Did Your Site Get Blacklisted by Norton Safe Web?

One of my sites was blacklisted by Norton Safe Web last week. A client’s site was blacklisted two days after launch. Both have no malware and are not blacklisted anywhere else – a sure sign that Norton is doing something very different than all the other blacklisting services.

Here’s how Norton describes their ‘service.’ While I’m sure there are legitimate flaggings going on, the only ones I’ve encountered so far are not. Sucuri confirms that Norton is sending out ‘false positives’ in a chat I had with them today:

‘Regarding the Norton blacklist alert, Norton systems have been flagging a lot of false positives lately.’

One of my clients first reported this problem about about a month ago. Despite not being on any other blacklist, and having her site cleaned by Sucuri repeatedly and verified to have no malware whatsoever, she remains on Norton’s blacklist. Here’s what her site profile on Norton Safe Web says:

‘This is a known dangerous web page. It is highly recommended that you do NOT visit this page. The threat categorization is not complete & details will be added soon.’

So if your site is blacklisted by Norton and a potential customer is running some form of Norton’s security software, when they visit your site they will see a warning like the one above. They will most likely choose to avoid your business as a result.

Improperly flagging a site without due process can harm the business and doesn’t help anyone except Norton. No one should blacklist without due process, and unless they offer a reasonably fast and easy removal process for improperly flagged sites.

What Can You Do?

Here are the steps required to request (but not necessarily receive) a review from Norton to get your site off their list.

1. When you go to their report for your site you’ll see the link for ‘Site Owner? Click Here.’

2. You’ll see a menu of choices. If you click on ‘Do you think your web site’s rating is inaccurate,’ you’ll see this: ‘Please note that your site needs to be registered and site ownership verified to get the site re-evaluated.’ It goes on to say:

If you feel that your Web site has been given a rating by Norton Safe Web that is inaccurate, you can easily request a re-evaluation following these steps:

  1. Sign in to your Norton Safe Web account.
  2. On the “site dispute” tab, click the “Re-evaluate my site” link next to your Web site name. You can raise your concerns and issues regarding content on your Web site here.

The “site dispute” tab lists any threats detected on your site. You must remove these threats from your site.

3. You are required to sign up for NortonLifeLock and join their Safe Web community and create a display name.

LifeLock is an identity protection company that many of us were signed up for in the wake of the credit reporting agencies’ personal information theft debacle. If you were one of those signed up and later tried to leave LifeLock, you know that they make it extremely difficult, time-consuming, and onerous to remove yourself from their services.

4. When you go back to your site’s report page, you can click on Add Site under Site Dispute and then will have to verify that you actually own it. To do this you’ll have to either upload the supplied HTML file to your site or add a meta tag to your site header. I chose to get the HTML file, but I don’t think it matters which one you do.

5. Once you do one of the above (HTML file or meta tag) click ‘Verify Now.’ During this step, I got this message: ‘The Norton Safe Web site is unavailable. Please try again later.’


6. When I could see the profile page again my site was verified. Click on ‘re-evaluate my site.’

7. You’ll see that the language is broken, looks like a scam email rather than a legitimate company: ‘Please provide re-evaluation reason for each reported threats and proceed to click on Submit button.’  There was no space to provide any reasons or comments, at least not for my submission.

8. After you click the Submit button you should see your site and a ‘re-evaluation in progress’ message under Status.

That’s it for now – I’ll report back when I get a response.

EDIT: An email from Norton says it takes 2 weeks for a re-evaluation. Don’t hold your breath – one of my colleagues has had a clean site blacklisted for 9 months – 3 attempts to contact Norton have been met with complete silence.

If you work with Sucuri (recommended if you know you have a legitimate malware issue, they are great) they submit a request to all blacklisting databases once their cleanup work is complete. But my client has been on Norton’s list for almost a month now. Even Sucuri is having problems getting false positives removed from Norton Safe Web, it seems.

Also – Norton began sending me ads the day after I registered on their site to request removal.