X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=dnslists.otl;h=76fbaf480911e46a7cf5edf047ae6c8e9911a3d8;hb=3f84c87e907c49660f381e3cb40ee2366ab0e3ef;hp=434848f56a181e2fafe652b873cd2c4c4983919c;hpb=fb3cef4f2d7e89c464925f244879732630d5b32e;p=user%2Fhenk%2Fdocs%2Fdnsbl_notes.git diff --git a/dnslists.otl b/dnslists.otl index 434848f..76fbaf4 100644 --- a/dnslists.otl +++ b/dnslists.otl @@ -1,6 +1,9 @@ TODO check and link (de)listing policy NOGO: delisting for money + how long does automatic delisting take? + 7d is already quite long + anything >7d seems excessive and should probably not be used check and link usage policy check and link return codes find newsfeed or mailinglist @@ -23,6 +26,7 @@ TODO https://knowledge.validity.com/hc/en-us/sections/204468388-Blocklists https://github.com/zbetcheckin/DNSBLs https://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists + https://www.impressionwise.com/kb/threats/rbl-advisories.html 00_ELANG http://dnsbl.aspnet.hu/ hungarian? @@ -189,6 +193,47 @@ TODO domain is for sale http://rbl.dns-servicios.com/rbl.php website can not be found + http://spamcannibal.org/ + dead, as of at least 2018 + http://st.technovision.dk/ + https://docs.hetrixtools.com/st-technovision-dk-inactive-removed/ + [December 8, 2021] This RBL has stopped responding to DNS queries. + http://spamstinks.com/ + cert is for generic hostname + website shows some login form + http://virbl.bit.nl/ + https://www.rollernet.us/2017/01/shutdown-of-virbl-dnsbl-bit-nl/ + January 23, 2017: »The Virbl-project site has been replaced by this static message to inform those that find their ways here. The Virbl DNSBL-zone was emptied and will be removed all together at a moment further on in the future.« + http://www.blocklist.de/en/index.html + lots of timeouts as of 2023 + forum link is dead, among others + seems unmaintained but alive + latest news is from 2016 + latest blog entry from 2022 + Abusix, a network security company for mail security and abuse report handling, takes over blocklist.de to integrate it within its Abusix platform to further improve its data quality. + http://www.emailbasura.org/cgi-bin/emailbasura-ini.pl?lang=eng + placeholder/parked? + http://www.leadmon.net/spamguard/ + website times out + http://www.srntools.com/blacklist/ + redirects to comodo.com subdomain where I can’t find any information about a DNSBL + https://bl.konstant.no/ + https://docs.hetrixtools.com/bl-konstant-no-unresponsive-removed/ + [July 29, 2022] This RBL has become unresponsive, and we’ve removed it from our system until it returns to functioning normally again. + https://www.megarbl.net/ + connection times out + https://www.blalert.com/dnsbl/rbl.megarbl.net + »This blacklist is marked as inactive and is not being checked at the moment. We will be tracking it to see if it goes to normal again.« + https://www.kisarbl.or.kr/ + can’t find information about it + website redirects to https://spam.kisa.or.kr/ which gives a 404 + https://www.abuse.ch/ + old, defunct link: https://www.abuse.ch/?tag=httpbl + does not seem to have a DNSBL (anymore) + might be incorporated into spamhaus? + does host other databases about threats + https://puck.nether.net/or/ + website is dead 00_NEEDS_RECHECK https://antispam.imp.ch/ no usage policy @@ -261,6 +306,24 @@ TODO 00_E_EVIL sbl.nszones.com http://www.spamhaus.org/organization/statement/008/fake-dnsbl-uncovered-nszones.com + http://www.backscatterer.org/ + questionable policy - pay for (quicker) delisting + https://support.hornetsecurity.com/hc/en-us/articles/360011880797-Why-are-Hornetsecurity-IP-addresses-listed-at-Backscatterer- + as of December 29, 2021: »The removal at the blacklist backscatterer.org can only be done for a fee« + https://www.warmy.io/blog/backscatterer-blacklist-how-to-remove-your-ip-from-it + in March 17, 2023 does not mention need to pay + https://support.forcepoint.com/s/article/Forcepoint-IP-s-blocklisted-by-UCEProtect-and-Backscatterer-org + recommend against using it + https://whatismyipaddress.com/backscatterer + mentions strict delisting process and "express delisting" but nothing further + https://bobcares.com/blog/backscatterer-blacklist/ + goes through the process with screenshots showing express delisting for 109$ + https://community.cisco.com/t5/email-security/issues-with-www-backscatterer-org-any-one/td-p/1298377 + more opinions + https://www.titanhq.com/blog/warning-ignore-pay-for-de-listing-blacklist-service/ + Jan 17th, 2020: »UCEProtect also charges a delisting fee. TitanHQ discourages email administrators from using the UCEProtect blacklist and we do not recommend paying for list removal« + https://web.archive.org/web/20150320180344/http://www.jvfconsulting.com/blog/130/Backscatterer_Network_Spam_List_Is_Another_UCEPROTECT_Extortion_Scam.html + another opinion 00_E_INFORMATION blacklist.sci.kun.nl https://cncz.science.ru.nl/en/howto/email-spam/ @@ -312,6 +375,22 @@ TODO listing policy seems to be: they received spam from an IP usage policy: Anyone can use this RBL list [sic] return codes: probably boolean, i.e. either listed or not + http://relaytest.kundenserver.de/ + by 1und1 (now ionos?), used internally + https://www.blalert.com/dnsbl/relays.bl.kundenserver.de + no usage policy found + no listing policy found + no return code explanation found + http://www.blockedservers.com/ + no usage policy + no listing policy + no documentation + "funny": + No rights given; all rights are in the dumpster; Copyleft 2012 - 3013 - page generated in 0.009843111038208 secs + https://choon.net/dnsbl.php + no usage policy or instructions + no listing policy + only automatic delisting after 30 days 00_E_PAID 00_E_PRIVATE 88.blacklist.zap @@ -403,6 +482,8 @@ TODO https://www.spamhaus.org/organization/dnsblusage/ listing policies are clearly documented return codes are clearly documented + history of grandeur and retaliation listings + https://www.heise.de/hintergrund/Spam-Golem-291396.html http://www.surbl.org/ good reputation lists domains/URIs @@ -461,6 +542,10 @@ TODO 00_LISTS_OPENRESOLVERS 00_LISTS_TORNODES https://www.dan.me.uk/dnsbl + http://rbl.efnetrbl.org/ + aka http://tor.efnet.org/ + lists IPs + lists open proxies, infected machines, tornodes, etc. https://0spam.org/ clear information on usage policy Nothing. The 0Spam Project is absolutely free for email providers, IT professionals and general removal request. @@ -497,48 +582,85 @@ TODO return codes seem to be binary, i.e. either listed or not lists IPs lists domains/URIs - http://relaytest.kundenserver.de/ http://rv-soft.info/ - http://spamcannibal.org/dnsbl_check.shtml + usage policy not explicit but seems to be free + listing policy also not explicit but can be inferred from return code explanation + return codes are explained http://spamrats.com/ - http://spamstinks.com/ - http://st.technovision.dk/ - http://tor.efnet.org/ - http://rbl.efnetrbl.org/ MIRROR + clear usage policy (ToS) + listing policies documented + return codes of aggregated list documented + lists IPs http://v4bl.org/ - http://virbl.bit.nl/ + usage policy documented + listing policy not really clear + return codes documented http://wpbl.info/ + listing procedure is documented + usage policy implied: free to use + return codes documented http://www.aupads.org/ - http://www.backscatterer.org/ - fragwuerdige policy - bezahlen fuer schnelleres delisting - http://www.blockedservers.com/ - http://www.blocklist.de/en/index.html - http://www.emailbasura.org/cgi-bin/emailbasura-ini.pl?lang=eng + aka www.antispam-ufrj.pads.ufrj.br + aka www.orve.org + listing policy more or less clear + lists IPs and FQDNs + usage policy seems clear: freely exported by anybody who wants to use them« http://www.gbudb.com/truncate/ + listing policy + usage policy seems implied: free use + return codes documented + »Truncate is very conservative. On most systems it can be safely used to reject connections!« http://www.justspam.org/ + listing policy documented + warning: relies on listings in other DNSBLs! also for delisting! + usage policy clear + return codes: binary http://www.kempt.net/dnsbl/ - http://www.leadmon.net/spamguard/ + listing policy documented + usage policy documented + return codes undocumented http://www.spamcop.net/ - good policy + listing policy documented + The SCBL is aggressive and often errs on the side of blocking mail + usage policy is: free good reputation + return codes documented http://www.spamsources.fabel.dk/ - sensible policy - http://www.srntools.com/blacklist/ + usage policy is: free + listing policy seems clear + lists IPs http://www.uceprotect.net/en/index.php - https://bl.konstant.no/ - https://choon.net/rbl.php - https://www.abuse.ch/ - https://www.abuse.ch/?tag=httpbl - https://www.kisarbl.or.kr/ - https://www.megarbl.net/ - https://www.team-cymru.org/Services/Bogons/dns.html - http://mailspike.net/usage.html - reputation-based + takes money for faster delisting + listing policy is documented + usage policy is documented: free + a lot of drama + https://www.heise.de/hintergrund/Spam-Golem-291396.html + german + also see comments + https://news.admin.net-abuse.email.narkive.com/boJTu7JC/claus-v-wolfhausen-harasement + https://www.linode.com/community/questions/2324/uceprotectnet-has-us-blacklisted + https://uceprotect.wtf/ + https://www.aaroncake.net/misc/showthought.asp?thought=57 + https://www.dnsbl.com/search/label/claus%20v.%20wolfhausen + https://wordtothewise.com/2018/06/another-day-another-dead-blacklist/ + https://community.spiceworks.com/topic/2170592-uceprotect-blacklist-scam + http://kontech.net/uceprotect-blacklist-scheme-2020/ http://www.whitelisted.org/ paid subscription policy on site - https://puck.nether.net/or/ - policies on website + related to uceprotect, see there + https://www.team-cymru.org/Services/Bogons/dns.html + good reputation + lists IPs + does not list spammers but bogons + clear listing policy + usage policy not quite clear ATM + return codes documented: binary + http://mailspike.net/usage.html + lists IPs + response codes according to their reputation, both positive and negative + listing policy documented + usage policy documented http://www.isipp.com/email-accreditation/iadb-query-instruction/ requires signup not quite a usage policy, but seems ok