implement in exim
implement in SA
implement in rspamd
-implement
- https://abuse.ro/
- policy
- spamtraps
- The last IP address before destination in the email headers is listed into rbl.abuse.ro list.
- Sender domains are analyzed and if confirmed to be not spoofed, are listed into dbl.abuse.ro list
- Spamvertized domains (including those indirectly linked through services like bit.ly) are listed into uribl.abuse.ro list
00_META
https://bugs.launchpad.net/ubuntu/+source/amispammer/+bug/835614
http://www.blalert.com/dnsbls
https://knowledge.validity.com/hc/en-us/sections/204468388-Blocklists
https://github.com/zbetcheckin/DNSBLs
https://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists
+ https://www.impressionwise.com/kb/threats/rbl-advisories.html
00_ELANG
http://dnsbl.aspnet.hu/
hungarian?
changes to the CBL that occured in January 2021. In short, the CBL infrastructure was replaced by the Spamhaus XBL structure
http://dnsbl.burnt-tech.com/
domain is for sale
+ http://rbl.dns-servicios.com/rbl.php
+ website can not be found
+ http://spamcannibal.org/
+ dead, as of at least 2018
+ http://st.technovision.dk/
+ https://docs.hetrixtools.com/st-technovision-dk-inactive-removed/
+ [December 8, 2021] This RBL has stopped responding to DNS queries.
+ http://spamstinks.com/
+ cert is for generic hostname
+ website shows some login form
+ http://virbl.bit.nl/
+ https://www.rollernet.us/2017/01/shutdown-of-virbl-dnsbl-bit-nl/
+ January 23, 2017: »The Virbl-project site has been replaced by this static message to inform those that find their ways here. The Virbl DNSBL-zone was emptied and will be removed all together at a moment further on in the future.«
+ http://www.blocklist.de/en/index.html
+ lots of timeouts as of 2023
+ forum link is dead, among others
+ seems unmaintained but alive
+ latest news is from 2016
+ latest blog entry from 2022
+ Abusix, a network security company for mail security and abuse report handling, takes over blocklist.de to integrate it within its Abusix platform to further improve its data quality.
+ http://www.emailbasura.org/cgi-bin/emailbasura-ini.pl?lang=eng
+ placeholder/parked?
+ http://www.leadmon.net/spamguard/
+ website times out
+ http://www.srntools.com/blacklist/
+ redirects to comodo.com subdomain where I can’t find any information about a DNSBL
+ https://bl.konstant.no/
+ https://docs.hetrixtools.com/bl-konstant-no-unresponsive-removed/
+ [July 29, 2022] This RBL has become unresponsive, and we’ve removed it from our system until it returns to functioning normally again.
+ https://www.megarbl.net/
+ connection times out
+ https://www.blalert.com/dnsbl/rbl.megarbl.net
+ »This blacklist is marked as inactive and is not being checked at the moment. We will be tracking it to see if it goes to normal again.«
+ https://www.kisarbl.or.kr/
+ can’t find information about it
+ website redirects to https://spam.kisa.or.kr/ which gives a 404
+ https://www.abuse.ch/
+ old, defunct link: https://www.abuse.ch/?tag=httpbl
+ does not seem to have a DNSBL (anymore)
+ might be incorporated into spamhaus?
+ does host other databases about threats
00_NEEDS_RECHECK
https://antispam.imp.ch/
no usage policy
00_E_EVIL
sbl.nszones.com
http://www.spamhaus.org/organization/statement/008/fake-dnsbl-uncovered-nszones.com
+ http://www.backscatterer.org/
+ questionable policy - pay for (quicker) delisting
+ https://support.hornetsecurity.com/hc/en-us/articles/360011880797-Why-are-Hornetsecurity-IP-addresses-listed-at-Backscatterer-
+ as of December 29, 2021: »The removal at the blacklist backscatterer.org can only be done for a fee«
+ https://www.warmy.io/blog/backscatterer-blacklist-how-to-remove-your-ip-from-it
+ in March 17, 2023 does not mention need to pay
+ https://support.forcepoint.com/s/article/Forcepoint-IP-s-blocklisted-by-UCEProtect-and-Backscatterer-org
+ recommend against using it
+ https://whatismyipaddress.com/backscatterer
+ mentions strict delisting process and "express delisting" but nothing further
+ https://bobcares.com/blog/backscatterer-blacklist/
+ goes through the process with screenshots showing express delisting for 109$
+ https://community.cisco.com/t5/email-security/issues-with-www-backscatterer-org-any-one/td-p/1298377
+ more opinions
+ https://www.titanhq.com/blog/warning-ignore-pay-for-de-listing-blacklist-service/
+ Jan 17th, 2020: »UCEProtect also charges a delisting fee. TitanHQ discourages email administrators from using the UCEProtect blacklist and we do not recommend paying for list removal«
+ https://web.archive.org/web/20150320180344/http://www.jvfconsulting.com/blog/130/Backscatterer_Network_Spam_List_Is_Another_UCEPROTECT_Extortion_Scam.html
+ another opinion
00_E_INFORMATION
blacklist.sci.kun.nl
https://cncz.science.ru.nl/en/howto/email-spam/
https://docs.trendmicro.com/en-us/enterprise/email-reputation-services-online-help/getting-started_001/configuring-email-re/creating-an-account.aspx
»If you don’t create an account, you can still query the reputation of an IP address«
I don’t find any pricing or usage information
+ http://dnsbl.tornevall.org/
+ https://www.tornevall.net/
+ related to https://www.fraudbl.org/
+ seems a bit unstructured and not very well documented
+ I can’t be arsed to deal with confluence slowing my browser to a halt repeatedly and it’s really hard to navigate but there seems to be some information on https://docs.tornevall.net/display/TORNEVALL/Endpoint%3A+dnsbl+-+DNSBL+v5+with+API+v3
+ seems active
+ http://rbl.schulte.org/
+ seems active
+ listing policy seems to be: they received spam from an IP
+ usage policy: Anyone can use this RBL list [sic]
+ return codes: probably boolean, i.e. either listed or not
+ http://relaytest.kundenserver.de/
+ by 1und1 (now ionos?), used internally
+ https://www.blalert.com/dnsbl/relays.bl.kundenserver.de
+ no usage policy found
+ no listing policy found
+ no return code explanation found
+ http://www.blockedservers.com/
+ no usage policy
+ no listing policy
+ no documentation
+ "funny":
+ No rights given; all rights are in the dumpster; Copyleft 2012 - 3013 - page generated in 0.009843111038208 secs
+ https://choon.net/dnsbl.php
+ no usage policy or instructions
+ no listing policy
+ only automatic delisting after 30 days
00_E_PAID
00_E_PRIVATE
88.blacklist.zap
00_LISTS_OPENRESOLVERS
00_LISTS_TORNODES
https://www.dan.me.uk/dnsbl
+ http://rbl.efnetrbl.org/
+ aka http://tor.efnet.org/
+ lists IPs
+ lists open proxies, infected machines, tornodes, etc.
https://0spam.org/
clear information on usage policy
Nothing. The 0Spam Project is absolutely free for email providers, IT professionals and general removal request.
nbl.0spam.org Network Black List | Spam Source Networks, high volume of spam trap hits in a Class C block will result in network listings in this DNSBL.
url.0spam.org URL Black List | This list contains the IP address of domains found to be in the source of spam emails found in our traps.
return codes not very clear
- http://dnsbl.tornevall.org/
+ https://abuse.ro/
+ policy
+ spamtraps
+ The last IP address before destination in the email headers is listed into rbl.abuse.ro list.
+ Sender domains are analyzed and if confirmed to be not spoofed, are listed into dbl.abuse.ro list
+ Spamvertized domains (including those indirectly linked through services like bit.ly) are listed into uribl.abuse.ro list
http://dronebl.org/
- http://mailspike.net/usage.html
+ usage policy is clear: free for whatever
+ listing policy is not quite so clear
+ can be mostly inferred from the classes but not entirely clear IMHO
+ has an IRC channel
+ return codes
+ not explicitly mentioned but it’s 127.0.0.X where X is the class from https://dronebl.org/classes
http://psbl.org/
query zone: psbl.surriel.com
- http://rbl.dns-servicios.com/rbl.php
- http://rbl.schulte.org/
+ no usage policy, but seems implied that usage is free
+ listing policy
+ no explicit, complete policy given but sending to spamtraps is mentioned to get you listed and seems the exclusive mechanism
+ return codes
+ not documented, probably only boolean
http://rbldata.interserver.net/
- may be dead: http://www.blalert.com/dnsbl/rbl.interserver.net
- http://relaytest.kundenserver.de/
+ listing policy more or less clear
+ usage policy not given but since usage is explained it’s probably free for all
+ return codes seem to be binary, i.e. either listed or not
+ lists IPs
+ lists domains/URIs
http://rv-soft.info/
- http://spamcannibal.org/dnsbl_check.shtml
+ usage policy not explicit but seems to be free
+ listing policy also not explicit but can be inferred from return code explanation
+ return codes are explained
http://spamrats.com/
- http://spamstinks.com/
- http://st.technovision.dk/
- http://tor.efnet.org/
- http://rbl.efnetrbl.org/ MIRROR
+ clear usage policy (ToS)
+ listing policies documented
+ return codes of aggregated list documented
+ lists IPs
http://v4bl.org/
- http://virbl.bit.nl/
+ usage policy documented
+ listing policy not really clear
+ return codes documented
http://wpbl.info/
+ listing procedure is documented
+ usage policy implied: free to use
+ return codes documented
http://www.aupads.org/
- http://www.backscatterer.org/
- fragwuerdige policy - bezahlen fuer schnelleres delisting
- http://www.blockedservers.com/
- http://www.blocklist.de/en/index.html
- http://www.emailbasura.org/cgi-bin/emailbasura-ini.pl?lang=eng
+ aka www.antispam-ufrj.pads.ufrj.br
+ aka www.orve.org
+ listing policy more or less clear
+ lists IPs and FQDNs
+ usage policy seems clear: freely exported by anybody who wants to use them«
http://www.gbudb.com/truncate/
+ listing policy
+ usage policy seems implied: free use
+ return codes documented
+ »Truncate is very conservative. On most systems it can be safely used to reject connections!«
http://www.justspam.org/
+ listing policy documented
+ warning: relies on listings in other DNSBLs! also for delisting!
+ usage policy clear
+ return codes: binary
http://www.kempt.net/dnsbl/
- http://www.leadmon.net/spamguard/
- http://www.rbl.jp/allrbl-e.html
+ listing policy documented
+ usage policy documented
+ return codes undocumented
http://www.spamcop.net/
- good policy
+ listing policy documented
+ The SCBL is aggressive and often errs on the side of blocking mail
+ usage policy is: free
good reputation
+ return codes documented
http://www.spamsources.fabel.dk/
- sensible policy
- http://www.srntools.com/blacklist/
+ usage policy is: free
+ listing policy seems clear
+ lists IPs
http://www.uceprotect.net/en/index.php
- http://www.usenix.org.uk/content/rbl.html
- http://zapbl.net/
- https://bl.konstant.no/
- https://choon.net/rbl.php
- https://puck.nether.net/or/
- might be good
- https://rbl.foobar.hu/
- https://www.abuse.ch/
- https://www.abuse.ch/?tag=httpbl
- https://www.kisarbl.or.kr/
- https://www.megarbl.net/
- https://www.team-cymru.org/Services/Bogons/dns.html
- http://mailspike.net/usage.html
- reputation-based
- http://www.spamhauswhitelist.com/en/
- policies for listing and usage on the website
+ takes money for faster delisting
+ listing policy is documented
+ usage policy is documented: free
+ a lot of drama
+ https://www.heise.de/hintergrund/Spam-Golem-291396.html
+ german
+ also see comments
+ https://news.admin.net-abuse.email.narkive.com/boJTu7JC/claus-v-wolfhausen-harasement
+ https://www.linode.com/community/questions/2324/uceprotectnet-has-us-blacklisted
+ https://uceprotect.wtf/
+ https://www.aaroncake.net/misc/showthought.asp?thought=57
+ https://www.dnsbl.com/search/label/claus%20v.%20wolfhausen
+ https://wordtothewise.com/2018/06/another-day-another-dead-blacklist/
+ https://community.spiceworks.com/topic/2170592-uceprotect-blacklist-scam
+ http://kontech.net/uceprotect-blacklist-scheme-2020/
http://www.whitelisted.org/
paid subscription
policy on site
+ related to uceprotect, see there
+ https://www.team-cymru.org/Services/Bogons/dns.html
+ good reputation
+ lists IPs
+ does not list spammers but bogons
+ clear listing policy
+ usage policy not quite clear ATM
+ return codes documented: binary
+ http://mailspike.net/usage.html
+ reputation-based
https://puck.nether.net/or/
policies on website
- https://rbl.foobar.hu/
- usage and listing policies on website
http://www.isipp.com/email-accreditation/iadb-query-instruction/
requires signup
- https://choon.net/rbl.php
not quite a usage policy, but seems ok
strange split of ipv4 and ipv6
seems dead?
- https://www.dnswl.org/