Guide to Disavowing  Links

Disavowing links is an advanced SEO tool that can make a big difference in the right circumstances.

Unfortunately, I’ve seen people use it as a panic button, and I’ve seen others dismiss it as no longer necessary. It still has its place in many scenarios, especially as the internet continues to age. More and more sites are now approaching 20 years old, which is a lot of time to build up bad links.

For most sites, most of the time, you shouldn’t even be thinking about this. Google’s pretty smart. But in a few very specific, high-stakes situations, knowing how and when to disavow links is critical. This post is my definitive guide on how to do it right, based on years of cleaning up backlink messes.

What is a Disavow File?

The disavow file is a simple text file you give to Google that identifies bad links and linking domains to your site. You upload it through Google Search Console as a .txt file in a specific format, and it tells Google you don’t endorse certain backlinks and don’t want them counted when they evaluate your site.

It’s a powerful, advanced tool. You’re effectively telling Google you know better than its algorithm. It’s not something to play around with, and doing it wrong can cause serious damage.

When to Disavow Links

Google clearly mentions that most sites do not need to use the disavow tool. So the first step is to understand if and why you should consider it. It’s not a standard checkbox on your SEO task list, its a specialized tactic and is usually not necessary.

John Mueller and other Googlers have explained that their algorithms are now sophisticated enough to recognize and devalue spammy links on their own. They believe your time is better spent on creating good content—and they’re mostly right. For the average site, this holds true. You don’t need to obsess over every weird link that pops up in your Ahrefs report.

Despite Google’s advice, there are times when stepping in is not just a good idea, but the only move you have. I only recommend a disavow in a few scenarios.

Manual Action Alerts

This one is not up for debate. If you log into Google Search Console and see a message about “Unnatural links to your site,” you have a manual penalty. A human at Google has reviewed your site and flagged it.

At this point, a disavow is mandatory for recovery. There is no other way.

You’ll need to:

1. Hunt down all the toxic links you built or bought.
2. Try to get them removed manually (document everything).
3. Disavow every single link you can’t get taken down.
4. Submit a detailed Reconsideration Request explaining exactly how you cleaned up the mess.

Negative SEO Attacks

This is when a competitor or malicious actor tries to tank your rankings by pointing thousands of garbage links at your site. It’s a real thing, and I’ve seen it happen.

The signs are usually obvious if you know where to look: a sudden explosion of links from spam/scam sites: adult sites, online casinos, or PBNs, all using suspicious, exact-match anchor text.

Google claims it can ignore these attacks, I believe it’s a case where the sooner you alert the algorithm the better. It’s about protecting your asset and neutralizing a threat as quickly as possible, before it gets out of hand.

Bad SEO Advice in the Past

The SEO industry unfortunately has a large number of consultants that offer black hat advice, and many sites have at one time or another gained rankings in ways that are frowned upon using approaches like paid links, article directories, comment spam among other similar things. Maybe you did it, or maybe you hired an SEO agency or consultant who did.

If you know you have a history of building links that violate Google’s guidelines, cleaning house can be a smart, proactive move. This is a “maybe” situation. If you aren’t penalized and your performance is strong, you might not want to poke the bear. But if you’re feeling the heat from algorithm updates or are in a cutthroat niche, a proactive cleanup can be a powerful long-term strategy. It requires a careful, expert audit.

Creating the Disavow File

If you’ve hit one of the thresholds above, here’s my no-mistakes process for creating and submitting your file.

Step 1: Compile a List of All Linking Domains

First, you need a complete list of your backlinks. Pull exports from Google Search Console, Ahrefs, Semrush, and Moz. Combine them in a spreadsheet and remove duplicates. I always start with Google Search Console as it’s the true source.

1. Open Search Console for the property.
2. Navigate to Links > Top linking sites (under External links).
3. Click the Export External Links icon.
4. Choose the More sample links option (CSV format).
5. The export may include URLs, not just domains—manually extract root domains or use a script to isolate them.

Save this list as your base dataset, and be sure it’s deduplicated by domain.

Step 2: Identifying Bad Linking Domains

Manual review is best, but for sites with 10,000+ linking domains it’s not realistic. Here’s how to semi-automate your filtering process.

Cross Reference with SEO Tools

SEMrush, Ahrefs, or similar tools provide datasets of toxic or low-quality domains. Export backlink domains flagged as toxic and compare them to your GSC export.

Important: These tools often report false positives. Never blindly trust their scoring systems.

SSL Validation Check

Most spam domains don’t have a valid SSL cert. Filter your list to only include https:// root domains, then run a script to verify SSL validity.

Use a headless browser like Puppeteer or a CLI tool like curl with --head to detect certificate errors. For thousands of linking domains I create a bash script that will use the openssl command to check all domains in batches of 100 simultaneously. This handles a large list of 10,000 or more in a short amount of time (mins not hours).

Filter by TLD

Consider discarding domains with suspicious TLDs. The most common ones used for spam include:

• .cf (Central African Republic)
• .ml (Mali)
• .ga (Gabon)
• .gq (Equatorial Guinea)
• .tk (Tokelau)

These TLDs are free and frequently abused. But be cautious and verify that your site doesn’t actually have legitimate ones. For many organizations if your primary audience is in the US only it’s generally safer to do this.

Cross-reference Known Spam Lists

Use public lists like ScrubMX’s GitHub spam domain list. Cross-match your domains and flag any matches.

Final Manual Check with Puppeteer

I always finish with a visual pass. Even after filters, I often find legit-looking sites that seem fake.

Use a Puppeteer script to:

1. Visit each remaining domain.
2. Take a full-page screenshot.
3. Save them to a folder for quick review.

This makes it fast to scroll through and tag questionable domains at a glance as images in a single folder.

Step 3: Formatting the Disavow.txt File

The formatting has to be perfect, or Google will reject it. It’s simple, but don’t mess it up.

• It must be a .txt file. Not a Word doc, not a Google Sheet.
• It must be UTF-8 or 7-bit ASCII encoded (your standard text editor will do this by default).
• One URL or domain per line.
• Use domain: to disavow an entire domain. This is what you should do 99% of the time. It’s more efficient and thorough.
• Use a hash symbol (#) to leave comments for yourself. Google ignores these, but they’re invaluable for keeping track of your work.

Here’s a perfect example. Format your file just like this.

# Reached out to site owner on 2025-06-10 to request removal. No reply.
domain:spammy-pbn-site.com

# Obvious negative SEO from a network of casino sites.
domain:shadycasinonetwork.org
domain:gambling-spam-link.net

# Disavowing a single hacked page on a site that is otherwise okay.
# This is a rare use case.
https://www.someones-hacked-blog.com/buy-viagra-here.html

Step 4: Submit Your File to Google

Once your .txt file is saved and ready, it’s time to upload it.

1. Navigate to the Google Search Console Disavow Tool. Bookmark this link; it’s hard to find otherwise.
2. Choose the right property from the list. Double-check this. You don’t want to disavow links for the wrong site or the wrong version (http vs https).
3. Google will show you a scary warning page. Read it, take a deep breath, and click Upload disavow list.
4. Select your .txt file and submit it.

You’re done. There’s no confirmation email. The file is now associated with your property, and Google will factor it in as it re-crawls the web. This can take weeks, sometimes months.

Common Mistakes to Avoid

I’ve been hired to fix disavow files that have done more harm than good. Don’t make these mistakes:

• Disavowing Good Links: The #1 error. Someone panics and disavows any link from a site with a low Domain Authority score, accidentally removing links that were actually helping.
• Screwing Up the File Format: Using a .csv or adding syntax errors will make the file invalid.
• Disavowing “Just in Case”: If you don’t have a manual action or clear evidence of an attack, don’t use this tool. You’re creating a solution for a problem that doesn’t exist.
• Expecting Instant Results: A disavow is not a light switch. It takes time for Google to process. Be patient.

Conclusion

The bottom line is this: the disavow tool is a scalpel, not a sledgehammer. It’s meant for specific, serious problems.

Your day-to-day SEO focus should always be on quality—creating great content, building a fantastic user experience, and earning powerful links. But if you find yourself in one of the tough situations I outlined above, don’t be afraid to use the tool. Just be careful, be methodical, and do it right.