Google Blacklisting: What It Is & How to Avoid It
Nothing devastates website traffic more than getting on Google’s bad side.
While SEO teams worry about changing algorithms and penalties, there’s another aspect of Google that tech teams should be aware of: the Google Blacklist.
Even if your site is available, Google Blacklisting prevents visitors from reaching it. And the results are catastrophic.
Sites on the Google blacklist can lose up to 95% of organic traffic.
Google blacklists about 10,000 sites a day. They take web security very seriously. Do you?
What Is a Google Blacklist?
Back in 2007, Google began their Safe Browsing program to help with the growing threat of malware, viruses and phishing sites. These bad actors unknowingly wreak havoc on visitor machines.
At the time, malicious attackers often used drive by downloads to infect a visitor’s machine. These attacks easily infected machines since only visiting a page started the process. A download initiated in the background adds malicious software without their knowledge.
Google estimates that it protects 3 billion devices a day with its Safe Browsing program. Your web browser connects to Google’s Safe Browsing API. If you try to access a site on the blacklist, you’ll receive a warning screen.
Visitors can proceed to your site, but Google doesn’t make it easy.
The Safe Browsing Index is Google’s Blacklist. It includes web addresses of sites that Google caught with its Safe Browsing Technology.
Google’s proprietary technology crawls webpages to determine which ones are unsafe based on their criteria. They also review submitted reports of unsafe and safe sites.
How is a Google Blacklist Different Than Other Blacklists?
Most blacklists look at email activity. If your domain sends lots of spam email, then inclusion on a blacklist severely impacts email deliverability. (Just open your spam or junk folder on any given day. Many of these email senders are on a blacklist.)
There are tons of email blacklists. Some are run by ISPs, and others by third-parties.
ISPs regularly set up fake email addresses called spam traps. If you send mass email to these spam traps, your domain gets added to a blacklist.
Pro Tip: Add a Domain Blacklist Check in Uptime.com to find out if your domain is blacklisted.
What Criteria Does Google Use for Their Blacklist?
According to Google, there are three major types of threats that Google Safe Browsing strives to protect web browsers from:
- Social Engineering (phishing)
- Unwanted Software (separate from malware)
Each of these issues will generate different warning screens depending on your browser. If your site is on Google’s naughty list, you can navigate to your site and use the error message to decode the reason.
We’ll discuss the malware and unwanted software criteria together.
Pro Tip: Uptime.com uses the Google Safe Browsing Index for Malware/Virus Checks. Set up a check to continually monitor your site for new problems.
Social Engineering/Phishing Sites
According to Google, there are three types of social engineering:
- Deceptive Content
- Third-Party Services (not labeled properly)
It’s unclear what the difference is between phishing and deceptive content. Both pretend to be an official representative of an account you actually have. Once you click a link (usually delivered by email), a fake login screen appears. The attackers the information you provide to gain access to your accounts.
Third-party services include organizations that run sites on behalf of another but don’t clearly label the relationship (insufficient labeling). For example, if a company manages reservations for a hotel via an online system and doesn’t label it properly, Google will blacklist the site. In other words, Google sees these sites as pretending to be the company they represent.
This is where many legitimate sites run into problems. If your site is safe but access is blocked, report the issue to Google.
When you attempt to access a suspected social engineering site that’s been blacklisted by Google, one of the following error messages appears on a red screen (Safari uses a white screen):
- Deceptive Site Ahead
- Website Request Forgery
- Suspected Phishing Site
Malware/Unwanted Software Sites
Malware has becoming an increasingly significant problem over the past several years. Since the explosion of IoT and connected devices, it’s easy for hackers to gain access to unprotected networks and install harmful software.
Google’s definition of Unwanted Software is a little more broad.
Characteristics of unwanted software include:
- Hard (or impossible) to remove
- Collects or transmits private information without knowledge or consent
- Pretends to be something it’s not
- Bundled with other software but not listed as part of the package
- Causes system problems
- Tricks you into installing it
Unwanted software often does things like switch your browser’s homepage or adds a search bar.
Error messages for malware or unwanted software include:
- Suspected malware site
- This site has been reported as unsafe
- Danger! Malware Ahead!
- The site ahead contains harmful programs
- The site ahead contains malware
- Reported Attack Page!
How to Get Off the Google Blacklist
Clicking on the Details link in Google’s red screen of death will give you technical information about the reason for blacklisting.
If your site is blacklisted for social engineering issues, head over to Google Search Console.
First, verify the site owners in the Settings menu. If any new owners appear, unverify them right away. Delete the unauthorized user.
After that, scroll to the Security & Manual Actions menu. Click on Security Issues. This is where your specific security problems appear.
After reviewing the list, remove the offending content or software. Be sure to check third-party content, such as ads, too.
Other issues include technical problems like invalid or expired SSL certificates or DNS record issues.
If third-party services are the problem, use Google’s Third-Party Service Guidelines to correct the issue.
Remove malware from your site.
For unwanted software, review Google’s Unwanted Software Policy. Next, make changes to your software to correct the issues. If that’s not possible, eliminate the offending software from your site.
After that, rescan your site to make sure everything is working properly.
Once everything is fixed, request a review from Google. Your site will be up and running in about 72 hours.
For repeat offenders, Google reviews sites once every 30 days, no matter how often you request it.
Pro Tip: To avoid getting blacklisted for technical errors, create SSL and DNS Checks in Uptime.com for notifications of expiring certificates and record changes.
Stay Off of Google’s Blacklist With Ongoing Monitoring
The best way to avoid Google Blacklisting is to monitor your site.
In addition to checking site availability, we recommend the following checks:
- Domain Blacklists
- WHOIS/Domain Expiry (for site ownership changes)
To sum up: proactively monitoring your site prevents ongoing problems and massive traffic loss.
Minute-by-minute Uptime checks.
Start your 21-day free trial with no credit card required at Uptime.com.