TODO check and link (de)listing policy NOGO: delisting for money how long does automatic delisting take? 7d is already quite long anything >7d seems excessive and should probably not be used check and link usage policy check and link return codes find newsfeed or mailinglist give feedback? implement in exim implement in SA implement in rspamd 00_META https://bugs.launchpad.net/ubuntu/+source/amispammer/+bug/835614 http://www.blalert.com/dnsbls http://www.dnsbl.info/dnsbl-list.php http://dnsbl.inps.de/index.cgi?lang=en&site=00002 http://www.sdsc.edu/~jeff/spam/cbc.html http://moensted.dk/spam/ https://whatismyipaddress.com/blacklist-check https://multirbl.valli.org/ https://glockapps.com/blacklist/ https://docs.hetrixtools.com/monitored-blacklists/ https://www.blacklistmaster.com/ https://knowledge.validity.com/hc/en-us/sections/204468388-Blocklists https://github.com/zbetcheckin/DNSBLs https://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists https://www.impressionwise.com/kb/threats/rbl-advisories.html 00_ELANG http://dnsbl.aspnet.hu/ hungarian? http://spam-rbl.fr/ french https://mav.com.br/ maybe? they have antispam but it’s all portugese? or spanish? no idea 00_DEAD http://openrbl.org/ as seems dead 404s wiki is down http://mailhosts.org/ dead https://www.blalert.com/dnsbl/shortlist.mailhosts.org blitzed.org dead since 2006 https://www.dnsbl.com/2007/02/status-of-opmblitzedorg-dead.html referenced ML post is 404 blackholes.five-ten-sg.com Offline as of 1/1/2013 https://whatismyipaddress.com/five-ten-sg dynip.rothen.com On 9/29/2020 the ROTHEN blacklist appears to have started to list the entire internet https://www.dnsbl.info/dnsbl-details.php?dnsbl=dynip.rothen.com fl.chickenboner.biz dead since 2011 https://community.spiceworks.com/topic/329762-blacklist-removal https://bugs.launchpad.net/ubuntu/+source/amispammer/+bug/835614 website contains spam/crap http://cart00ney.surriel.com/ cart00ney.org is dead http://dsbl.org/ points to surriel.com http://csma.biz/ domain is for sale dead since 2013 https://www.dnsbl.com/2013/02/status-of-blcsmabiz-dead.html http://dnsbl.net.au/ website contains info about living in australia? called "AusBlog" http://www.dnsbl.com/2009/04/status-of-dnsblnetau-dead.html http://moensted.dk/spam/ dead since 2010 https://moensted.dk/spam/ http://rbl.mw-internet.net/ domain was parked 2023: it is an asian(?) gambling(?) website http://www.blackholes.us/ dead since 2009 https://www.dnsbl.com/2009/10/status-of-blackholesus-dead.html http://www.deadbeef.com/ dead, no info spamsources.dnsbl.info dead since 2011 or so http://www.dnsbl.info/spamsources-dnsbl-defunct.php http://www.gweep.ca/ domain dead, no other info http://www.njabl.org/ dead since 2013 https://en.wikipedia.org/wiki/Not_Just_Another_Bogus_List http://wytnij.to/ website parked, no other info https://www.transip.nl/ dead since 2013 https://www.blalert.com/dnsbl/proxy.block.transip.nl https://www.blalert.com/dnsbl/residential.block.transip.nl pss.spambusters.org.ar NXDOMAIN rbl.snark.net NXDOMAIN https://snark.net/ gives access denied whois.rfc-ignorant.org NXDOMAIN rfc-ignorant.org registered but no A/AAAA record dead since 2012 http://www.h-online.com/security/news/item/RFC-Ignorant-org-blacklist-closes-down-1724814.html https://www.dnsbl.com/2012/09/status-of-rfc-ignorantorg-shutting-down.html will-spam-for-food.eu.org unmaintained dead https://rfc1149.net/blog/2012/01/22/who-did-resurrect-will-spam-for-food/ http://proxybl.org/ dead, seemingly written on http://proxybl.org/blog but that’s also dead https://linuxreviews.org/Mail_Spam_Blacklists https://community.sophos.com/utm-firewall/f/web-server-security/50273/dnsbl-proxybl-org-offline dev.null.dk timeout, also on the parent null.dk effectively dead dnsbl.mags.net seems dead, no info to be found domain does not respond http://msrbl.blogspot.ch/ http://msrbl.blogspot.com/ says "no updates" since 2010 but supposed to be reactivated effectively dead http://www.olsentech.net/ strange content on web effectively dead rbl.orbitrbl.com http://www.orbitrbl.com/ timeout rbl.polarcomm.net NXDOMAIN registered but no A/AAAA record cidr.bl.mcafee.com https://kc.mcafee.com/corporate/index?page=content&id=KB53783 404 no info to be found dead? http://anti-spam.org.cn/?locale=en_US unreachable DNS rbl.talkactive.net seems dead talkactive.net redirects twice to some hosting company last listings in 2017 https://multirbl.valli.org/detail/rbl.talkactive.net.html https://www.blacklistmaster.com/blacklists?view=details&blacklist=rbl.talkactive.net dnsbl.ipocalypse.net no policies published dead was a private list of an irc network network was renamed idlechat.net in 2014 became a discord chat in 2022(?) http://blakjak.net/RBL external access disabled 2023: seems dead, website is a weird error https://www.blalert.com/dnsbl/rbl.blakjak.net This is a private list that we do not monitor as the maintainer has explicity announced that the list is for his personal use http://cyberlogic.net/ french (canada) https://www.dnsbl.info/dnsbl-details.php?dnsbl=dnsbl.cyberlogic.net On or about 5/21/2018 the cyberlogic DNSBL ceased functioning properly. https://www.dnsbl.com/2018/05/ As reported on the mailop mailing list on Friday May 25, 2018, the blocking list at dnsbl.cyberlogic.net now contains a "wildcard" DNS entry, effectively listing the entire internet http://www.rbl.jp/allrbl-e.html website asks for login or just errors http://www.spamhauswhitelist.com/en/ looks like a parked domain with ads http://stopspam.org/rblcheck/index.php aka dul.pacifier.net http://www.stopspam.org/rbl-info/ stopped in 2013 http://countries.nerd.dk/ unable to connect, also for nerd.dk http://dul.ru/dul.en.html DEAD for sale http://dns.measurement-factory.com/surveys/openresolvers.html dead »The following text describes past open DNS resolver surveys and an associated DNS lookup service that has been long shut down« http://www.sectoor.de/tor.php timeouts http://anticaptcha.net/ for sale http://blacklist.lashback.com/ query zone: ubl.unsubscore.com provider’s website https://lashback.com/ seems alive and active (news entries from 2023) but does not link to the blacklist rsync URLs seem dead, so does the download url http://blacklist.woody.ch/ no entries in the displayed "top 100" may have been absorbed into the swinog blacklists, see antispam.imp.ch http://cbl.abuseat.org/ https://www.abuseat.org/ changes to the CBL that occured in January 2021. In short, the CBL infrastructure was replaced by the Spamhaus XBL structure http://dnsbl.burnt-tech.com/ domain is for sale http://rbl.dns-servicios.com/rbl.php website can not be found http://spamcannibal.org/ dead, as of at least 2018 http://st.technovision.dk/ https://docs.hetrixtools.com/st-technovision-dk-inactive-removed/ [December 8, 2021] This RBL has stopped responding to DNS queries. http://spamstinks.com/ cert is for generic hostname website shows some login form http://virbl.bit.nl/ https://www.rollernet.us/2017/01/shutdown-of-virbl-dnsbl-bit-nl/ January 23, 2017: »The Virbl-project site has been replaced by this static message to inform those that find their ways here. The Virbl DNSBL-zone was emptied and will be removed all together at a moment further on in the future.« http://www.blocklist.de/en/index.html lots of timeouts as of 2023 forum link is dead, among others seems unmaintained but alive latest news is from 2016 latest blog entry from 2022 Abusix, a network security company for mail security and abuse report handling, takes over blocklist.de to integrate it within its Abusix platform to further improve its data quality. http://www.emailbasura.org/cgi-bin/emailbasura-ini.pl?lang=eng placeholder/parked? http://www.leadmon.net/spamguard/ website times out http://www.srntools.com/blacklist/ redirects to comodo.com subdomain where I can’t find any information about a DNSBL https://bl.konstant.no/ https://docs.hetrixtools.com/bl-konstant-no-unresponsive-removed/ [July 29, 2022] This RBL has become unresponsive, and we’ve removed it from our system until it returns to functioning normally again. https://www.megarbl.net/ connection times out https://www.blalert.com/dnsbl/rbl.megarbl.net »This blacklist is marked as inactive and is not being checked at the moment. We will be tracking it to see if it goes to normal again.« https://www.kisarbl.or.kr/ can’t find information about it website redirects to https://spam.kisa.or.kr/ which gives a 404 https://www.abuse.ch/ old, defunct link: https://www.abuse.ch/?tag=httpbl does not seem to have a DNSBL (anymore) might be incorporated into spamhaus? does host other databases about threats https://puck.nether.net/or/ website is dead 00_NEEDS_RECHECK https://antispam.imp.ch/ no usage policy no return code info no good listing policy information received from inquiry to provider website will be updated return codes dnsrbl.swinog.ch and uribl.swinog.ch (holding time increases with hits) 127.0.1.8 = default 127.0.0.10 => TRAP (Email sent to a spamtrap) 127.0.0.11 => REPO (Email reported as Spam by customer) spamrbl.imp.ch (3 days holding time) IPs are listed when trying to send mail to the spamtrap mailserver MD5 hash: attachment sent to the swinog blacklist wormrbl.imp.ch DEAD http://blacklist.woody.ch/rblcheck.php3 dead? waiting for feedback http://dnsbl.iip.lu/ https://docs.hetrixtools.com/lookup-dnsbl-iip-lu-false-positive-removed/ in 2016: lookup.dnsbl.iip.lu blacklist started issuing false positive responses and upon further investigation looks to be abandoned/dead. https://www.blalert.com/dnsbl/lookup.dnsbl.iip.lu This blacklist is marked as "shut down" and non-operational as of 2017-12-31. http://dnsbl.inps.de/ timeout https://www.dnsbl.com/search/label/dnsbl.inps.de Today, May 25, 2020, he has announced that it is shutting down, due to concerns around GDPR and personal challenges brought on by the coronavirus pandemic. https://docs.hetrixtools.com/dnsbl-inps-de-removed-from-our-system/ [May 29,2018] IPv4 RBL dnsbl.inps.de has been removed from our system, as they have decided to discontinue the RBL project for the time being. https://glockapps.com/blacklist/dnsbl-inps-de/ Today, May 25, 2020, he has announced that it is shutting down, due to concerns around GDPR and personal challenges brought on by the coronavirus pandemic. https://www.dnsbl.info/dnsbl-details.php?dnsbl=dnsbl.inps.de This blacklist is offline as of May 1, 2020. https://web.archive.org/web/20220428013500/http://www.inps.de/ 00_NEEDS_RESEARCH bl.tiopan.com blocked.hilli.dk dialups.visi.com dnsbl.antispam.or.id dob.sibl.support-intelligence.net intruders.docs.uu.se map.spam-rbl.com rbl.triumf.ca all.s5h.net http://www.usenix.org.uk/content/rbl.html torexit.dan.me.uk http://pedantic.org/ as of 20140701 rbl.fasthosts.co.uk https://help.fasthosts.co.uk/app/answers/detail/a_id/140/kw/rbl seems dead? https://antispam.fasthosts.co.uk/ 00_ALIVE 00_RECONSIDER http://barracudacentral.org/rbl requires account with extensive information (more than spamhaus e.g.): your name. your company name. your phone number. your address. your city name. your state/province name. your zip/postal code. the name of the alternate contact. the phone number of the alternate contact. the email address of the alternate contact. seems well documented 00_E_EVIL sbl.nszones.com http://www.spamhaus.org/organization/statement/008/fake-dnsbl-uncovered-nszones.com http://www.backscatterer.org/ questionable policy - pay for (quicker) delisting https://support.hornetsecurity.com/hc/en-us/articles/360011880797-Why-are-Hornetsecurity-IP-addresses-listed-at-Backscatterer- as of December 29, 2021: »The removal at the blacklist backscatterer.org can only be done for a fee« https://www.warmy.io/blog/backscatterer-blacklist-how-to-remove-your-ip-from-it in March 17, 2023 does not mention need to pay https://support.forcepoint.com/s/article/Forcepoint-IP-s-blocklisted-by-UCEProtect-and-Backscatterer-org recommend against using it https://whatismyipaddress.com/backscatterer mentions strict delisting process and "express delisting" but nothing further https://bobcares.com/blog/backscatterer-blacklist/ goes through the process with screenshots showing express delisting for 109$ https://community.cisco.com/t5/email-security/issues-with-www-backscatterer-org-any-one/td-p/1298377 more opinions https://www.titanhq.com/blog/warning-ignore-pay-for-de-listing-blacklist-service/ Jan 17th, 2020: »UCEProtect also charges a delisting fee. TitanHQ discourages email administrators from using the UCEProtect blacklist and we do not recommend paying for list removal« https://web.archive.org/web/20150320180344/http://www.jvfconsulting.com/blog/130/Backscatterer_Network_Spam_List_Is_Another_UCEPROTECT_Extortion_Scam.html another opinion 00_E_INFORMATION blacklist.sci.kun.nl https://cncz.science.ru.nl/en/howto/email-spam/ not really its own DNSBL? no usage information no usage policy http://anonmails.de/ seems serious but missing necessary info usage policy listing policy http://blacklist.jippg.org/ no usage policy no listing policy no return code info bip.virusfree.cz used by rspamd https://www.virusfree.cz/en/help is the only place I can find any official reference to this list at all but no policies or usage information https://www.nixspam.net/ previously http://www.dnsbl.manitu.net/ query zone: ix.dnsbl.manitu.net provided by the reputable german publisher 'heise' which makes the high quality c’t, iX, and telepolis magacines difficult to find info regarding listing policy asked for more information to be added https://www.heise.de/forum/iX/Kommentare/Gemeinsam-stark/Nutzungsbedingungen-Return-Codes-sonstige-Infos/posting-42669177/show/ access.redhawk.org website works but barely any info, not even how to query it https://www.redhawk.org/?p=64 https://www.redhawk.org/SpamHawk/index.php https://senderscore.org/ requires registration? Scam? http://www.complaintsboard.com/complaints/buyer-beware-senderscoreorg-is-a-scam-c276871.html https://senderscore.org/assess/blocklist-lookup/ FAQ: https://knowledge.validity.com/hc/en-us/articles/360006992592-Return-Path-Blocklist-RPBL-FAQ- no information how to query found mail-abuse.org https://ers.trendmicro.com/ trendmicro paid service https://docs.trendmicro.com/en-us/enterprise/email-reputation-services-online-help/getting-started_001/configuring-email-re/creating-an-account.aspx »If you don’t create an account, you can still query the reputation of an IP address« I don’t find any pricing or usage information http://dnsbl.tornevall.org/ https://www.tornevall.net/ related to https://www.fraudbl.org/ seems a bit unstructured and not very well documented I can’t be arsed to deal with confluence slowing my browser to a halt repeatedly and it’s really hard to navigate but there seems to be some information on https://docs.tornevall.net/display/TORNEVALL/Endpoint%3A+dnsbl+-+DNSBL+v5+with+API+v3 seems active http://rbl.schulte.org/ seems active listing policy seems to be: they received spam from an IP usage policy: Anyone can use this RBL list [sic] return codes: probably boolean, i.e. either listed or not http://relaytest.kundenserver.de/ by 1und1 (now ionos?), used internally https://www.blalert.com/dnsbl/relays.bl.kundenserver.de no usage policy found no listing policy found no return code explanation found http://www.blockedservers.com/ no usage policy no listing policy no documentation "funny": No rights given; all rights are in the dumpster; Copyleft 2012 - 3013 - page generated in 0.009843111038208 secs https://choon.net/dnsbl.php no usage policy or instructions no listing policy only automatic delisting after 30 days 00_E_PAID 00_E_PRIVATE 88.blacklist.zap http://blogs.technet.com/b/fss/archive/2009/05/08/forefront-dnsbl-yeah-or-nay.aspx https://web.archive.org/web/20150812003556/http://blogs.technet.com/b/fss/archive/2009/05/08/forefront-dnsbl-yeah-or-nay.aspx https://www.blalert.com/dnsbl/88.blacklist.zap 88.blacklist.zap is an internal blacklist maintained by Microsoft's Forefront https://www.dnsbl.com/search/label/frontbridge http://drmx.org/ »Use of any DrMX.ORG DNS Zone is by request and by contract only.« rbl.tdk.net tdk.net seems dead on http(s) private https://www.blalert.com/dnsbl/rbl.tdk.net old link: http://postmaster.tdc.dk/publish.php?id=31787 tdc.dk redirects to yousee.dk https://web.archive.org/web/20170703084224/http://postmaster.tdc.dk/publish.php?id=31787 rbl.zenon.net private https://www.blalert.com/dnsbl/rbl.zenon.net http://www.noc.zenon.net/rbl/ russian(?) https://ahbl.org/ was public until 2015 now private, invite-only http://rfc-clueless.org/ lists domains that do not adhere to common best practices or requirements does NOT list spammers! listing criteria are explained well http://rfc-clueless.org/pages/listing_policy return codes are explained http://rfc-clueless.org/ usage policy is not so clear but the FAQ implies that it’s just free to use for everyone many timeouts first noticed in 2014 and deactivated retried in 2023 and still the case http://spameatingmonkey.com/ lists IPs that sent backscatter that sent to spamtrap added by policy this includes dial-up! https://spameatingmonkey.com/faq/policy-based-listing lists domains/URIs by age in spam bodies usage policy seems clear https://spameatingmonkey.com/faq/query-limits listing policy seems clear https://spameatingmonkey.com/services return codes documented https://spameatingmonkey.com/services http://blogspambl.com/ redirects to spameatingmonkey.com http://uribl.com/ lists domains/URIs that appear in spam bodies has whitelist lists IPs that URIs in spam bodies resolve to return codes are documented https://uribl.com/about.shtml#implementation bitmasked 127.0.0.1 is used to signal abusive query behaviour http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists called "hostkarma" lists domains/URIs lists IPs usage policy is relatively clear that it’s free, except maybe for big for-profit oranizations listing policy is documented return codes are documented seems very trustworthy http://www.sorbs.net/ good reputation lists domains/URIs lists IPs usage policy is clear that it’s free listing policy is documented return codes are documented seems trustworthy http://www.spamhaus.org/ good reputation very well done seems very professional lists domains/URIs lists IPs usage policy is clear https://www.spamhaus.org/organization/dnsblusage/ listing policies are clearly documented return codes are clearly documented history of grandeur and retaliation listings https://www.heise.de/hintergrund/Spam-Golem-291396.html http://www.surbl.org/ good reputation lists domains/URIs usage policy is clear https://surbl.org/usage-policy listing policy is documented return codes are documented bitmasked 127.0.0.1 means blocked http://zapbl.net/ lists domains/URIs lists IPs listing policy seems clear https://zapbl.net/policy usage policy seems clearly free for everyone https://zapbl.net/using return codes are documented seems well done https://rbl.foobar.hu/ lists domains/URIs lists IPs listing policy seems clear usage policy seems clearly free for everyone return codes are documented possibly unmaintained or dead footer says: ©2013-14 http://apews.org/?page=filter questionable https://www.dnsbl.com/search/label/apews https://whatismyipaddress.com/apews dead? no news on http://apews-user.blogspot.com/ since 2014 not further looked into because of the above https://www.dnswl.org/ seems to be run with best intentions but has had issues from what I have heard from some users IRC channel has some activity usage policy relatively clear free within certain limits listing policy self-service return codes are documented 00_E_FOCUS https://www.dnsblchile.org/index.en.html chilenian spam so not interesting for me seems alive 00_LISTS_BLOGSPAMMERS https://www.madavi.de/madavibl/ »This blacklist should only be used to block comment spammer (on blogs and websites). Don’t use it for mail.« http://bsb.empty.us/ does not exist anymore empty.us returns »Nothing here, obviously.« 00_LISTS_COUNTRIES korea http://korea.services.net/ 00_LISTS_DIALUPS 00_LISTS_OPENRESOLVERS 00_LISTS_TORNODES https://www.dan.me.uk/dnsbl http://rbl.efnetrbl.org/ aka http://tor.efnet.org/ lists IPs lists open proxies, infected machines, tornodes, etc. https://0spam.org/ clear information on usage policy Nothing. The 0Spam Project is absolutely free for email providers, IT professionals and general removal request. DNSBL service and removals are 100% for free for all uses; commercial, non profit and personal. seems serious listing policies are a little less clear bl.0spam.org DNSBL | 0spam Spam Trap Primary Database nbl.0spam.org Network Black List | Spam Source Networks, high volume of spam trap hits in a Class C block will result in network listings in this DNSBL. url.0spam.org URL Black List | This list contains the IP address of domains found to be in the source of spam emails found in our traps. return codes not very clear https://abuse.ro/ policy spamtraps The last IP address before destination in the email headers is listed into rbl.abuse.ro list. Sender domains are analyzed and if confirmed to be not spoofed, are listed into dbl.abuse.ro list Spamvertized domains (including those indirectly linked through services like bit.ly) are listed into uribl.abuse.ro list http://dronebl.org/ usage policy is clear: free for whatever listing policy is not quite so clear can be mostly inferred from the classes but not entirely clear IMHO has an IRC channel return codes not explicitly mentioned but it’s 127.0.0.X where X is the class from https://dronebl.org/classes http://psbl.org/ query zone: psbl.surriel.com no usage policy, but seems implied that usage is free listing policy no explicit, complete policy given but sending to spamtraps is mentioned to get you listed and seems the exclusive mechanism return codes not documented, probably only boolean http://rbldata.interserver.net/ listing policy more or less clear usage policy not given but since usage is explained it’s probably free for all return codes seem to be binary, i.e. either listed or not lists IPs lists domains/URIs http://rv-soft.info/ usage policy not explicit but seems to be free listing policy also not explicit but can be inferred from return code explanation return codes are explained http://spamrats.com/ clear usage policy (ToS) listing policies documented return codes of aggregated list documented lists IPs http://v4bl.org/ usage policy documented listing policy not really clear return codes documented http://wpbl.info/ listing procedure is documented usage policy implied: free to use return codes documented http://www.aupads.org/ aka www.antispam-ufrj.pads.ufrj.br aka www.orve.org listing policy more or less clear lists IPs and FQDNs usage policy seems clear: freely exported by anybody who wants to use them« http://www.gbudb.com/truncate/ listing policy usage policy seems implied: free use return codes documented »Truncate is very conservative. On most systems it can be safely used to reject connections!« http://www.justspam.org/ listing policy documented warning: relies on listings in other DNSBLs! also for delisting! usage policy clear return codes: binary http://www.kempt.net/dnsbl/ listing policy documented usage policy documented return codes undocumented http://www.spamcop.net/ listing policy documented The SCBL is aggressive and often errs on the side of blocking mail usage policy is: free good reputation return codes documented http://www.spamsources.fabel.dk/ usage policy is: free listing policy seems clear lists IPs http://www.uceprotect.net/en/index.php takes money for faster delisting listing policy is documented usage policy is documented: free a lot of drama https://www.heise.de/hintergrund/Spam-Golem-291396.html german also see comments https://news.admin.net-abuse.email.narkive.com/boJTu7JC/claus-v-wolfhausen-harasement https://www.linode.com/community/questions/2324/uceprotectnet-has-us-blacklisted https://uceprotect.wtf/ https://www.aaroncake.net/misc/showthought.asp?thought=57 https://www.dnsbl.com/search/label/claus%20v.%20wolfhausen https://wordtothewise.com/2018/06/another-day-another-dead-blacklist/ https://community.spiceworks.com/topic/2170592-uceprotect-blacklist-scam http://kontech.net/uceprotect-blacklist-scheme-2020/ http://www.whitelisted.org/ paid subscription policy on site related to uceprotect, see there https://www.team-cymru.org/Services/Bogons/dns.html good reputation lists IPs does not list spammers but bogons clear listing policy usage policy not quite clear ATM return codes documented: binary http://mailspike.net/usage.html lists IPs response codes according to their reputation, both positive and negative listing policy documented usage policy documented http://www.isipp.com/email-accreditation/iadb-query-instruction/ requires signup not quite a usage policy, but seems ok strange split of ipv4 and ipv6 seems dead?