications — Go to Settings and enable email alerts for listing and delisting events.
Dashboard
The Reputation Monitor dashboard provides a real-time overview of your domain’s blacklist status.
Overall Status
The overall status is either Clean (not listed on any provider) or Listed (found on one or more blacklists). The status badge is colour-coded: green for clean, red for listed.
Stats Cards
| Card | Description |
|---|---|
| Overall Status | Clean or Listed — aggregated across all providers |
| Clean | Number of providers that report your domain as clean |
| Listed | Number of providers where your domain is currently listed |
| Providers | Total number of blacklist providers checked |
Provider Results Grid
Each provider displays a status indicator:
- Clean (green) — Your domain is not listed on this provider.
- Listed (red) — Your domain was found on this blacklist. Immediate action recommended.
- Error (amber) — The check could not be completed (DNS timeout or provider unreachable).
Providers Checked
Reputation Monitor checks your domain against the following providers:
DNS-Based Blacklists (DNSBL)
These providers use real-time DNS lookups. The module queries <yourdomain>.<blacklist-zone> and checks for a positive DNS response, which indicates a listing.
| Provider | Zone | Description |
|---|---|---|
| Spamhaus DBL | dbl.spamhaus.org | Domain Block List — one of the most widely used blacklists by mail servers globally. Lists domains found in spam emails. |
| SURBL | multi.surbl.org | Multi-source URI blacklist that aggregates data from multiple spam traps and sources. |
| SpamCop | bl.spamcop.net | Community-driven blocking list based on user spam reports. Listings expire automatically after reports stop. |
| Barracuda | b.barracudacentral.org | Barracuda Central reputation system used by Barracuda appliances and other mail filters. |
| URIBL | multi.uribl.com | Real-time URI blacklist that checks domains appearing in email message bodies. |
Web Safety Providers
These providers check your domain against malware, phishing, and web safety databases. Currently checked via simulated lookups (API integration planned for future releases).
| Provider | Description |
|---|---|
| Google Safe Browsing | Google’s database of unsafe web resources including malware and phishing sites |
| McAfee | McAfee SiteAdvisor web reputation ratings |
| Sucuri Labs | Security-focused malware and blocklist checking |
| ESET | ESET threat intelligence database |
| PhishTank | Community-operated phishing URL verification database |
| Yandex | Yandex Safe Browsing system |
| Opera | Opera browser built-in security checks |
How DNS-Based Checking Works
DNS-based blackhole lists (DNSBLs) work by publishing listed domains as DNS records. To check if a domain is listed:
- The module constructs a DNS query:
yourdomain.com.dbl.spamhaus.org - If the query returns an A record (typically
127.0.x.x), the domain is listed - If the query returns NXDOMAIN (no record), the domain is clean
This is the same method that mail servers (Postfix, Exim, etc.) use to check incoming email. It is fast, reliable, and requires no API keys.
dns_get_record() function. No shell access or external libraries are required, so it works on any hosting environment including shared hosting.
Remediation: What to Do if Listed
If your domain appears on a blacklist, follow these steps to remediate:
1. Identify the Cause
- Run a malware scan using the VistoShield Security Scanner module
- Check your email sending practices — are you sending bulk email from this domain?
- Review recent security events in the Activity Log for signs of compromise
- Check if your server IP address is also listed (IP blacklists are separate from domain blacklists)
2. Fix the Issue
- Remove any malware or phishing content from your site
- Change all compromised passwords (WordPress admin, FTP, database, hosting panel)
- Update all plugins and themes to their latest versions
- Review and clean your email sending lists if applicable
3. Request Delisting
| Provider | Delisting Process |
|---|---|
| Spamhaus DBL | Visit check.spamhaus.org and follow the removal process. Requires demonstrating the issue is fixed. |
| SURBL | Listings expire automatically. Contact surbl.org if urgent removal is needed. |
| SpamCop | Listings expire automatically within 24–48 hours after spam reports stop. |
| Barracuda | Submit a removal request at barracudacentral.org/lookups. |
| URIBL | Contact [email protected] for removal requests. |
| Google Safe Browsing | Use Google Search Console to request a review after cleaning your site. |
4. Verify Delisting
After requesting removal, use the Check Now button in Reputation Monitor to verify the listing has been removed. Some providers may take 24–72 hours to process removal requests.
Notification Setup
Configure notifications in the Settings tab to receive alerts for reputation changes.
Available Notifications
| Notification | Description | Default |
|---|---|---|
| Listed alert | Sends an email when your domain is newly listed on any blacklist provider | Enabled |
| Delisted alert | Sends an email when your domain is removed from a blacklist | Enabled |
| Error alert | Sends an email when a check fails due to DNS timeout or provider error | Disabled |
Alert Email
By default, alerts are sent to the site admin email address. You can override this in Settings by entering a custom email address in the Alert Email field.
Settings Reference
| Setting | Description | Default |
|---|---|---|
| Enable monitoring | Toggle reputation monitoring on or off for this site. | Enabled |
| Check frequency | How often automated checks run. Options: every 6 hours, every 12 hours, daily. | Every 6 hours |
| Alert email | Email address for reputation alerts. Leave blank for site admin email. | Site admin email |
| Notify on listing | Send email when domain is added to a blacklist. | Enabled |
| Notify on delisting | Send email when domain is removed from a blacklist. | Enabled |
| Notify on errors | Send email when a provider check fails. | Disabled |
Technical Details
Pure PHP Implementation
Reputation Monitor is built with native PHP functions and requires no shell access:
| Function | Purpose |
|---|---|
dns_get_record() | Query DNS blacklist zones for domain listings (DNSBL lookups) |
parse_url() | Extract the domain name from the site URL |
Database Tables
| Table | Purpose |
|---|---|
reputation_checks | Current status per provider per site (one row per provider) |
reputation_history | Audit log of status changes with timestamps and old/new values |
reputation_summary | Aggregated summary per site (total providers, clean count, listed count, overall status) |
Cron Schedule
Automated reputation checks run via the VistoShield cron system. The /api/cron/reputation-check endpoint iterates through all active sites and performs a full blacklist check. The default schedule runs every 6 hours.
Rate Limiting
Manual checks via the Check Now button are rate-limited to one check per hour per site using Redis. This prevents excessive DNS queries that could result in your server being rate-limited by blacklist providers.
FAQ
- What if I get a false positive?
- Some blacklists occasionally list domains incorrectly. If you believe the listing is a false positive, follow the delisting process for that specific provider. Most providers have a dispute resolution process.
- Why are some providers marked as “simulated”?
- Providers like Google Safe Browsing, McAfee, and others require API keys or use proprietary checking methods. These are currently simulated (always return clean) and will be replaced with real API integrations in future releases.
- How often should I check my reputation?
- For most sites, every 6 hours is sufficient. If you send a high volume of email or have recently had a security incident, consider checking more frequently using the manual Check Now button.
- Does this check my IP address too?
- Currently, Reputation Monitor checks domain-based blacklists only. IP-based blacklist checking is planned for a future release.