update isipp.com aka iadb

[user/henk/docs/dnsbl_notes.git] / dnslists.otl

diff --git a/dnslists.otl b/dnslists.otl
index 434848f56a181e2fafe652b873cd2c4c4983919c..da12cc71b3326edd558d30219fed3f1a5c442378 100644 (file)
--- a/dnslists.otl
+++ b/dnslists.otl
@@ -1,6 +1,9 @@
 TODO
        check and link (de)listing policy
                NOGO: delisting for money
 TODO
        check and link (de)listing policy
                NOGO: delisting for money

+               how long does automatic delisting take?
+                       7d is already quite long
+                       anything >7d seems excessive and should probably not be used

        check and link usage policy
        check and link return codes
        find newsfeed or mailinglist
        check and link usage policy
        check and link return codes
        find newsfeed or mailinglist


@@ -23,6 +26,7 @@ TODO
        https://knowledge.validity.com/hc/en-us/sections/204468388-Blocklists
        https://github.com/zbetcheckin/DNSBLs
        https://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists
        https://knowledge.validity.com/hc/en-us/sections/204468388-Blocklists
        https://github.com/zbetcheckin/DNSBLs
        https://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists

+       https://www.impressionwise.com/kb/threats/rbl-advisories.html

 00_ELANG
        http://dnsbl.aspnet.hu/
                hungarian?
 00_ELANG
        http://dnsbl.aspnet.hu/
                hungarian?


@@ -189,6 +193,47 @@ TODO
                domain is for sale
        http://rbl.dns-servicios.com/rbl.php
                website can not be found
                domain is for sale
        http://rbl.dns-servicios.com/rbl.php
                website can not be found

+       http://spamcannibal.org/
+               dead, as of at least 2018
+       http://st.technovision.dk/
+               https://docs.hetrixtools.com/st-technovision-dk-inactive-removed/
+                       [December 8, 2021] This RBL has stopped responding to DNS queries.
+       http://spamstinks.com/
+               cert is for generic hostname
+               website shows some login form
+       http://virbl.bit.nl/
+               https://www.rollernet.us/2017/01/shutdown-of-virbl-dnsbl-bit-nl/
+                       January 23, 2017: »The Virbl-project site has been replaced by this static message to inform those that find their ways here. The Virbl DNSBL-zone was emptied and will be removed all together at a moment further on in the future.«
+       http://www.blocklist.de/en/index.html
+               lots of timeouts as of 2023
+               forum link is dead, among others
+               seems unmaintained but alive
+               latest news is from 2016
+               latest blog entry from 2022
+                       Abusix, a network security company for mail security and abuse report handling, takes over blocklist.de to integrate it within its Abusix platform to further improve its data quality.
+       http://www.emailbasura.org/cgi-bin/emailbasura-ini.pl?lang=eng
+               placeholder/parked?
+       http://www.leadmon.net/spamguard/
+               website times out
+       http://www.srntools.com/blacklist/
+               redirects to comodo.com subdomain where I can’t find any information about a DNSBL
+       https://bl.konstant.no/
+               https://docs.hetrixtools.com/bl-konstant-no-unresponsive-removed/
+                       [July 29, 2022] This RBL has become unresponsive, and we’ve removed it from our system until it returns to functioning normally again.
+       https://www.megarbl.net/
+               connection times out
+               https://www.blalert.com/dnsbl/rbl.megarbl.net
+                       »This blacklist is marked as inactive and is not being checked at the moment. We will be tracking it to see if it goes to normal again.«
+       https://www.kisarbl.or.kr/
+               can’t find information about it
+               website redirects to https://spam.kisa.or.kr/ which gives a 404
+       https://www.abuse.ch/
+               old, defunct link: https://www.abuse.ch/?tag=httpbl
+               does not seem to have a DNSBL (anymore)
+                       might be incorporated into spamhaus?
+               does host other databases about threats
+       https://puck.nether.net/or/
+               website is dead

 00_NEEDS_RECHECK
        https://antispam.imp.ch/
                no usage policy
 00_NEEDS_RECHECK
        https://antispam.imp.ch/
                no usage policy


@@ -261,6 +306,24 @@ TODO
        00_E_EVIL
                sbl.nszones.com
                        http://www.spamhaus.org/organization/statement/008/fake-dnsbl-uncovered-nszones.com
        00_E_EVIL
                sbl.nszones.com
                        http://www.spamhaus.org/organization/statement/008/fake-dnsbl-uncovered-nszones.com

+               http://www.backscatterer.org/
+                       questionable policy - pay for (quicker) delisting
+                       https://support.hornetsecurity.com/hc/en-us/articles/360011880797-Why-are-Hornetsecurity-IP-addresses-listed-at-Backscatterer-
+                               as of December 29, 2021: »The removal at the blacklist backscatterer.org can only be done for a fee«
+                       https://www.warmy.io/blog/backscatterer-blacklist-how-to-remove-your-ip-from-it
+                               in March 17, 2023 does not mention need to pay
+                       https://support.forcepoint.com/s/article/Forcepoint-IP-s-blocklisted-by-UCEProtect-and-Backscatterer-org
+                               recommend against using it
+                       https://whatismyipaddress.com/backscatterer
+                               mentions strict delisting process and "express delisting" but nothing further
+                       https://bobcares.com/blog/backscatterer-blacklist/
+                               goes through the process with screenshots showing express delisting for 109$
+                       https://community.cisco.com/t5/email-security/issues-with-www-backscatterer-org-any-one/td-p/1298377
+                               more opinions
+                       https://www.titanhq.com/blog/warning-ignore-pay-for-de-listing-blacklist-service/
+                               Jan 17th, 2020: »UCEProtect also charges a delisting fee. TitanHQ discourages email administrators from using the UCEProtect blacklist and we do not recommend paying for list removal«
+                       https://web.archive.org/web/20150320180344/http://www.jvfconsulting.com/blog/130/Backscatterer_Network_Spam_List_Is_Another_UCEPROTECT_Extortion_Scam.html
+                               another opinion

        00_E_INFORMATION
                blacklist.sci.kun.nl
                        https://cncz.science.ru.nl/en/howto/email-spam/
        00_E_INFORMATION
                blacklist.sci.kun.nl
                        https://cncz.science.ru.nl/en/howto/email-spam/


@@ -312,6 +375,22 @@ TODO
                        listing policy seems to be: they received spam from an IP
                        usage policy: Anyone can use this RBL list [sic]
                        return codes: probably boolean, i.e. either listed or not
                        listing policy seems to be: they received spam from an IP
                        usage policy: Anyone can use this RBL list [sic]
                        return codes: probably boolean, i.e. either listed or not

+               http://relaytest.kundenserver.de/
+                       by 1und1 (now ionos?), used internally
+                       https://www.blalert.com/dnsbl/relays.bl.kundenserver.de
+                       no usage policy found
+                       no listing policy found
+                       no return code explanation found
+               http://www.blockedservers.com/
+                       no usage policy
+                       no listing policy
+                       no documentation
+                       "funny":
+                               No rights given; all rights are in the dumpster; Copyleft 2012 - 3013 - page generated in 0.009843111038208 secs
+               https://choon.net/dnsbl.php
+                       no usage policy or instructions
+                       no listing policy
+                       only automatic delisting after 30 days

        00_E_PAID
        00_E_PRIVATE
                88.blacklist.zap
        00_E_PAID
        00_E_PRIVATE
                88.blacklist.zap


@@ -403,6 +482,8 @@ TODO
                        https://www.spamhaus.org/organization/dnsblusage/
                listing policies are clearly documented
                return codes are clearly documented
                        https://www.spamhaus.org/organization/dnsblusage/
                listing policies are clearly documented
                return codes are clearly documented

+               history of grandeur and retaliation listings
+                       https://www.heise.de/hintergrund/Spam-Golem-291396.html

        http://www.surbl.org/
                good reputation
                lists domains/URIs
        http://www.surbl.org/
                good reputation
                lists domains/URIs


@@ -461,6 +542,10 @@ TODO
        00_LISTS_OPENRESOLVERS
        00_LISTS_TORNODES
                https://www.dan.me.uk/dnsbl
        00_LISTS_OPENRESOLVERS
        00_LISTS_TORNODES
                https://www.dan.me.uk/dnsbl

+               http://rbl.efnetrbl.org/
+                       aka http://tor.efnet.org/
+                       lists IPs
+                       lists open proxies, infected machines, tornodes, etc.

        https://0spam.org/
                clear information on usage policy
                        Nothing. The 0Spam Project is absolutely free for email providers, IT professionals and general removal request.
        https://0spam.org/
                clear information on usage policy
                        Nothing. The 0Spam Project is absolutely free for email providers, IT professionals and general removal request.


@@ -497,50 +582,87 @@ TODO
                return codes seem to be binary, i.e. either listed or not
                lists IPs
                lists domains/URIs
                return codes seem to be binary, i.e. either listed or not
                lists IPs
                lists domains/URIs

-       http://relaytest.kundenserver.de/

        http://rv-soft.info/
        http://rv-soft.info/

-       http://spamcannibal.org/dnsbl_check.shtml
+               usage policy not explicit but seems to be free
+               listing policy also not explicit but can be inferred from return code explanation
+               return codes are explained

        http://spamrats.com/
        http://spamrats.com/

-       http://spamstinks.com/
-       http://st.technovision.dk/
-       http://tor.efnet.org/
-               http://rbl.efnetrbl.org/ MIRROR
+               clear usage policy (ToS)
+               listing policies documented
+               return codes of aggregated list documented
+               lists IPs

        http://v4bl.org/
        http://v4bl.org/

-       http://virbl.bit.nl/
+               usage policy documented
+               listing policy not really clear
+               return codes documented

        http://wpbl.info/
        http://wpbl.info/

+               listing procedure is documented
+               usage policy implied: free to use
+               return codes documented

        http://www.aupads.org/
        http://www.aupads.org/

-       http://www.backscatterer.org/
-               fragwuerdige policy - bezahlen fuer schnelleres delisting
-       http://www.blockedservers.com/
-       http://www.blocklist.de/en/index.html
-       http://www.emailbasura.org/cgi-bin/emailbasura-ini.pl?lang=eng
+               aka www.antispam-ufrj.pads.ufrj.br
+               aka www.orve.org 
+               listing policy more or less clear
+               lists IPs and FQDNs
+               usage policy seems clear: freely exported by anybody who wants to use them«

        http://www.gbudb.com/truncate/
        http://www.gbudb.com/truncate/

+               listing policy
+               usage policy seems implied: free use
+               return codes documented
+               »Truncate is very conservative. On most systems it can be safely used to reject connections!«

        http://www.justspam.org/
        http://www.justspam.org/

+               listing policy documented
+                       warning: relies on listings in other DNSBLs! also for delisting!
+               usage policy clear
+               return codes: binary

        http://www.kempt.net/dnsbl/
        http://www.kempt.net/dnsbl/

-       http://www.leadmon.net/spamguard/
+               listing policy documented
+               usage policy documented
+               return codes undocumented

        http://www.spamcop.net/
        http://www.spamcop.net/

-               good policy
+               listing policy documented
+                       The SCBL is aggressive and often errs on the side of blocking mail
+               usage policy is: free

                good reputation
                good reputation

+               return codes documented

        http://www.spamsources.fabel.dk/
        http://www.spamsources.fabel.dk/

-               sensible policy
-       http://www.srntools.com/blacklist/
+               usage policy is: free
+               listing policy seems clear
+               lists IPs

        http://www.uceprotect.net/en/index.php
        http://www.uceprotect.net/en/index.php

-       https://bl.konstant.no/
-       https://choon.net/rbl.php
-       https://www.abuse.ch/
-               https://www.abuse.ch/?tag=httpbl
-       https://www.kisarbl.or.kr/
-       https://www.megarbl.net/
-       https://www.team-cymru.org/Services/Bogons/dns.html
-       http://mailspike.net/usage.html
-               reputation-based
+               takes money for faster delisting
+               listing policy is documented
+               usage policy is documented: free
+               a lot of drama
+                       https://www.heise.de/hintergrund/Spam-Golem-291396.html
+                               german
+                               also see comments
+                       https://news.admin.net-abuse.email.narkive.com/boJTu7JC/claus-v-wolfhausen-harasement
+                       https://www.linode.com/community/questions/2324/uceprotectnet-has-us-blacklisted
+                       https://uceprotect.wtf/
+                       https://www.aaroncake.net/misc/showthought.asp?thought=57
+                       https://www.dnsbl.com/search/label/claus%20v.%20wolfhausen
+                       https://wordtothewise.com/2018/06/another-day-another-dead-blacklist/
+                       https://community.spiceworks.com/topic/2170592-uceprotect-blacklist-scam
+                       http://kontech.net/uceprotect-blacklist-scheme-2020/

        http://www.whitelisted.org/
                paid subscription
                policy on site
        http://www.whitelisted.org/
                paid subscription
                policy on site

-       https://puck.nether.net/or/
-               policies on website
-       http://www.isipp.com/email-accreditation/iadb-query-instruction/
-               requires signup
-               not quite a usage policy, but seems ok
-               strange split of ipv4 and ipv6
-               seems dead?
+               related to uceprotect, see there
+       https://www.team-cymru.org/Services/Bogons/dns.html
+               good reputation
+               lists IPs
+               does not list spammers but bogons
+               clear listing policy
+               usage policy not quite clear ATM
+               return codes documented: binary
+       http://mailspike.net/usage.html
+               lists IPs
+               response codes according to their reputation, both positive and negative
+               listing policy documented
+               usage policy documented
+       https://www.isipp.com/for-isps/iadb-query/
+               usage policy seems clear: It is free to query all of the IADB, IADB2, and WADB.
+               not quite a whitelist but closer to whitelist than blacklist
+               listing policy seems to be: get certified by them (for a fee) https://www.isipp.com/email-accreditation/faq/#pricing
+               response codes are documented