X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=dnslists.otl;h=1c99f25284af6d9e6e25036f387f319ec0496d96;hb=7b4f71180a384a7162c9037753b0c9933eaacac9;hp=27f943fcfddd1612a80678e20c6bacee702b219c;hpb=95636f1134151abde3493e206bbd8dc22bde29f8;p=user%2Fhenk%2Fdocs%2Fdnsbl_notes.git

diff --git a/dnslists.otl b/dnslists.otl
index 27f943f..1c99f25 100644
--- a/dnslists.otl
+++ b/dnslists.otl
@@ -8,13 +8,6 @@ TODO
 	implement in exim
 	implement in SA
 	implement in rspamd
-implement
-	https://abuse.ro/
-		policy
-			spamtraps
-			The last IP address before destination in the email headers is listed into rbl.abuse.ro list.
-			Sender domains are analyzed and if confirmed to be not spoofed, are listed into dbl.abuse.ro list
-			Spamvertized domains (including those indirectly linked through services like bit.ly) are listed into uribl.abuse.ro list
 00_META
 	https://bugs.launchpad.net/ubuntu/+source/amispammer/+bug/835614
 	http://www.blalert.com/dnsbls
@@ -30,6 +23,7 @@ implement
 	https://knowledge.validity.com/hc/en-us/sections/204468388-Blocklists
 	https://github.com/zbetcheckin/DNSBLs
 	https://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists
+	https://www.impressionwise.com/kb/threats/rbl-advisories.html
 00_ELANG
 	http://dnsbl.aspnet.hu/
 		hungarian?
@@ -182,6 +176,28 @@ implement
 		timeouts
 	http://anticaptcha.net/
 		for sale
+	http://blacklist.lashback.com/
+		query zone: ubl.unsubscore.com
+		providerâs website https://lashback.com/ seems alive and active (news entries from 2023) but does not link to the blacklist
+		rsync URLs seem dead, so does the download url
+	http://blacklist.woody.ch/
+		no entries in the displayed "top 100"
+		may have been absorbed into the swinog blacklists, see antispam.imp.ch
+	http://cbl.abuseat.org/
+		https://www.abuseat.org/
+			changes to the CBL that occured in January 2021. In short, the CBL infrastructure was replaced by the Spamhaus XBL structure
+	http://dnsbl.burnt-tech.com/
+		domain is for sale
+	http://rbl.dns-servicios.com/rbl.php
+		website can not be found
+	http://spamcannibal.org/
+		dead, as of at least 2018
+	http://st.technovision.dk/
+		https://docs.hetrixtools.com/st-technovision-dk-inactive-removed/
+			[December 8, 2021] This RBL has stopped responding to DNS queries.
+	http://spamstinks.com/
+		cert is for generic hostname
+		website shows some login form
 00_NEEDS_RECHECK
 	https://antispam.imp.ch/
 		no usage policy
@@ -202,6 +218,22 @@ implement
 	http://blacklist.woody.ch/rblcheck.php3
 		dead?
 		waiting for feedback
+	http://dnsbl.iip.lu/
+		https://docs.hetrixtools.com/lookup-dnsbl-iip-lu-false-positive-removed/
+			in 2016: lookup.dnsbl.iip.lu blacklist started issuing false positive responses and upon further investigation looks to be abandoned/dead.
+		https://www.blalert.com/dnsbl/lookup.dnsbl.iip.lu
+			This blacklist is marked as "shut down" and non-operational as of 2017-12-31.
+	http://dnsbl.inps.de/
+		timeout
+		https://www.dnsbl.com/search/label/dnsbl.inps.de
+			Today, May 25, 2020, he has announced that it is shutting down, due to concerns around GDPR and personal challenges brought on by the coronavirus pandemic.
+		https://docs.hetrixtools.com/dnsbl-inps-de-removed-from-our-system/
+			[May 29,2018] IPv4 RBL dnsbl.inps.de has been removed from our system, as they have decided to discontinue the RBL project for the time being.
+		https://glockapps.com/blacklist/dnsbl-inps-de/
+			Today, May 25, 2020, he has announced that it is shutting down, due to concerns around GDPR and personal challenges brought on by the coronavirus pandemic.
+		https://www.dnsbl.info/dnsbl-details.php?dnsbl=dnsbl.inps.de
+			This blacklist is offline as of May 1, 2020.
+		https://web.archive.org/web/20220428013500/http://www.inps.de/
 00_NEEDS_RESEARCH
 	bl.tiopan.com
 	blocked.hilli.dk
@@ -278,6 +310,23 @@ implement
 			https://docs.trendmicro.com/en-us/enterprise/email-reputation-services-online-help/getting-started_001/configuring-email-re/creating-an-account.aspx
 				Â»If you donât create an account, you can still query the reputation of an IP addressÂ«
 			I donât find any pricing or usage information
+		http://dnsbl.tornevall.org/
+			https://www.tornevall.net/
+			related to https://www.fraudbl.org/
+			seems a bit unstructured and not very well documented
+				I canât be arsed to deal with confluence slowing my browser to a halt repeatedly and itâs really hard to navigate but there seems to be some information on https://docs.tornevall.net/display/TORNEVALL/Endpoint%3A+dnsbl+-+DNSBL+v5+with+API+v3
+			seems active
+		http://rbl.schulte.org/
+			seems active
+			listing policy seems to be: they received spam from an IP
+			usage policy: Anyone can use this RBL list [sic]
+			return codes: probably boolean, i.e. either listed or not
+		http://relaytest.kundenserver.de/
+			by 1und1 (now ionos?), used internally
+			https://www.blalert.com/dnsbl/relays.bl.kundenserver.de
+			no usage policy found
+			no listing policy found
+			no return code explanation found
 	00_E_PAID
 	00_E_PRIVATE
 		88.blacklist.zap
@@ -427,6 +476,10 @@ implement
 	00_LISTS_OPENRESOLVERS
 	00_LISTS_TORNODES
 		https://www.dan.me.uk/dnsbl
+		http://rbl.efnetrbl.org/
+			aka http://tor.efnet.org/
+			lists IPs
+			lists open proxies, infected machines, tornodes, etc.
 	https://0spam.org/
 		clear information on usage policy
 			Nothing. The 0Spam Project is absolutely free for email providers, IT professionals and general removal request.
@@ -437,31 +490,45 @@ implement
 			nbl.0spam.org Network Black List | Spam Source Networks, high volume of spam trap hits in a Class C block will result in network listings in this DNSBL.
 			url.0spam.org URL Black List | This list contains the IP address of domains found to be in the source of spam emails found in our traps.
 		return codes not very clear
-	http://blacklist.lashback.com/
-		http://ubl.unsubscore.com
-	http://blacklist.woody.ch/rblcheck.php3
-	http://cbl.abuseat.org/
-	http://dnsbl.burnt-tech.com/
-	http://dnsbl.iip.lu/
-	http://dnsbl.inps.de/
-	http://dnsbl.tornevall.org/
+	https://abuse.ro/
+		policy
+			spamtraps
+			The last IP address before destination in the email headers is listed into rbl.abuse.ro list.
+			Sender domains are analyzed and if confirmed to be not spoofed, are listed into dbl.abuse.ro list
+			Spamvertized domains (including those indirectly linked through services like bit.ly) are listed into uribl.abuse.ro list
 	http://dronebl.org/
-	http://mailspike.net/usage.html
+		usage policy is clear: free for whatever
+		listing policy is not quite so clear
+			can be mostly inferred from the classes but not entirely clear IMHO
+		has an IRC channel
+		return codes
+			not explicitly mentioned but itâs 127.0.0.X where X is the class from https://dronebl.org/classes
 	http://psbl.org/
 		query zone: psbl.surriel.com
-	http://rbl.dns-servicios.com/rbl.php
-	http://rbl.schulte.org/
+		no usage policy, but seems implied that usage is free
+		listing policy
+			no explicit, complete policy given but sending to spamtraps is mentioned to get you listed and seems the exclusive mechanism
+		return codes
+			not documented, probably only boolean
 	http://rbldata.interserver.net/
-		may be dead: http://www.blalert.com/dnsbl/rbl.interserver.net
-	http://relaytest.kundenserver.de/
+		listing policy more or less clear
+		usage policy not given but since usage is explained itâs probably free for all
+		return codes seem to be binary, i.e. either listed or not
+		lists IPs
+		lists domains/URIs
 	http://rv-soft.info/
-	http://spamcannibal.org/dnsbl_check.shtml
+		usage policy not explicit but seems to be free
+		listing policy also not explicit but can be inferred from return code explanation
+		return codes are explained
 	http://spamrats.com/
-	http://spamstinks.com/
-	http://st.technovision.dk/
-	http://tor.efnet.org/
-		http://rbl.efnetrbl.org/ MIRROR
+		clear usage policy (ToS)
+		listing policies documented
+		return codes of aggregated list documented
+		lists IPs
 	http://v4bl.org/
+		usage policy documented
+		listing policy not really clear
+		return codes documented
 	http://virbl.bit.nl/
 	http://wpbl.info/
 	http://www.aupads.org/
@@ -474,7 +541,6 @@ implement
 	http://www.justspam.org/
 	http://www.kempt.net/dnsbl/
 	http://www.leadmon.net/spamguard/
-	http://www.rbl.jp/allrbl-e.html
 	http://www.spamcop.net/
 		good policy
 		good reputation
@@ -482,13 +548,8 @@ implement
 		sensible policy
 	http://www.srntools.com/blacklist/
 	http://www.uceprotect.net/en/index.php
-	http://www.usenix.org.uk/content/rbl.html
-	http://zapbl.net/
 	https://bl.konstant.no/
 	https://choon.net/rbl.php
-	https://puck.nether.net/or/
-		might be good
-	https://rbl.foobar.hu/
 	https://www.abuse.ch/
 		https://www.abuse.ch/?tag=httpbl
 	https://www.kisarbl.or.kr/
@@ -496,19 +557,13 @@ implement
 	https://www.team-cymru.org/Services/Bogons/dns.html
 	http://mailspike.net/usage.html
 		reputation-based
-	http://www.spamhauswhitelist.com/en/
-		policies for listing and usage on the website
 	http://www.whitelisted.org/
 		paid subscription
 		policy on site
 	https://puck.nether.net/or/
 		policies on website
-	https://rbl.foobar.hu/
-		usage and listing policies on website
 	http://www.isipp.com/email-accreditation/iadb-query-instruction/
 		requires signup
-	https://choon.net/rbl.php
 		not quite a usage policy, but seems ok
 		strange split of ipv4 and ipv6
 		seems dead?
-	https://www.dnswl.org/