implement in exim
implement in SA
implement in rspamd
-implement
- https://abuse.ro/
- policy
- spamtraps
- The last IP address before destination in the email headers is listed into rbl.abuse.ro list.
- Sender domains are analyzed and if confirmed to be not spoofed, are listed into dbl.abuse.ro list
- Spamvertized domains (including those indirectly linked through services like bit.ly) are listed into uribl.abuse.ro list
00_META
https://bugs.launchpad.net/ubuntu/+source/amispammer/+bug/835614
http://www.blalert.com/dnsbls
https://www.blacklistmaster.com/
https://knowledge.validity.com/hc/en-us/sections/204468388-Blocklists
https://github.com/zbetcheckin/DNSBLs
+ https://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists
+ https://www.impressionwise.com/kb/threats/rbl-advisories.html
00_ELANG
http://dnsbl.aspnet.hu/
hungarian?
On or about 5/21/2018 the cyberlogic DNSBL ceased functioning properly.
https://www.dnsbl.com/2018/05/
As reported on the mailop mailing list on Friday May 25, 2018, the blocking list at dnsbl.cyberlogic.net now contains a "wildcard" DNS entry, effectively listing the entire internet
+ http://www.rbl.jp/allrbl-e.html
+ website asks for login or just errors
+ http://www.spamhauswhitelist.com/en/
+ looks like a parked domain with ads
+ http://stopspam.org/rblcheck/index.php
+ aka dul.pacifier.net
+ http://www.stopspam.org/rbl-info/
+ stopped in 2013
+ http://countries.nerd.dk/
+ unable to connect, also for nerd.dk
+ http://dul.ru/dul.en.html
+ DEAD for sale
+ http://dns.measurement-factory.com/surveys/openresolvers.html
+ dead
+ »The following text describes past open DNS resolver surveys and an associated DNS lookup service that has been long shut down«
+ http://www.sectoor.de/tor.php
+ timeouts
+ http://anticaptcha.net/
+ for sale
+ http://blacklist.lashback.com/
+ query zone: ubl.unsubscore.com
+ provider’s website https://lashback.com/ seems alive and active (news entries from 2023) but does not link to the blacklist
+ rsync URLs seem dead, so does the download url
+ http://blacklist.woody.ch/
+ no entries in the displayed "top 100"
+ may have been absorbed into the swinog blacklists, see antispam.imp.ch
+ http://cbl.abuseat.org/
+ https://www.abuseat.org/
+ changes to the CBL that occured in January 2021. In short, the CBL infrastructure was replaced by the Spamhaus XBL structure
+ http://dnsbl.burnt-tech.com/
+ domain is for sale
+ http://rbl.dns-servicios.com/rbl.php
+ website can not be found
+ http://spamcannibal.org/
+ dead, as of at least 2018
+ http://st.technovision.dk/
+ https://docs.hetrixtools.com/st-technovision-dk-inactive-removed/
+ [December 8, 2021] This RBL has stopped responding to DNS queries.
+ http://spamstinks.com/
+ cert is for generic hostname
+ website shows some login form
+ http://virbl.bit.nl/
+ https://www.rollernet.us/2017/01/shutdown-of-virbl-dnsbl-bit-nl/
+ January 23, 2017: »The Virbl-project site has been replaced by this static message to inform those that find their ways here. The Virbl DNSBL-zone was emptied and will be removed all together at a moment further on in the future.«
+ http://www.blocklist.de/en/index.html
+ lots of timeouts as of 2023
+ forum link is dead, among others
+ seems unmaintained but alive
+ latest news is from 2016
+ latest blog entry from 2022
+ Abusix, a network security company for mail security and abuse report handling, takes over blocklist.de to integrate it within its Abusix platform to further improve its data quality.
+ http://www.emailbasura.org/cgi-bin/emailbasura-ini.pl?lang=eng
+ placeholder/parked?
+ http://www.leadmon.net/spamguard/
+ website times out
+ http://www.srntools.com/blacklist/
+ redirects to comodo.com subdomain where I can’t find any information about a DNSBL
+ https://bl.konstant.no/
+ https://docs.hetrixtools.com/bl-konstant-no-unresponsive-removed/
+ [July 29, 2022] This RBL has become unresponsive, and we’ve removed it from our system until it returns to functioning normally again.
+ https://www.megarbl.net/
+ connection times out
+ https://www.blalert.com/dnsbl/rbl.megarbl.net
+ »This blacklist is marked as inactive and is not being checked at the moment. We will be tracking it to see if it goes to normal again.«
+ https://www.kisarbl.or.kr/
+ can’t find information about it
+ website redirects to https://spam.kisa.or.kr/ which gives a 404
+ https://www.abuse.ch/
+ old, defunct link: https://www.abuse.ch/?tag=httpbl
+ does not seem to have a DNSBL (anymore)
+ might be incorporated into spamhaus?
+ does host other databases about threats
00_NEEDS_RECHECK
https://antispam.imp.ch/
no usage policy
http://blacklist.woody.ch/rblcheck.php3
dead?
waiting for feedback
+ http://dnsbl.iip.lu/
+ https://docs.hetrixtools.com/lookup-dnsbl-iip-lu-false-positive-removed/
+ in 2016: lookup.dnsbl.iip.lu blacklist started issuing false positive responses and upon further investigation looks to be abandoned/dead.
+ https://www.blalert.com/dnsbl/lookup.dnsbl.iip.lu
+ This blacklist is marked as "shut down" and non-operational as of 2017-12-31.
+ http://dnsbl.inps.de/
+ timeout
+ https://www.dnsbl.com/search/label/dnsbl.inps.de
+ Today, May 25, 2020, he has announced that it is shutting down, due to concerns around GDPR and personal challenges brought on by the coronavirus pandemic.
+ https://docs.hetrixtools.com/dnsbl-inps-de-removed-from-our-system/
+ [May 29,2018] IPv4 RBL dnsbl.inps.de has been removed from our system, as they have decided to discontinue the RBL project for the time being.
+ https://glockapps.com/blacklist/dnsbl-inps-de/
+ Today, May 25, 2020, he has announced that it is shutting down, due to concerns around GDPR and personal challenges brought on by the coronavirus pandemic.
+ https://www.dnsbl.info/dnsbl-details.php?dnsbl=dnsbl.inps.de
+ This blacklist is offline as of May 1, 2020.
+ https://web.archive.org/web/20220428013500/http://www.inps.de/
00_NEEDS_RESEARCH
bl.tiopan.com
blocked.hilli.dk
00_E_EVIL
sbl.nszones.com
http://www.spamhaus.org/organization/statement/008/fake-dnsbl-uncovered-nszones.com
+ http://www.backscatterer.org/
+ questionable policy - pay for (quicker) delisting
+ https://support.hornetsecurity.com/hc/en-us/articles/360011880797-Why-are-Hornetsecurity-IP-addresses-listed-at-Backscatterer-
+ as of December 29, 2021: »The removal at the blacklist backscatterer.org can only be done for a fee«
+ https://www.warmy.io/blog/backscatterer-blacklist-how-to-remove-your-ip-from-it
+ in March 17, 2023 does not mention need to pay
+ https://support.forcepoint.com/s/article/Forcepoint-IP-s-blocklisted-by-UCEProtect-and-Backscatterer-org
+ recommend against using it
+ https://whatismyipaddress.com/backscatterer
+ mentions strict delisting process and "express delisting" but nothing further
+ https://bobcares.com/blog/backscatterer-blacklist/
+ goes through the process with screenshots showing express delisting for 109$
+ https://community.cisco.com/t5/email-security/issues-with-www-backscatterer-org-any-one/td-p/1298377
+ more opinions
+ https://www.titanhq.com/blog/warning-ignore-pay-for-de-listing-blacklist-service/
+ Jan 17th, 2020: »UCEProtect also charges a delisting fee. TitanHQ discourages email administrators from using the UCEProtect blacklist and we do not recommend paying for list removal«
+ https://web.archive.org/web/20150320180344/http://www.jvfconsulting.com/blog/130/Backscatterer_Network_Spam_List_Is_Another_UCEPROTECT_Extortion_Scam.html
+ another opinion
00_E_INFORMATION
blacklist.sci.kun.nl
https://cncz.science.ru.nl/en/howto/email-spam/
https://docs.trendmicro.com/en-us/enterprise/email-reputation-services-online-help/getting-started_001/configuring-email-re/creating-an-account.aspx
»If you don’t create an account, you can still query the reputation of an IP address«
I don’t find any pricing or usage information
+ http://dnsbl.tornevall.org/
+ https://www.tornevall.net/
+ related to https://www.fraudbl.org/
+ seems a bit unstructured and not very well documented
+ I can’t be arsed to deal with confluence slowing my browser to a halt repeatedly and it’s really hard to navigate but there seems to be some information on https://docs.tornevall.net/display/TORNEVALL/Endpoint%3A+dnsbl+-+DNSBL+v5+with+API+v3
+ seems active
+ http://rbl.schulte.org/
+ seems active
+ listing policy seems to be: they received spam from an IP
+ usage policy: Anyone can use this RBL list [sic]
+ return codes: probably boolean, i.e. either listed or not
+ http://relaytest.kundenserver.de/
+ by 1und1 (now ionos?), used internally
+ https://www.blalert.com/dnsbl/relays.bl.kundenserver.de
+ no usage policy found
+ no listing policy found
+ no return code explanation found
+ http://www.blockedservers.com/
+ no usage policy
+ no listing policy
+ no documentation
+ "funny":
+ No rights given; all rights are in the dumpster; Copyleft 2012 - 3013 - page generated in 0.009843111038208 secs
+ https://choon.net/dnsbl.php
+ no usage policy or instructions
+ no listing policy
+ only automatic delisting after 30 days
00_E_PAID
00_E_PRIVATE
88.blacklist.zap
https://ahbl.org/
was public until 2015
now private, invite-only
- 00_DOMAIN_BLACKLISTS
- http://rfc-clueless.org/
- http://spameatingmonkey.com/lists.html
- http://uribl.com/
- http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists
- http://www.rbl.jp/allrbl-e.html
- http://www.sorbs.net/
- good reputation
- seems sensible
- different kinds of lists
- http://www.spamhaus.org/
- good reputation
- very well done
- different kinds of lists!
- http://www.surbl.org/
- http://zapbl.net/
- https://rbl.foobar.hu/
- http://apews.org/?page=filter
- questionable
- 00_DOMAIN_WHITELISTS
- http://uribl.com/
- http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists
- http://www.spamhauswhitelist.com/en/
- https://www.dnswl.org/
- 00_IP_BLACKLISTS
- 00_E_FOCUS
- http://stopspam.org/rblcheck/index.php
- different kinds of lists
- none usable for me
- http://www.dnsblchile.org/
- chilenian spam
- 00_LISTS_BLOGSPAMMERS
- http://blogspambl.com/
- https://www.madavi.de/madavibl/
- http://bsb.empty.us/
- 00_LISTS_COUNTRIES
- http://countries.nerd.dk/
- korea
- http://korea.services.net/
- 00_LISTS_DIALUPS
- http://dul.ru/dul.en.html
- DEAD for sale
- 00_LISTS_OPENRESOLVERS
- http://dns.measurement-factory.com/surveys/openresolvers.html
- 00_LISTS_TORNODES
- http://www.sectoor.de/tor.php
- https://www.dan.me.uk/dnsbl
- https://0spam.org/
- clear information on usage policy
- Nothing. The 0Spam Project is absolutely free for email providers, IT professionals and general removal request.
- DNSBL service and removals are 100% for free for all uses; commercial, non profit and personal.
- seems serious
- listing policies are a little less clear
- bl.0spam.org DNSBL | 0spam Spam Trap Primary Database
- nbl.0spam.org Network Black List | Spam Source Networks, high volume of spam trap hits in a Class C block will result in network listings in this DNSBL.
- url.0spam.org URL Black List | This list contains the IP address of domains found to be in the source of spam emails found in our traps.
- return codes not very clear
- http://anticaptcha.net/
- http://blacklist.lashback.com/
- http://ubl.unsubscore.com
- http://blacklist.woody.ch/rblcheck.php3
- http://cbl.abuseat.org/
- http://dnsbl.burnt-tech.com/
- http://dnsbl.iip.lu/
- http://dnsbl.inps.de/
- http://dnsbl.tornevall.org/
- http://dronebl.org/
- http://mailspike.net/usage.html
- http://psbl.org/
- query zone: psbl.surriel.com
- http://rbl.dns-servicios.com/rbl.php
- http://rbl.schulte.org/
- http://rbldata.interserver.net/
- may be dead: http://www.blalert.com/dnsbl/rbl.interserver.net
- http://relaytest.kundenserver.de/
- http://rv-soft.info/
- http://spamcannibal.org/dnsbl_check.shtml
- http://spameatingmonkey.com/lists.html
- http://spamrats.com/
- http://spamstinks.com/
- http://st.technovision.dk/
- http://tor.efnet.org/
- http://rbl.efnetrbl.org/ MIRROR
- http://v4bl.org/
- http://virbl.bit.nl/
- http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists
- http://wpbl.info/
- http://www.aupads.org/
- http://www.backscatterer.org/
- fragwuerdige policy - bezahlen fuer schnelleres delisting
- http://www.blockedservers.com/
- http://www.blocklist.de/en/index.html
- http://www.emailbasura.org/cgi-bin/emailbasura-ini.pl?lang=eng
- http://www.gbudb.com/truncate/
- http://www.justspam.org/
- http://www.kempt.net/dnsbl/
- http://www.leadmon.net/spamguard/
- http://www.rbl.jp/allrbl-e.html
- http://www.sorbs.net/
- good reputation
- seems sensible
- different kinds of lists
- http://www.spamcop.net/
- good policy
- good reputation
- http://www.spamhaus.org/
- good reputation
- very well done
- different kinds of lists!
- http://www.spamsources.fabel.dk/
- sensible policy
- http://www.srntools.com/blacklist/
- http://www.uceprotect.net/en/index.php
- http://www.usenix.org.uk/content/rbl.html
- http://zapbl.net/
- https://bl.konstant.no/
- https://choon.net/rbl.php
- https://puck.nether.net/or/
- might be good
- https://rbl.foobar.hu/
- https://www.abuse.ch/
- https://www.abuse.ch/?tag=httpbl
- https://www.kisarbl.or.kr/
- https://www.megarbl.net/
- https://www.team-cymru.org/Services/Bogons/dns.html
- 00_IP_WHITELISTS
- http://mailspike.net/usage.html
- reputation-based
- http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists
- very nice project!
- http://www.spamhauswhitelist.com/en/
- policies for listing and usage on the website
- http://www.whitelisted.org/
- paid subscription
- policy on site
- https://puck.nether.net/or/
- policies on website
- https://rbl.foobar.hu/
- usage and listing policies on website
- http://spameatingmonkey.com/lists.html
- whitelist zone not mentioned
- support request sent
- http://www.isipp.com/email-accreditation/iadb-query-instruction/
- requires signup
- https://choon.net/rbl.php
- not quite a usage policy, but seems ok
- strange split of ipv4 and ipv6
- seems dead?
- https://www.dnswl.org/
+ http://rfc-clueless.org/
+ lists domains
+ that do not adhere to common best practices or requirements
+ does NOT list spammers!
+ listing criteria are explained well
+ http://rfc-clueless.org/pages/listing_policy
+ return codes are explained
+ http://rfc-clueless.org/
+ usage policy is not so clear but the FAQ implies that it’s just free to use for everyone
+ many timeouts
+ first noticed in 2014 and deactivated
+ retried in 2023 and still the case
+ http://spameatingmonkey.com/
+ lists IPs
+ that sent backscatter
+ that sent to spamtrap
+ added by policy
+ this includes dial-up!
+ https://spameatingmonkey.com/faq/policy-based-listing
+ lists domains/URIs
+ by age
+ in spam bodies
+ usage policy seems clear
+ https://spameatingmonkey.com/faq/query-limits
+ listing policy seems clear
+ https://spameatingmonkey.com/services
+ return codes documented
+ https://spameatingmonkey.com/services
+ http://blogspambl.com/
+ redirects to spameatingmonkey.com
+ http://uribl.com/
+ lists domains/URIs
+ that appear in spam bodies
+ has whitelist
+ lists IPs
+ that URIs in spam bodies resolve to
+ return codes are documented
+ https://uribl.com/about.shtml#implementation
+ bitmasked
+ 127.0.0.1 is used to signal abusive query behaviour
+ http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists
+ called "hostkarma"
+ lists domains/URIs
+ lists IPs
+ usage policy is relatively clear that it’s free, except maybe for big for-profit oranizations
+ listing policy is documented
+ return codes are documented
+ seems very trustworthy
+ http://www.sorbs.net/
+ good reputation
+ lists domains/URIs
+ lists IPs
+ usage policy is clear that it’s free
+ listing policy is documented
+ return codes are documented
+ seems trustworthy
+ http://www.spamhaus.org/
+ good reputation
+ very well done
+ seems very professional
+ lists domains/URIs
+ lists IPs
+ usage policy is clear
+ https://www.spamhaus.org/organization/dnsblusage/
+ listing policies are clearly documented
+ return codes are clearly documented
+ http://www.surbl.org/
+ good reputation
+ lists domains/URIs
+ usage policy is clear
+ https://surbl.org/usage-policy
+ listing policy is documented
+ return codes are documented
+ bitmasked
+ 127.0.0.1 means blocked
+ http://zapbl.net/
+ lists domains/URIs
+ lists IPs
+ listing policy seems clear
+ https://zapbl.net/policy
+ usage policy seems clearly free for everyone
+ https://zapbl.net/using
+ return codes are documented
+ seems well done
+ https://rbl.foobar.hu/
+ lists domains/URIs
+ lists IPs
+ listing policy seems clear
+ usage policy seems clearly free for everyone
+ return codes are documented
+ possibly unmaintained or dead
+ footer says: ©2013-14
+ http://apews.org/?page=filter
+ questionable
+ https://www.dnsbl.com/search/label/apews
+ https://whatismyipaddress.com/apews
+ dead?
+ no news on http://apews-user.blogspot.com/ since 2014
+ not further looked into because of the above
+ https://www.dnswl.org/
+ seems to be run with best intentions but has had issues from what I have heard from some users
+ IRC channel has some activity
+ usage policy relatively clear
+ free within certain limits
+ listing policy
+ self-service
+ return codes are documented
+ 00_E_FOCUS
+ https://www.dnsblchile.org/index.en.html
+ chilenian spam so not interesting for me
+ seems alive
+ 00_LISTS_BLOGSPAMMERS
+ https://www.madavi.de/madavibl/
+ »This blacklist should only be used to block comment spammer (on blogs and websites). Don’t use it for mail.«
+ http://bsb.empty.us/
+ does not exist anymore
+ empty.us returns »Nothing here, obviously.«
+ 00_LISTS_COUNTRIES
+ korea
+ http://korea.services.net/
+ 00_LISTS_DIALUPS
+ 00_LISTS_OPENRESOLVERS
+ 00_LISTS_TORNODES
+ https://www.dan.me.uk/dnsbl
+ http://rbl.efnetrbl.org/
+ aka http://tor.efnet.org/
+ lists IPs
+ lists open proxies, infected machines, tornodes, etc.
+ https://0spam.org/
+ clear information on usage policy
+ Nothing. The 0Spam Project is absolutely free for email providers, IT professionals and general removal request.
+ DNSBL service and removals are 100% for free for all uses; commercial, non profit and personal.
+ seems serious
+ listing policies are a little less clear
+ bl.0spam.org DNSBL | 0spam Spam Trap Primary Database
+ nbl.0spam.org Network Black List | Spam Source Networks, high volume of spam trap hits in a Class C block will result in network listings in this DNSBL.
+ url.0spam.org URL Black List | This list contains the IP address of domains found to be in the source of spam emails found in our traps.
+ return codes not very clear
+ https://abuse.ro/
+ policy
+ spamtraps
+ The last IP address before destination in the email headers is listed into rbl.abuse.ro list.
+ Sender domains are analyzed and if confirmed to be not spoofed, are listed into dbl.abuse.ro list
+ Spamvertized domains (including those indirectly linked through services like bit.ly) are listed into uribl.abuse.ro list
+ http://dronebl.org/
+ usage policy is clear: free for whatever
+ listing policy is not quite so clear
+ can be mostly inferred from the classes but not entirely clear IMHO
+ has an IRC channel
+ return codes
+ not explicitly mentioned but it’s 127.0.0.X where X is the class from https://dronebl.org/classes
+ http://psbl.org/
+ query zone: psbl.surriel.com
+ no usage policy, but seems implied that usage is free
+ listing policy
+ no explicit, complete policy given but sending to spamtraps is mentioned to get you listed and seems the exclusive mechanism
+ return codes
+ not documented, probably only boolean
+ http://rbldata.interserver.net/
+ listing policy more or less clear
+ usage policy not given but since usage is explained it’s probably free for all
+ return codes seem to be binary, i.e. either listed or not
+ lists IPs
+ lists domains/URIs
+ http://rv-soft.info/
+ usage policy not explicit but seems to be free
+ listing policy also not explicit but can be inferred from return code explanation
+ return codes are explained
+ http://spamrats.com/
+ clear usage policy (ToS)
+ listing policies documented
+ return codes of aggregated list documented
+ lists IPs
+ http://v4bl.org/
+ usage policy documented
+ listing policy not really clear
+ return codes documented
+ http://wpbl.info/
+ listing procedure is documented
+ usage policy implied: free to use
+ return codes documented
+ http://www.aupads.org/
+ aka www.antispam-ufrj.pads.ufrj.br
+ aka www.orve.org
+ listing policy more or less clear
+ lists IPs and FQDNs
+ usage policy seems clear: freely exported by anybody who wants to use them«
+ http://www.gbudb.com/truncate/
+ listing policy
+ usage policy seems implied: free use
+ return codes documented
+ »Truncate is very conservative. On most systems it can be safely used to reject connections!«
+ http://www.justspam.org/
+ listing policy documented
+ warning: relies on listings in other DNSBLs! also for delisting!
+ usage policy clear
+ return codes: binary
+ http://www.kempt.net/dnsbl/
+ listing policy documented
+ usage policy documented
+ return codes undocumented
+ http://www.spamcop.net/
+ listing policy documented
+ The SCBL is aggressive and often errs on the side of blocking mail
+ usage policy is: free
+ good reputation
+ return codes documented
+ http://www.spamsources.fabel.dk/
+ usage policy is: free
+ listing policy seems clear
+ lists IPs
+ http://www.uceprotect.net/en/index.php
+ takes money for faster delisting
+ listing policy is documented
+ usage policy is documented: free
+ a lot of drama
+ https://www.heise.de/hintergrund/Spam-Golem-291396.html
+ german
+ also see comments
+ https://news.admin.net-abuse.email.narkive.com/boJTu7JC/claus-v-wolfhausen-harasement
+ https://www.linode.com/community/questions/2324/uceprotectnet-has-us-blacklisted
+ https://uceprotect.wtf/
+ https://www.aaroncake.net/misc/showthought.asp?thought=57
+ https://www.dnsbl.com/search/label/claus%20v.%20wolfhausen
+ https://wordtothewise.com/2018/06/another-day-another-dead-blacklist/
+ https://community.spiceworks.com/topic/2170592-uceprotect-blacklist-scam
+ http://kontech.net/uceprotect-blacklist-scheme-2020/
+ http://www.whitelisted.org/
+ paid subscription
+ policy on site
+ related to uceprotect, see there
+ https://www.team-cymru.org/Services/Bogons/dns.html
+ good reputation
+ lists IPs
+ does not list spammers but bogons
+ clear listing policy
+ usage policy not quite clear ATM
+ return codes documented: binary
+ http://mailspike.net/usage.html
+ reputation-based
+ https://puck.nether.net/or/
+ policies on website
+ http://www.isipp.com/email-accreditation/iadb-query-instruction/
+ requires signup
+ not quite a usage policy, but seems ok
+ strange split of ipv4 and ipv6
+ seems dead?