X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=dnslists.otl;h=03ea900ea673dfe289908526226d57222a725e10;hb=27edf64d9f4c6a87480fb00b964c62a4acb33a14;hp=78baa6647b144544d43e235fa2341c7026ba4b2f;hpb=a22c8bb115dd870c1a9435c7cf80ae579875f67b;p=user%2Fhenk%2Fdocs%2Fdnsbl_notes.git diff --git a/dnslists.otl b/dnslists.otl index 78baa66..03ea900 100644 --- a/dnslists.otl +++ b/dnslists.otl @@ -8,13 +8,6 @@ TODO implement in exim implement in SA implement in rspamd -implement - https://abuse.ro/ - policy - spamtraps - The last IP address before destination in the email headers is listed into rbl.abuse.ro list. - Sender domains are analyzed and if confirmed to be not spoofed, are listed into dbl.abuse.ro list - Spamvertized domains (including those indirectly linked through services like bit.ly) are listed into uribl.abuse.ro list 00_META https://bugs.launchpad.net/ubuntu/+source/amispammer/+bug/835614 http://www.blalert.com/dnsbls @@ -29,6 +22,8 @@ implement https://www.blacklistmaster.com/ https://knowledge.validity.com/hc/en-us/sections/204468388-Blocklists https://github.com/zbetcheckin/DNSBLs + https://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists + https://www.impressionwise.com/kb/threats/rbl-advisories.html 00_ELANG http://dnsbl.aspnet.hu/ hungarian? @@ -41,6 +36,9 @@ implement as seems dead 404s wiki is down + http://mailhosts.org/ + dead + https://www.blalert.com/dnsbl/shortlist.mailhosts.org blitzed.org dead since 2006 https://www.dnsbl.com/2007/02/status-of-opmblitzedorg-dead.html @@ -159,7 +157,95 @@ implement On or about 5/21/2018 the cyberlogic DNSBL ceased functioning properly. https://www.dnsbl.com/2018/05/ As reported on the mailop mailing list on Friday May 25, 2018, the blocking list at dnsbl.cyberlogic.net now contains a "wildcard" DNS entry, effectively listing the entire internet + http://www.rbl.jp/allrbl-e.html + website asks for login or just errors + http://www.spamhauswhitelist.com/en/ + looks like a parked domain with ads + http://stopspam.org/rblcheck/index.php + aka dul.pacifier.net + http://www.stopspam.org/rbl-info/ + stopped in 2013 + http://countries.nerd.dk/ + unable to connect, also for nerd.dk + http://dul.ru/dul.en.html + DEAD for sale + http://dns.measurement-factory.com/surveys/openresolvers.html + dead + »The following text describes past open DNS resolver surveys and an associated DNS lookup service that has been long shut down« + http://www.sectoor.de/tor.php + timeouts + http://anticaptcha.net/ + for sale + http://blacklist.lashback.com/ + query zone: ubl.unsubscore.com + provider’s website https://lashback.com/ seems alive and active (news entries from 2023) but does not link to the blacklist + rsync URLs seem dead, so does the download url + http://blacklist.woody.ch/ + no entries in the displayed "top 100" + may have been absorbed into the swinog blacklists, see antispam.imp.ch + http://cbl.abuseat.org/ + https://www.abuseat.org/ + changes to the CBL that occured in January 2021. In short, the CBL infrastructure was replaced by the Spamhaus XBL structure + http://dnsbl.burnt-tech.com/ + domain is for sale + http://rbl.dns-servicios.com/rbl.php + website can not be found + http://spamcannibal.org/ + dead, as of at least 2018 + http://st.technovision.dk/ + https://docs.hetrixtools.com/st-technovision-dk-inactive-removed/ + [December 8, 2021] This RBL has stopped responding to DNS queries. + http://spamstinks.com/ + cert is for generic hostname + website shows some login form + http://virbl.bit.nl/ + https://www.rollernet.us/2017/01/shutdown-of-virbl-dnsbl-bit-nl/ + January 23, 2017: »The Virbl-project site has been replaced by this static message to inform those that find their ways here. The Virbl DNSBL-zone was emptied and will be removed all together at a moment further on in the future.« + http://www.blocklist.de/en/index.html + lots of timeouts as of 2023 + forum link is dead, among others + seems unmaintained but alive + latest news is from 2016 + latest blog entry from 2022 + Abusix, a network security company for mail security and abuse report handling, takes over blocklist.de to integrate it within its Abusix platform to further improve its data quality. + http://www.emailbasura.org/cgi-bin/emailbasura-ini.pl?lang=eng + placeholder/parked? 00_NEEDS_RECHECK + https://antispam.imp.ch/ + no usage policy + no return code info + no good listing policy + information received from inquiry to provider + website will be updated + return codes + dnsrbl.swinog.ch and uribl.swinog.ch (holding time increases with hits) + 127.0.1.8 = default + 127.0.0.10 => TRAP (Email sent to a spamtrap) + 127.0.0.11 => REPO (Email reported as Spam by customer) + spamrbl.imp.ch (3 days holding time) + IPs are listed when trying to send mail to the spamtrap mailserver + MD5 hash: attachment sent to the swinog blacklist + wormrbl.imp.ch + DEAD + http://blacklist.woody.ch/rblcheck.php3 + dead? + waiting for feedback + http://dnsbl.iip.lu/ + https://docs.hetrixtools.com/lookup-dnsbl-iip-lu-false-positive-removed/ + in 2016: lookup.dnsbl.iip.lu blacklist started issuing false positive responses and upon further investigation looks to be abandoned/dead. + https://www.blalert.com/dnsbl/lookup.dnsbl.iip.lu + This blacklist is marked as "shut down" and non-operational as of 2017-12-31. + http://dnsbl.inps.de/ + timeout + https://www.dnsbl.com/search/label/dnsbl.inps.de + Today, May 25, 2020, he has announced that it is shutting down, due to concerns around GDPR and personal challenges brought on by the coronavirus pandemic. + https://docs.hetrixtools.com/dnsbl-inps-de-removed-from-our-system/ + [May 29,2018] IPv4 RBL dnsbl.inps.de has been removed from our system, as they have decided to discontinue the RBL project for the time being. + https://glockapps.com/blacklist/dnsbl-inps-de/ + Today, May 25, 2020, he has announced that it is shutting down, due to concerns around GDPR and personal challenges brought on by the coronavirus pandemic. + https://www.dnsbl.info/dnsbl-details.php?dnsbl=dnsbl.inps.de + This blacklist is offline as of May 1, 2020. + https://web.archive.org/web/20220428013500/http://www.inps.de/ 00_NEEDS_RESEARCH bl.tiopan.com blocked.hilli.dk @@ -196,6 +282,24 @@ implement 00_E_EVIL sbl.nszones.com http://www.spamhaus.org/organization/statement/008/fake-dnsbl-uncovered-nszones.com + http://www.backscatterer.org/ + questionable policy - pay for (quicker) delisting + https://support.hornetsecurity.com/hc/en-us/articles/360011880797-Why-are-Hornetsecurity-IP-addresses-listed-at-Backscatterer- + as of December 29, 2021: »The removal at the blacklist backscatterer.org can only be done for a fee« + https://www.warmy.io/blog/backscatterer-blacklist-how-to-remove-your-ip-from-it + in March 17, 2023 does not mention need to pay + https://support.forcepoint.com/s/article/Forcepoint-IP-s-blocklisted-by-UCEProtect-and-Backscatterer-org + recommend against using it + https://whatismyipaddress.com/backscatterer + mentions strict delisting process and "express delisting" but nothing further + https://bobcares.com/blog/backscatterer-blacklist/ + goes through the process with screenshots showing express delisting for 109$ + https://community.cisco.com/t5/email-security/issues-with-www-backscatterer-org-any-one/td-p/1298377 + more opinions + https://www.titanhq.com/blog/warning-ignore-pay-for-de-listing-blacklist-service/ + Jan 17th, 2020: »UCEProtect also charges a delisting fee. TitanHQ discourages email administrators from using the UCEProtect blacklist and we do not recommend paying for list removal« + https://web.archive.org/web/20150320180344/http://www.jvfconsulting.com/blog/130/Backscatterer_Network_Spam_List_Is_Another_UCEPROTECT_Extortion_Scam.html + another opinion 00_E_INFORMATION blacklist.sci.kun.nl https://cncz.science.ru.nl/en/howto/email-spam/ @@ -236,6 +340,29 @@ implement https://docs.trendmicro.com/en-us/enterprise/email-reputation-services-online-help/getting-started_001/configuring-email-re/creating-an-account.aspx »If you don’t create an account, you can still query the reputation of an IP address« I don’t find any pricing or usage information + http://dnsbl.tornevall.org/ + https://www.tornevall.net/ + related to https://www.fraudbl.org/ + seems a bit unstructured and not very well documented + I can’t be arsed to deal with confluence slowing my browser to a halt repeatedly and it’s really hard to navigate but there seems to be some information on https://docs.tornevall.net/display/TORNEVALL/Endpoint%3A+dnsbl+-+DNSBL+v5+with+API+v3 + seems active + http://rbl.schulte.org/ + seems active + listing policy seems to be: they received spam from an IP + usage policy: Anyone can use this RBL list [sic] + return codes: probably boolean, i.e. either listed or not + http://relaytest.kundenserver.de/ + by 1und1 (now ionos?), used internally + https://www.blalert.com/dnsbl/relays.bl.kundenserver.de + no usage policy found + no listing policy found + no return code explanation found + http://www.blockedservers.com/ + no usage policy + no listing policy + no documentation + "funny": + No rights given; all rights are in the dumpster; Copyleft 2012 - 3013 - page generated in 0.009843111038208 secs 00_E_PAID 00_E_PRIVATE 88.blacklist.zap @@ -261,168 +388,220 @@ implement https://ahbl.org/ was public until 2015 now private, invite-only - 00_DOMAIN_BLACKLISTS - 00_IN_USE_EXIM - http://antispam.imp.ch/05-uribl.php?lng=0 - http://blacklist.woody.ch/rblcheck.php3 - http://mailhosts.org/ + http://rfc-clueless.org/ + lists domains + that do not adhere to common best practices or requirements + does NOT list spammers! + listing criteria are explained well + http://rfc-clueless.org/pages/listing_policy + return codes are explained http://rfc-clueless.org/ - http://spameatingmonkey.com/lists.html - http://uribl.com/ - http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists - http://www.rbl.jp/allrbl-e.html - http://www.sorbs.net/ - good reputation - seems sensible - different kinds of lists - http://www.spamhaus.org/ - good reputation - very well done - different kinds of lists! - http://www.surbl.org/ - http://zapbl.net/ - https://rbl.foobar.hu/ - http://apews.org/?page=filter - questionable - 00_DOMAIN_WHITELISTS - 00_IN_USE_EXIM - http://mailhosts.org/rhswl/ - http://uribl.com/ - http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists - http://www.spamhauswhitelist.com/en/ - https://www.dnswl.org/ - 00_IP_BLACKLISTS - 00_E_FOCUS - http://stopspam.org/rblcheck/index.php - different kinds of lists - none usable for me - http://www.dnsblchile.org/ - chilenian spam - 00_LISTS_BLOGSPAMMERS - http://blogspambl.com/ - https://www.madavi.de/madavibl/ - http://bsb.empty.us/ - 00_LISTS_COUNTRIES - http://countries.nerd.dk/ - korea - http://korea.services.net/ - 00_LISTS_DIALUPS - http://dul.ru/dul.en.html - DEAD for sale - 00_LISTS_OPENRESOLVERS - http://dns.measurement-factory.com/surveys/openresolvers.html - 00_LISTS_TORNODES - http://www.sectoor.de/tor.php - https://www.dan.me.uk/dnsbl - https://0spam.org/ - clear information on usage policy - Nothing. The 0Spam Project is absolutely free for email providers, IT professionals and general removal request. - DNSBL service and removals are 100% for free for all uses; commercial, non profit and personal. - seems serious - listing policies are a little less clear - bl.0spam.org DNSBL | 0spam Spam Trap Primary Database - nbl.0spam.org Network Black List | Spam Source Networks, high volume of spam trap hits in a Class C block will result in network listings in this DNSBL. - url.0spam.org URL Black List | This list contains the IP address of domains found to be in the source of spam emails found in our traps. - return codes not very clear - possibly inactive? - https://www.blalert.com/dnsbl/0spam.fusionzero.com - http://anticaptcha.net/ - http://antispam.imp.ch/03-wormlist.html?lng=0 - http://antispam.imp.ch/04-spamlist.html?lng=0 - http://antispam.imp.ch/06-dnsbl.php?lng=0 - http://blacklist.lashback.com/ - http://ubl.unsubscore.com - http://blacklist.woody.ch/rblcheck.php3 - http://cbl.abuseat.org/ - http://dnsbl.burnt-tech.com/ - http://dnsbl.iip.lu/ - http://dnsbl.inps.de/ - http://dnsbl.tornevall.org/ - http://dronebl.org/ - http://mailhosts.org/ - http://mailhosts.org/ipbl/ - http://mailspike.net/usage.html - http://psbl.org/ - query zone: psbl.surriel.com - http://rbl.dns-servicios.com/rbl.php - http://rbl.schulte.org/ - http://rbldata.interserver.net/ - may be dead: http://www.blalert.com/dnsbl/rbl.interserver.net - http://relaytest.kundenserver.de/ - http://rv-soft.info/ - http://spamcannibal.org/dnsbl_check.shtml - http://spameatingmonkey.com/lists.html - http://spamrats.com/ - http://spamstinks.com/ - http://st.technovision.dk/ - http://tor.efnet.org/ - http://rbl.efnetrbl.org/ MIRROR - http://v4bl.org/ - http://virbl.bit.nl/ - http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists - http://wpbl.info/ - http://www.aupads.org/ - http://www.backscatterer.org/ - fragwuerdige policy - bezahlen fuer schnelleres delisting - http://www.blockedservers.com/ - http://www.blocklist.de/en/index.html - http://www.emailbasura.org/cgi-bin/emailbasura-ini.pl?lang=eng - http://www.gbudb.com/truncate/ - http://www.justspam.org/ - http://www.kempt.net/dnsbl/ - http://www.leadmon.net/spamguard/ - http://www.rbl.jp/allrbl-e.html - http://www.sorbs.net/ - good reputation - seems sensible - different kinds of lists - http://www.spamcop.net/ - good policy - good reputation - http://www.spamhaus.org/ - good reputation - very well done - different kinds of lists! - http://www.spamsources.fabel.dk/ - sensible policy - http://www.srntools.com/blacklist/ - http://www.uceprotect.net/en/index.php - http://www.usenix.org.uk/content/rbl.html - http://zapbl.net/ - https://bl.konstant.no/ - https://choon.net/rbl.php - https://puck.nether.net/or/ - might be good - https://rbl.foobar.hu/ - https://www.abuse.ch/ - https://www.abuse.ch/?tag=httpbl - https://www.kisarbl.or.kr/ - https://www.megarbl.net/ - https://www.team-cymru.org/Services/Bogons/dns.html - 00_IP_WHITELISTS - 00_IN_USE_EXIM - http://mailhosts.org/ipwl/ - manual listing - http://mailspike.net/usage.html - reputation-based - http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists - very nice project! - http://www.spamhauswhitelist.com/en/ - policies for listing and usage on the website - http://www.whitelisted.org/ - paid subscription - policy on site - https://puck.nether.net/or/ - policies on website - https://rbl.foobar.hu/ - usage and listing policies on website - http://spameatingmonkey.com/lists.html - whitelist zone not mentioned - support request sent - http://www.isipp.com/email-accreditation/iadb-query-instruction/ - requires signup - https://choon.net/rbl.php - not quite a usage policy, but seems ok - strange split of ipv4 and ipv6 - seems dead? - https://www.dnswl.org/ + usage policy is not so clear but the FAQ implies that it’s just free to use for everyone + many timeouts + first noticed in 2014 and deactivated + retried in 2023 and still the case + http://spameatingmonkey.com/ + lists IPs + that sent backscatter + that sent to spamtrap + added by policy + this includes dial-up! + https://spameatingmonkey.com/faq/policy-based-listing + lists domains/URIs + by age + in spam bodies + usage policy seems clear + https://spameatingmonkey.com/faq/query-limits + listing policy seems clear + https://spameatingmonkey.com/services + return codes documented + https://spameatingmonkey.com/services + http://blogspambl.com/ + redirects to spameatingmonkey.com + http://uribl.com/ + lists domains/URIs + that appear in spam bodies + has whitelist + lists IPs + that URIs in spam bodies resolve to + return codes are documented + https://uribl.com/about.shtml#implementation + bitmasked + 127.0.0.1 is used to signal abusive query behaviour + http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists + called "hostkarma" + lists domains/URIs + lists IPs + usage policy is relatively clear that it’s free, except maybe for big for-profit oranizations + listing policy is documented + return codes are documented + seems very trustworthy + http://www.sorbs.net/ + good reputation + lists domains/URIs + lists IPs + usage policy is clear that it’s free + listing policy is documented + return codes are documented + seems trustworthy + http://www.spamhaus.org/ + good reputation + very well done + seems very professional + lists domains/URIs + lists IPs + usage policy is clear + https://www.spamhaus.org/organization/dnsblusage/ + listing policies are clearly documented + return codes are clearly documented + http://www.surbl.org/ + good reputation + lists domains/URIs + usage policy is clear + https://surbl.org/usage-policy + listing policy is documented + return codes are documented + bitmasked + 127.0.0.1 means blocked + http://zapbl.net/ + lists domains/URIs + lists IPs + listing policy seems clear + https://zapbl.net/policy + usage policy seems clearly free for everyone + https://zapbl.net/using + return codes are documented + seems well done + https://rbl.foobar.hu/ + lists domains/URIs + lists IPs + listing policy seems clear + usage policy seems clearly free for everyone + return codes are documented + possibly unmaintained or dead + footer says: ©2013-14 + http://apews.org/?page=filter + questionable + https://www.dnsbl.com/search/label/apews + https://whatismyipaddress.com/apews + dead? + no news on http://apews-user.blogspot.com/ since 2014 + not further looked into because of the above + https://www.dnswl.org/ + seems to be run with best intentions but has had issues from what I have heard from some users + IRC channel has some activity + usage policy relatively clear + free within certain limits + listing policy + self-service + return codes are documented + 00_E_FOCUS + https://www.dnsblchile.org/index.en.html + chilenian spam so not interesting for me + seems alive + 00_LISTS_BLOGSPAMMERS + https://www.madavi.de/madavibl/ + »This blacklist should only be used to block comment spammer (on blogs and websites). Don’t use it for mail.« + http://bsb.empty.us/ + does not exist anymore + empty.us returns »Nothing here, obviously.« + 00_LISTS_COUNTRIES + korea + http://korea.services.net/ + 00_LISTS_DIALUPS + 00_LISTS_OPENRESOLVERS + 00_LISTS_TORNODES + https://www.dan.me.uk/dnsbl + http://rbl.efnetrbl.org/ + aka http://tor.efnet.org/ + lists IPs + lists open proxies, infected machines, tornodes, etc. + https://0spam.org/ + clear information on usage policy + Nothing. The 0Spam Project is absolutely free for email providers, IT professionals and general removal request. + DNSBL service and removals are 100% for free for all uses; commercial, non profit and personal. + seems serious + listing policies are a little less clear + bl.0spam.org DNSBL | 0spam Spam Trap Primary Database + nbl.0spam.org Network Black List | Spam Source Networks, high volume of spam trap hits in a Class C block will result in network listings in this DNSBL. + url.0spam.org URL Black List | This list contains the IP address of domains found to be in the source of spam emails found in our traps. + return codes not very clear + https://abuse.ro/ + policy + spamtraps + The last IP address before destination in the email headers is listed into rbl.abuse.ro list. + Sender domains are analyzed and if confirmed to be not spoofed, are listed into dbl.abuse.ro list + Spamvertized domains (including those indirectly linked through services like bit.ly) are listed into uribl.abuse.ro list + http://dronebl.org/ + usage policy is clear: free for whatever + listing policy is not quite so clear + can be mostly inferred from the classes but not entirely clear IMHO + has an IRC channel + return codes + not explicitly mentioned but it’s 127.0.0.X where X is the class from https://dronebl.org/classes + http://psbl.org/ + query zone: psbl.surriel.com + no usage policy, but seems implied that usage is free + listing policy + no explicit, complete policy given but sending to spamtraps is mentioned to get you listed and seems the exclusive mechanism + return codes + not documented, probably only boolean + http://rbldata.interserver.net/ + listing policy more or less clear + usage policy not given but since usage is explained it’s probably free for all + return codes seem to be binary, i.e. either listed or not + lists IPs + lists domains/URIs + http://rv-soft.info/ + usage policy not explicit but seems to be free + listing policy also not explicit but can be inferred from return code explanation + return codes are explained + http://spamrats.com/ + clear usage policy (ToS) + listing policies documented + return codes of aggregated list documented + lists IPs + http://v4bl.org/ + usage policy documented + listing policy not really clear + return codes documented + http://wpbl.info/ + listing procedure is documented + usage policy implied: free to use + return codes documented + http://www.aupads.org/ + aka www.antispam-ufrj.pads.ufrj.br + aka www.orve.org + listing policy more or less clear + lists IPs and FQDNs + usage policy seems clear: freely exported by anybody who wants to use them« + http://www.gbudb.com/truncate/ + http://www.justspam.org/ + http://www.kempt.net/dnsbl/ + http://www.leadmon.net/spamguard/ + http://www.spamcop.net/ + good policy + good reputation + http://www.spamsources.fabel.dk/ + sensible policy + http://www.srntools.com/blacklist/ + http://www.uceprotect.net/en/index.php + https://bl.konstant.no/ + https://choon.net/rbl.php + https://www.abuse.ch/ + https://www.abuse.ch/?tag=httpbl + https://www.kisarbl.or.kr/ + https://www.megarbl.net/ + https://www.team-cymru.org/Services/Bogons/dns.html + http://mailspike.net/usage.html + reputation-based + http://www.whitelisted.org/ + paid subscription + policy on site + https://puck.nether.net/or/ + policies on website + http://www.isipp.com/email-accreditation/iadb-query-instruction/ + requires signup + not quite a usage policy, but seems ok + strange split of ipv4 and ipv6 + seems dead?