]> git.netwichtig.de Git - user/henk/docs/dnsbl_notes.git/blobdiff - dnslists.otl
projects / user / henk / docs / dnsbl_notes.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
update isipp.com aka iadb
[user/henk/docs/dnsbl_notes.git] / dnslists.otl
diff --git a/dnslists.otl b/dnslists.otl
index a0608ce465347e1c4563cce41ec6726763ef06c3..da12cc71b3326edd558d30219fed3f1a5c442378 100644 (file)
--- a/dnslists.otl
+++ b/dnslists.otl
@@ -1,6 +1,9 @@
 TODO
        check and link (de)listing policy
                NOGO: delisting for money
 TODO
        check and link (de)listing policy
                NOGO: delisting for money
+               how long does automatic delisting take?
+                       7d is already quite long
+                       anything >7d seems excessive and should probably not be used
        check and link usage policy
        check and link return codes
        find newsfeed or mailinglist
        check and link usage policy
        check and link return codes
        find newsfeed or mailinglist
@@ -8,13 +11,6 @@ TODO
        implement in exim
        implement in SA
        implement in rspamd
        implement in exim
        implement in SA
        implement in rspamd
-implement
-       https://abuse.ro/
-               policy
-                       spamtraps
-                       The last IP address before destination in the email headers is listed into rbl.abuse.ro list.
-                       Sender domains are analyzed and if confirmed to be not spoofed, are listed into dbl.abuse.ro list
-                       Spamvertized domains (including those indirectly linked through services like bit.ly) are listed into uribl.abuse.ro list
 00_META
        https://bugs.launchpad.net/ubuntu/+source/amispammer/+bug/835614
        http://www.blalert.com/dnsbls
 00_META
        https://bugs.launchpad.net/ubuntu/+source/amispammer/+bug/835614
        http://www.blalert.com/dnsbls
@@ -30,6 +26,7 @@ implement
        https://knowledge.validity.com/hc/en-us/sections/204468388-Blocklists
        https://github.com/zbetcheckin/DNSBLs
        https://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists
        https://knowledge.validity.com/hc/en-us/sections/204468388-Blocklists
        https://github.com/zbetcheckin/DNSBLs
        https://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists
+       https://www.impressionwise.com/kb/threats/rbl-advisories.html
 00_ELANG
        http://dnsbl.aspnet.hu/
                hungarian?
 00_ELANG
        http://dnsbl.aspnet.hu/
                hungarian?
@@ -194,6 +191,49 @@ implement
                        changes to the CBL that occured in January 2021. In short, the CBL infrastructure was replaced by the Spamhaus XBL structure
        http://dnsbl.burnt-tech.com/
                domain is for sale
                        changes to the CBL that occured in January 2021. In short, the CBL infrastructure was replaced by the Spamhaus XBL structure
        http://dnsbl.burnt-tech.com/
                domain is for sale
+       http://rbl.dns-servicios.com/rbl.php
+               website can not be found
+       http://spamcannibal.org/
+               dead, as of at least 2018
+       http://st.technovision.dk/
+               https://docs.hetrixtools.com/st-technovision-dk-inactive-removed/
+                       [December 8, 2021] This RBL has stopped responding to DNS queries.
+       http://spamstinks.com/
+               cert is for generic hostname
+               website shows some login form
+       http://virbl.bit.nl/
+               https://www.rollernet.us/2017/01/shutdown-of-virbl-dnsbl-bit-nl/
+                       January 23, 2017: »The Virbl-project site has been replaced by this static message to inform those that find their ways here. The Virbl DNSBL-zone was emptied and will be removed all together at a moment further on in the future.«
+       http://www.blocklist.de/en/index.html
+               lots of timeouts as of 2023
+               forum link is dead, among others
+               seems unmaintained but alive
+               latest news is from 2016
+               latest blog entry from 2022
+                       Abusix, a network security company for mail security and abuse report handling, takes over blocklist.de to integrate it within its Abusix platform to further improve its data quality.
+       http://www.emailbasura.org/cgi-bin/emailbasura-ini.pl?lang=eng
+               placeholder/parked?
+       http://www.leadmon.net/spamguard/
+               website times out
+       http://www.srntools.com/blacklist/
+               redirects to comodo.com subdomain where I can’t find any information about a DNSBL
+       https://bl.konstant.no/
+               https://docs.hetrixtools.com/bl-konstant-no-unresponsive-removed/
+                       [July 29, 2022] This RBL has become unresponsive, and we’ve removed it from our system until it returns to functioning normally again.
+       https://www.megarbl.net/
+               connection times out
+               https://www.blalert.com/dnsbl/rbl.megarbl.net
+                       »This blacklist is marked as inactive and is not being checked at the moment. We will be tracking it to see if it goes to normal again.«
+       https://www.kisarbl.or.kr/
+               can’t find information about it
+               website redirects to https://spam.kisa.or.kr/ which gives a 404
+       https://www.abuse.ch/
+               old, defunct link: https://www.abuse.ch/?tag=httpbl
+               does not seem to have a DNSBL (anymore)
+                       might be incorporated into spamhaus?
+               does host other databases about threats
+       https://puck.nether.net/or/
+               website is dead
 00_NEEDS_RECHECK
        https://antispam.imp.ch/
                no usage policy
 00_NEEDS_RECHECK
        https://antispam.imp.ch/
                no usage policy
@@ -214,6 +254,22 @@ implement
        http://blacklist.woody.ch/rblcheck.php3
                dead?
                waiting for feedback
        http://blacklist.woody.ch/rblcheck.php3
                dead?
                waiting for feedback
+       http://dnsbl.iip.lu/
+               https://docs.hetrixtools.com/lookup-dnsbl-iip-lu-false-positive-removed/
+                       in 2016: lookup.dnsbl.iip.lu blacklist started issuing false positive responses and upon further investigation looks to be abandoned/dead.
+               https://www.blalert.com/dnsbl/lookup.dnsbl.iip.lu
+                       This blacklist is marked as "shut down" and non-operational as of 2017-12-31.
+       http://dnsbl.inps.de/
+               timeout
+               https://www.dnsbl.com/search/label/dnsbl.inps.de
+                       Today, May 25, 2020, he has announced that it is shutting down, due to concerns around GDPR and personal challenges brought on by the coronavirus pandemic.
+               https://docs.hetrixtools.com/dnsbl-inps-de-removed-from-our-system/
+                       [May 29,2018] IPv4 RBL dnsbl.inps.de has been removed from our system, as they have decided to discontinue the RBL project for the time being.
+               https://glockapps.com/blacklist/dnsbl-inps-de/
+                       Today, May 25, 2020, he has announced that it is shutting down, due to concerns around GDPR and personal challenges brought on by the coronavirus pandemic.
+               https://www.dnsbl.info/dnsbl-details.php?dnsbl=dnsbl.inps.de
+                       This blacklist is offline as of May 1, 2020.
+               https://web.archive.org/web/20220428013500/http://www.inps.de/
 00_NEEDS_RESEARCH
        bl.tiopan.com
        blocked.hilli.dk
 00_NEEDS_RESEARCH
        bl.tiopan.com
        blocked.hilli.dk
@@ -250,6 +306,24 @@ implement
        00_E_EVIL
                sbl.nszones.com
                        http://www.spamhaus.org/organization/statement/008/fake-dnsbl-uncovered-nszones.com
        00_E_EVIL
                sbl.nszones.com
                        http://www.spamhaus.org/organization/statement/008/fake-dnsbl-uncovered-nszones.com
+               http://www.backscatterer.org/
+                       questionable policy - pay for (quicker) delisting
+                       https://support.hornetsecurity.com/hc/en-us/articles/360011880797-Why-are-Hornetsecurity-IP-addresses-listed-at-Backscatterer-
+                               as of December 29, 2021: »The removal at the blacklist backscatterer.org can only be done for a fee«
+                       https://www.warmy.io/blog/backscatterer-blacklist-how-to-remove-your-ip-from-it
+                               in March 17, 2023 does not mention need to pay
+                       https://support.forcepoint.com/s/article/Forcepoint-IP-s-blocklisted-by-UCEProtect-and-Backscatterer-org
+                               recommend against using it
+                       https://whatismyipaddress.com/backscatterer
+                               mentions strict delisting process and "express delisting" but nothing further
+                       https://bobcares.com/blog/backscatterer-blacklist/
+                               goes through the process with screenshots showing express delisting for 109$
+                       https://community.cisco.com/t5/email-security/issues-with-www-backscatterer-org-any-one/td-p/1298377
+                               more opinions
+                       https://www.titanhq.com/blog/warning-ignore-pay-for-de-listing-blacklist-service/
+                               Jan 17th, 2020: »UCEProtect also charges a delisting fee. TitanHQ discourages email administrators from using the UCEProtect blacklist and we do not recommend paying for list removal«
+                       https://web.archive.org/web/20150320180344/http://www.jvfconsulting.com/blog/130/Backscatterer_Network_Spam_List_Is_Another_UCEPROTECT_Extortion_Scam.html
+                               another opinion
        00_E_INFORMATION
                blacklist.sci.kun.nl
                        https://cncz.science.ru.nl/en/howto/email-spam/
        00_E_INFORMATION
                blacklist.sci.kun.nl
                        https://cncz.science.ru.nl/en/howto/email-spam/
@@ -290,6 +364,33 @@ implement
                        https://docs.trendmicro.com/en-us/enterprise/email-reputation-services-online-help/getting-started_001/configuring-email-re/creating-an-account.aspx
                                »If you don’t create an account, you can still query the reputation of an IP address«
                        I don’t find any pricing or usage information
                        https://docs.trendmicro.com/en-us/enterprise/email-reputation-services-online-help/getting-started_001/configuring-email-re/creating-an-account.aspx
                                »If you don’t create an account, you can still query the reputation of an IP address«
                        I don’t find any pricing or usage information
+               http://dnsbl.tornevall.org/
+                       https://www.tornevall.net/
+                       related to https://www.fraudbl.org/
+                       seems a bit unstructured and not very well documented
+                               I can’t be arsed to deal with confluence slowing my browser to a halt repeatedly and it’s really hard to navigate but there seems to be some information on https://docs.tornevall.net/display/TORNEVALL/Endpoint%3A+dnsbl+-+DNSBL+v5+with+API+v3
+                       seems active
+               http://rbl.schulte.org/
+                       seems active
+                       listing policy seems to be: they received spam from an IP
+                       usage policy: Anyone can use this RBL list [sic]
+                       return codes: probably boolean, i.e. either listed or not
+               http://relaytest.kundenserver.de/
+                       by 1und1 (now ionos?), used internally
+                       https://www.blalert.com/dnsbl/relays.bl.kundenserver.de
+                       no usage policy found
+                       no listing policy found
+                       no return code explanation found
+               http://www.blockedservers.com/
+                       no usage policy
+                       no listing policy
+                       no documentation
+                       "funny":
+                               No rights given; all rights are in the dumpster; Copyleft 2012 - 3013 - page generated in 0.009843111038208 secs
+               https://choon.net/dnsbl.php
+                       no usage policy or instructions
+                       no listing policy
+                       only automatic delisting after 30 days
        00_E_PAID
        00_E_PRIVATE
                88.blacklist.zap
        00_E_PAID
        00_E_PRIVATE
                88.blacklist.zap
@@ -381,6 +482,8 @@ implement
                        https://www.spamhaus.org/organization/dnsblusage/
                listing policies are clearly documented
                return codes are clearly documented
                        https://www.spamhaus.org/organization/dnsblusage/
                listing policies are clearly documented
                return codes are clearly documented
+               history of grandeur and retaliation listings
+                       https://www.heise.de/hintergrund/Spam-Golem-291396.html
        http://www.surbl.org/
                good reputation
                lists domains/URIs
        http://www.surbl.org/
                good reputation
                lists domains/URIs
@@ -439,6 +542,10 @@ implement
        00_LISTS_OPENRESOLVERS
        00_LISTS_TORNODES
                https://www.dan.me.uk/dnsbl
        00_LISTS_OPENRESOLVERS
        00_LISTS_TORNODES
                https://www.dan.me.uk/dnsbl
+               http://rbl.efnetrbl.org/
+                       aka http://tor.efnet.org/
+                       lists IPs
+                       lists open proxies, infected machines, tornodes, etc.
        https://0spam.org/
                clear information on usage policy
                        Nothing. The 0Spam Project is absolutely free for email providers, IT professionals and general removal request.
        https://0spam.org/
                clear information on usage policy
                        Nothing. The 0Spam Project is absolutely free for email providers, IT professionals and general removal request.
@@ -449,73 +556,113 @@ implement
                        nbl.0spam.org Network Black List | Spam Source Networks, high volume of spam trap hits in a Class C block will result in network listings in this DNSBL.
                        url.0spam.org URL Black List | This list contains the IP address of domains found to be in the source of spam emails found in our traps.
                return codes not very clear
                        nbl.0spam.org Network Black List | Spam Source Networks, high volume of spam trap hits in a Class C block will result in network listings in this DNSBL.
                        url.0spam.org URL Black List | This list contains the IP address of domains found to be in the source of spam emails found in our traps.
                return codes not very clear
-       http://dnsbl.iip.lu/
-       http://dnsbl.inps.de/
-       http://dnsbl.tornevall.org/
+       https://abuse.ro/
+               policy
+                       spamtraps
+                       The last IP address before destination in the email headers is listed into rbl.abuse.ro list.
+                       Sender domains are analyzed and if confirmed to be not spoofed, are listed into dbl.abuse.ro list
+                       Spamvertized domains (including those indirectly linked through services like bit.ly) are listed into uribl.abuse.ro list
        http://dronebl.org/
        http://dronebl.org/
-       http://mailspike.net/usage.html
+               usage policy is clear: free for whatever
+               listing policy is not quite so clear
+                       can be mostly inferred from the classes but not entirely clear IMHO
+               has an IRC channel
+               return codes
+                       not explicitly mentioned but it’s 127.0.0.X where X is the class from https://dronebl.org/classes
        http://psbl.org/
                query zone: psbl.surriel.com
        http://psbl.org/
                query zone: psbl.surriel.com
-       http://rbl.dns-servicios.com/rbl.php
-       http://rbl.schulte.org/
+               no usage policy, but seems implied that usage is free
+               listing policy
+                       no explicit, complete policy given but sending to spamtraps is mentioned to get you listed and seems the exclusive mechanism
+               return codes
+                       not documented, probably only boolean
        http://rbldata.interserver.net/
        http://rbldata.interserver.net/
-               may be dead: http://www.blalert.com/dnsbl/rbl.interserver.net
-       http://relaytest.kundenserver.de/
+               listing policy more or less clear
+               usage policy not given but since usage is explained it’s probably free for all
+               return codes seem to be binary, i.e. either listed or not
+               lists IPs
+               lists domains/URIs
        http://rv-soft.info/
        http://rv-soft.info/
-       http://spamcannibal.org/dnsbl_check.shtml
+               usage policy not explicit but seems to be free
+               listing policy also not explicit but can be inferred from return code explanation
+               return codes are explained
        http://spamrats.com/
        http://spamrats.com/
-       http://spamstinks.com/
-       http://st.technovision.dk/
-       http://tor.efnet.org/
-               http://rbl.efnetrbl.org/ MIRROR
+               clear usage policy (ToS)
+               listing policies documented
+               return codes of aggregated list documented
+               lists IPs
        http://v4bl.org/
        http://v4bl.org/
-       http://virbl.bit.nl/
+               usage policy documented
+               listing policy not really clear
+               return codes documented
        http://wpbl.info/
        http://wpbl.info/
+               listing procedure is documented
+               usage policy implied: free to use
+               return codes documented
        http://www.aupads.org/
        http://www.aupads.org/
-       http://www.backscatterer.org/
-               fragwuerdige policy - bezahlen fuer schnelleres delisting
-       http://www.blockedservers.com/
-       http://www.blocklist.de/en/index.html
-       http://www.emailbasura.org/cgi-bin/emailbasura-ini.pl?lang=eng
+               aka www.antispam-ufrj.pads.ufrj.br
+               aka www.orve.org 
+               listing policy more or less clear
+               lists IPs and FQDNs
+               usage policy seems clear: freely exported by anybody who wants to use them«
        http://www.gbudb.com/truncate/
        http://www.gbudb.com/truncate/
+               listing policy
+               usage policy seems implied: free use
+               return codes documented
+               »Truncate is very conservative. On most systems it can be safely used to reject connections!«
        http://www.justspam.org/
        http://www.justspam.org/
+               listing policy documented
+                       warning: relies on listings in other DNSBLs! also for delisting!
+               usage policy clear
+               return codes: binary
        http://www.kempt.net/dnsbl/
        http://www.kempt.net/dnsbl/
-       http://www.leadmon.net/spamguard/
-       http://www.rbl.jp/allrbl-e.html
+               listing policy documented
+               usage policy documented
+               return codes undocumented
        http://www.spamcop.net/
        http://www.spamcop.net/
-               good policy
+               listing policy documented
+                       The SCBL is aggressive and often errs on the side of blocking mail
+               usage policy is: free
                good reputation
                good reputation
+               return codes documented
        http://www.spamsources.fabel.dk/
        http://www.spamsources.fabel.dk/
-               sensible policy
-       http://www.srntools.com/blacklist/
+               usage policy is: free
+               listing policy seems clear
+               lists IPs
        http://www.uceprotect.net/en/index.php
        http://www.uceprotect.net/en/index.php
-       http://www.usenix.org.uk/content/rbl.html
-       http://zapbl.net/
-       https://bl.konstant.no/
-       https://choon.net/rbl.php
-       https://puck.nether.net/or/
-               might be good
-       https://rbl.foobar.hu/
-       https://www.abuse.ch/
-               https://www.abuse.ch/?tag=httpbl
-       https://www.kisarbl.or.kr/
-       https://www.megarbl.net/
-       https://www.team-cymru.org/Services/Bogons/dns.html
-       http://mailspike.net/usage.html
-               reputation-based
-       http://www.spamhauswhitelist.com/en/
-               policies for listing and usage on the website
+               takes money for faster delisting
+               listing policy is documented
+               usage policy is documented: free
+               a lot of drama
+                       https://www.heise.de/hintergrund/Spam-Golem-291396.html
+                               german
+                               also see comments
+                       https://news.admin.net-abuse.email.narkive.com/boJTu7JC/claus-v-wolfhausen-harasement
+                       https://www.linode.com/community/questions/2324/uceprotectnet-has-us-blacklisted
+                       https://uceprotect.wtf/
+                       https://www.aaroncake.net/misc/showthought.asp?thought=57
+                       https://www.dnsbl.com/search/label/claus%20v.%20wolfhausen
+                       https://wordtothewise.com/2018/06/another-day-another-dead-blacklist/
+                       https://community.spiceworks.com/topic/2170592-uceprotect-blacklist-scam
+                       http://kontech.net/uceprotect-blacklist-scheme-2020/
        http://www.whitelisted.org/
                paid subscription
                policy on site
        http://www.whitelisted.org/
                paid subscription
                policy on site
-       https://puck.nether.net/or/
-               policies on website
-       https://rbl.foobar.hu/
-               usage and listing policies on website
-       http://www.isipp.com/email-accreditation/iadb-query-instruction/
-               requires signup
-       https://choon.net/rbl.php
-               not quite a usage policy, but seems ok
-               strange split of ipv4 and ipv6
-               seems dead?
-       https://www.dnswl.org/
+               related to uceprotect, see there
+       https://www.team-cymru.org/Services/Bogons/dns.html
+               good reputation
+               lists IPs
+               does not list spammers but bogons
+               clear listing policy
+               usage policy not quite clear ATM
+               return codes documented: binary
+       http://mailspike.net/usage.html
+               lists IPs
+               response codes according to their reputation, both positive and negative
+               listing policy documented
+               usage policy documented
+       https://www.isipp.com/for-isps/iadb-query/
+               usage policy seems clear: It is free to query all of the IADB, IADB2, and WADB.
+               not quite a whitelist but closer to whitelist than blacklist
+               listing policy seems to be: get certified by them (for a fee) https://www.isipp.com/email-accreditation/faq/#pricing
+               response codes are documented