TODO
check and link (de)listing policy
NOGO: delisting for money
+ how long does automatic delisting take?
+ 7d is already quite long
+ anything >7d seems excessive and should probably not be used
check and link usage policy
check and link return codes
find newsfeed or mailinglist
implement in exim
implement in SA
implement in rspamd
-implement
- https://abuse.ro/
- policy
- spamtraps
- The last IP address before destination in the email headers is listed into rbl.abuse.ro list.
- Sender domains are analyzed and if confirmed to be not spoofed, are listed into dbl.abuse.ro list
- Spamvertized domains (including those indirectly linked through services like bit.ly) are listed into uribl.abuse.ro list
00_META
https://bugs.launchpad.net/ubuntu/+source/amispammer/+bug/835614
http://www.blalert.com/dnsbls
https://knowledge.validity.com/hc/en-us/sections/204468388-Blocklists
https://github.com/zbetcheckin/DNSBLs
https://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists
+ https://www.impressionwise.com/kb/threats/rbl-advisories.html
00_ELANG
http://dnsbl.aspnet.hu/
hungarian?
http://dns.measurement-factory.com/surveys/openresolvers.html
dead
»The following text describes past open DNS resolver surveys and an associated DNS lookup service that has been long shut down«
+ http://www.sectoor.de/tor.php
+ timeouts
+ http://anticaptcha.net/
+ for sale
+ http://blacklist.lashback.com/
+ query zone: ubl.unsubscore.com
+ provider’s website https://lashback.com/ seems alive and active (news entries from 2023) but does not link to the blacklist
+ rsync URLs seem dead, so does the download url
+ http://blacklist.woody.ch/
+ no entries in the displayed "top 100"
+ may have been absorbed into the swinog blacklists, see antispam.imp.ch
+ http://cbl.abuseat.org/
+ https://www.abuseat.org/
+ changes to the CBL that occured in January 2021. In short, the CBL infrastructure was replaced by the Spamhaus XBL structure
+ http://dnsbl.burnt-tech.com/
+ domain is for sale
+ http://rbl.dns-servicios.com/rbl.php
+ website can not be found
+ http://spamcannibal.org/
+ dead, as of at least 2018
+ http://st.technovision.dk/
+ https://docs.hetrixtools.com/st-technovision-dk-inactive-removed/
+ [December 8, 2021] This RBL has stopped responding to DNS queries.
+ http://spamstinks.com/
+ cert is for generic hostname
+ website shows some login form
+ http://virbl.bit.nl/
+ https://www.rollernet.us/2017/01/shutdown-of-virbl-dnsbl-bit-nl/
+ January 23, 2017: »The Virbl-project site has been replaced by this static message to inform those that find their ways here. The Virbl DNSBL-zone was emptied and will be removed all together at a moment further on in the future.«
+ http://www.blocklist.de/en/index.html
+ lots of timeouts as of 2023
+ forum link is dead, among others
+ seems unmaintained but alive
+ latest news is from 2016
+ latest blog entry from 2022
+ Abusix, a network security company for mail security and abuse report handling, takes over blocklist.de to integrate it within its Abusix platform to further improve its data quality.
+ http://www.emailbasura.org/cgi-bin/emailbasura-ini.pl?lang=eng
+ placeholder/parked?
+ http://www.leadmon.net/spamguard/
+ website times out
+ http://www.srntools.com/blacklist/
+ redirects to comodo.com subdomain where I can’t find any information about a DNSBL
+ https://bl.konstant.no/
+ https://docs.hetrixtools.com/bl-konstant-no-unresponsive-removed/
+ [July 29, 2022] This RBL has become unresponsive, and we’ve removed it from our system until it returns to functioning normally again.
+ https://www.megarbl.net/
+ connection times out
+ https://www.blalert.com/dnsbl/rbl.megarbl.net
+ »This blacklist is marked as inactive and is not being checked at the moment. We will be tracking it to see if it goes to normal again.«
+ https://www.kisarbl.or.kr/
+ can’t find information about it
+ website redirects to https://spam.kisa.or.kr/ which gives a 404
+ https://www.abuse.ch/
+ old, defunct link: https://www.abuse.ch/?tag=httpbl
+ does not seem to have a DNSBL (anymore)
+ might be incorporated into spamhaus?
+ does host other databases about threats
+ https://puck.nether.net/or/
+ website is dead
00_NEEDS_RECHECK
https://antispam.imp.ch/
no usage policy
http://blacklist.woody.ch/rblcheck.php3
dead?
waiting for feedback
+ http://dnsbl.iip.lu/
+ https://docs.hetrixtools.com/lookup-dnsbl-iip-lu-false-positive-removed/
+ in 2016: lookup.dnsbl.iip.lu blacklist started issuing false positive responses and upon further investigation looks to be abandoned/dead.
+ https://www.blalert.com/dnsbl/lookup.dnsbl.iip.lu
+ This blacklist is marked as "shut down" and non-operational as of 2017-12-31.
+ http://dnsbl.inps.de/
+ timeout
+ https://www.dnsbl.com/search/label/dnsbl.inps.de
+ Today, May 25, 2020, he has announced that it is shutting down, due to concerns around GDPR and personal challenges brought on by the coronavirus pandemic.
+ https://docs.hetrixtools.com/dnsbl-inps-de-removed-from-our-system/
+ [May 29,2018] IPv4 RBL dnsbl.inps.de has been removed from our system, as they have decided to discontinue the RBL project for the time being.
+ https://glockapps.com/blacklist/dnsbl-inps-de/
+ Today, May 25, 2020, he has announced that it is shutting down, due to concerns around GDPR and personal challenges brought on by the coronavirus pandemic.
+ https://www.dnsbl.info/dnsbl-details.php?dnsbl=dnsbl.inps.de
+ This blacklist is offline as of May 1, 2020.
+ https://web.archive.org/web/20220428013500/http://www.inps.de/
00_NEEDS_RESEARCH
bl.tiopan.com
blocked.hilli.dk
00_E_EVIL
sbl.nszones.com
http://www.spamhaus.org/organization/statement/008/fake-dnsbl-uncovered-nszones.com
+ http://www.backscatterer.org/
+ questionable policy - pay for (quicker) delisting
+ https://support.hornetsecurity.com/hc/en-us/articles/360011880797-Why-are-Hornetsecurity-IP-addresses-listed-at-Backscatterer-
+ as of December 29, 2021: »The removal at the blacklist backscatterer.org can only be done for a fee«
+ https://www.warmy.io/blog/backscatterer-blacklist-how-to-remove-your-ip-from-it
+ in March 17, 2023 does not mention need to pay
+ https://support.forcepoint.com/s/article/Forcepoint-IP-s-blocklisted-by-UCEProtect-and-Backscatterer-org
+ recommend against using it
+ https://whatismyipaddress.com/backscatterer
+ mentions strict delisting process and "express delisting" but nothing further
+ https://bobcares.com/blog/backscatterer-blacklist/
+ goes through the process with screenshots showing express delisting for 109$
+ https://community.cisco.com/t5/email-security/issues-with-www-backscatterer-org-any-one/td-p/1298377
+ more opinions
+ https://www.titanhq.com/blog/warning-ignore-pay-for-de-listing-blacklist-service/
+ Jan 17th, 2020: »UCEProtect also charges a delisting fee. TitanHQ discourages email administrators from using the UCEProtect blacklist and we do not recommend paying for list removal«
+ https://web.archive.org/web/20150320180344/http://www.jvfconsulting.com/blog/130/Backscatterer_Network_Spam_List_Is_Another_UCEPROTECT_Extortion_Scam.html
+ another opinion
00_E_INFORMATION
blacklist.sci.kun.nl
https://cncz.science.ru.nl/en/howto/email-spam/
https://docs.trendmicro.com/en-us/enterprise/email-reputation-services-online-help/getting-started_001/configuring-email-re/creating-an-account.aspx
»If you don’t create an account, you can still query the reputation of an IP address«
I don’t find any pricing or usage information
+ http://dnsbl.tornevall.org/
+ https://www.tornevall.net/
+ related to https://www.fraudbl.org/
+ seems a bit unstructured and not very well documented
+ I can’t be arsed to deal with confluence slowing my browser to a halt repeatedly and it’s really hard to navigate but there seems to be some information on https://docs.tornevall.net/display/TORNEVALL/Endpoint%3A+dnsbl+-+DNSBL+v5+with+API+v3
+ seems active
+ http://rbl.schulte.org/
+ seems active
+ listing policy seems to be: they received spam from an IP
+ usage policy: Anyone can use this RBL list [sic]
+ return codes: probably boolean, i.e. either listed or not
+ http://relaytest.kundenserver.de/
+ by 1und1 (now ionos?), used internally
+ https://www.blalert.com/dnsbl/relays.bl.kundenserver.de
+ no usage policy found
+ no listing policy found
+ no return code explanation found
+ http://www.blockedservers.com/
+ no usage policy
+ no listing policy
+ no documentation
+ "funny":
+ No rights given; all rights are in the dumpster; Copyleft 2012 - 3013 - page generated in 0.009843111038208 secs
+ https://choon.net/dnsbl.php
+ no usage policy or instructions
+ no listing policy
+ only automatic delisting after 30 days
00_E_PAID
00_E_PRIVATE
88.blacklist.zap
https://www.spamhaus.org/organization/dnsblusage/
listing policies are clearly documented
return codes are clearly documented
+ history of grandeur and retaliation listings
+ https://www.heise.de/hintergrund/Spam-Golem-291396.html
http://www.surbl.org/
good reputation
lists domains/URIs
00_LISTS_DIALUPS
00_LISTS_OPENRESOLVERS
00_LISTS_TORNODES
- http://www.sectoor.de/tor.php
https://www.dan.me.uk/dnsbl
+ http://rbl.efnetrbl.org/
+ aka http://tor.efnet.org/
+ lists IPs
+ lists open proxies, infected machines, tornodes, etc.
https://0spam.org/
clear information on usage policy
Nothing. The 0Spam Project is absolutely free for email providers, IT professionals and general removal request.
nbl.0spam.org Network Black List | Spam Source Networks, high volume of spam trap hits in a Class C block will result in network listings in this DNSBL.
url.0spam.org URL Black List | This list contains the IP address of domains found to be in the source of spam emails found in our traps.
return codes not very clear
- http://anticaptcha.net/
- http://blacklist.lashback.com/
- http://ubl.unsubscore.com
- http://blacklist.woody.ch/rblcheck.php3
- http://cbl.abuseat.org/
- http://dnsbl.burnt-tech.com/
- http://dnsbl.iip.lu/
- http://dnsbl.inps.de/
- http://dnsbl.tornevall.org/
+ https://abuse.ro/
+ policy
+ spamtraps
+ The last IP address before destination in the email headers is listed into rbl.abuse.ro list.
+ Sender domains are analyzed and if confirmed to be not spoofed, are listed into dbl.abuse.ro list
+ Spamvertized domains (including those indirectly linked through services like bit.ly) are listed into uribl.abuse.ro list
http://dronebl.org/
- http://mailspike.net/usage.html
+ usage policy is clear: free for whatever
+ listing policy is not quite so clear
+ can be mostly inferred from the classes but not entirely clear IMHO
+ has an IRC channel
+ return codes
+ not explicitly mentioned but it’s 127.0.0.X where X is the class from https://dronebl.org/classes
http://psbl.org/
query zone: psbl.surriel.com
- http://rbl.dns-servicios.com/rbl.php
- http://rbl.schulte.org/
+ no usage policy, but seems implied that usage is free
+ listing policy
+ no explicit, complete policy given but sending to spamtraps is mentioned to get you listed and seems the exclusive mechanism
+ return codes
+ not documented, probably only boolean
http://rbldata.interserver.net/
- may be dead: http://www.blalert.com/dnsbl/rbl.interserver.net
- http://relaytest.kundenserver.de/
+ listing policy more or less clear
+ usage policy not given but since usage is explained it’s probably free for all
+ return codes seem to be binary, i.e. either listed or not
+ lists IPs
+ lists domains/URIs
http://rv-soft.info/
- http://spamcannibal.org/dnsbl_check.shtml
+ usage policy not explicit but seems to be free
+ listing policy also not explicit but can be inferred from return code explanation
+ return codes are explained
http://spamrats.com/
- http://spamstinks.com/
- http://st.technovision.dk/
- http://tor.efnet.org/
- http://rbl.efnetrbl.org/ MIRROR
+ clear usage policy (ToS)
+ listing policies documented
+ return codes of aggregated list documented
+ lists IPs
http://v4bl.org/
- http://virbl.bit.nl/
+ usage policy documented
+ listing policy not really clear
+ return codes documented
http://wpbl.info/
+ listing procedure is documented
+ usage policy implied: free to use
+ return codes documented
http://www.aupads.org/
- http://www.backscatterer.org/
- fragwuerdige policy - bezahlen fuer schnelleres delisting
- http://www.blockedservers.com/
- http://www.blocklist.de/en/index.html
- http://www.emailbasura.org/cgi-bin/emailbasura-ini.pl?lang=eng
+ aka www.antispam-ufrj.pads.ufrj.br
+ aka www.orve.org
+ listing policy more or less clear
+ lists IPs and FQDNs
+ usage policy seems clear: freely exported by anybody who wants to use them«
http://www.gbudb.com/truncate/
+ listing policy
+ usage policy seems implied: free use
+ return codes documented
+ »Truncate is very conservative. On most systems it can be safely used to reject connections!«
http://www.justspam.org/
+ listing policy documented
+ warning: relies on listings in other DNSBLs! also for delisting!
+ usage policy clear
+ return codes: binary
http://www.kempt.net/dnsbl/
- http://www.leadmon.net/spamguard/
- http://www.rbl.jp/allrbl-e.html
+ listing policy documented
+ usage policy documented
+ return codes undocumented
http://www.spamcop.net/
- good policy
+ listing policy documented
+ The SCBL is aggressive and often errs on the side of blocking mail
+ usage policy is: free
good reputation
+ return codes documented
http://www.spamsources.fabel.dk/
- sensible policy
- http://www.srntools.com/blacklist/
+ usage policy is: free
+ listing policy seems clear
+ lists IPs
http://www.uceprotect.net/en/index.php
- http://www.usenix.org.uk/content/rbl.html
- http://zapbl.net/
- https://bl.konstant.no/
- https://choon.net/rbl.php
- https://puck.nether.net/or/
- might be good
- https://rbl.foobar.hu/
- https://www.abuse.ch/
- https://www.abuse.ch/?tag=httpbl
- https://www.kisarbl.or.kr/
- https://www.megarbl.net/
- https://www.team-cymru.org/Services/Bogons/dns.html
- http://mailspike.net/usage.html
- reputation-based
- http://www.spamhauswhitelist.com/en/
- policies for listing and usage on the website
+ takes money for faster delisting
+ listing policy is documented
+ usage policy is documented: free
+ a lot of drama
+ https://www.heise.de/hintergrund/Spam-Golem-291396.html
+ german
+ also see comments
+ https://news.admin.net-abuse.email.narkive.com/boJTu7JC/claus-v-wolfhausen-harasement
+ https://www.linode.com/community/questions/2324/uceprotectnet-has-us-blacklisted
+ https://uceprotect.wtf/
+ https://www.aaroncake.net/misc/showthought.asp?thought=57
+ https://www.dnsbl.com/search/label/claus%20v.%20wolfhausen
+ https://wordtothewise.com/2018/06/another-day-another-dead-blacklist/
+ https://community.spiceworks.com/topic/2170592-uceprotect-blacklist-scam
+ http://kontech.net/uceprotect-blacklist-scheme-2020/
http://www.whitelisted.org/
paid subscription
policy on site
- https://puck.nether.net/or/
- policies on website
- https://rbl.foobar.hu/
- usage and listing policies on website
- http://www.isipp.com/email-accreditation/iadb-query-instruction/
- requires signup
- https://choon.net/rbl.php
- not quite a usage policy, but seems ok
- strange split of ipv4 and ipv6
- seems dead?
- https://www.dnswl.org/
+ related to uceprotect, see there
+ https://www.team-cymru.org/Services/Bogons/dns.html
+ good reputation
+ lists IPs
+ does not list spammers but bogons
+ clear listing policy
+ usage policy not quite clear ATM
+ return codes documented: binary
+ http://mailspike.net/usage.html
+ lists IPs
+ response codes according to their reputation, both positive and negative
+ listing policy documented
+ usage policy documented
+ https://www.isipp.com/for-isps/iadb-query/
+ usage policy seems clear: It is free to query all of the IADB, IADB2, and WADB.
+ not quite a whitelist but closer to whitelist than blacklist
+ listing policy seems to be: get certified by them (for a fee) https://www.isipp.com/email-accreditation/faq/#pricing
+ response codes are documented