X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=dnslists.otl;h=8b3185dc93e8675457cf85d80175f5761fcc39bc;hb=77544618e11b1680139c8d4ed5e0dea1f679de48;hp=f79868390f2d2eefbada36db041d790d8e48ffd0;hpb=bf50682219580a32b855cdb7a2e7262ad0f1ec56;p=user%2Fhenk%2Fdocs%2Fdnsbl_notes.git diff --git a/dnslists.otl b/dnslists.otl index f798683..8b3185d 100644 --- a/dnslists.otl +++ b/dnslists.otl @@ -23,6 +23,7 @@ TODO https://knowledge.validity.com/hc/en-us/sections/204468388-Blocklists https://github.com/zbetcheckin/DNSBLs https://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists + https://www.impressionwise.com/kb/threats/rbl-advisories.html 00_ELANG http://dnsbl.aspnet.hu/ hungarian? @@ -187,6 +188,30 @@ TODO changes to the CBL that occured in January 2021. In short, the CBL infrastructure was replaced by the Spamhaus XBL structure http://dnsbl.burnt-tech.com/ domain is for sale + http://rbl.dns-servicios.com/rbl.php + website can not be found + http://spamcannibal.org/ + dead, as of at least 2018 + http://st.technovision.dk/ + https://docs.hetrixtools.com/st-technovision-dk-inactive-removed/ + [December 8, 2021] This RBL has stopped responding to DNS queries. + http://spamstinks.com/ + cert is for generic hostname + website shows some login form + http://virbl.bit.nl/ + https://www.rollernet.us/2017/01/shutdown-of-virbl-dnsbl-bit-nl/ + January 23, 2017: »The Virbl-project site has been replaced by this static message to inform those that find their ways here. The Virbl DNSBL-zone was emptied and will be removed all together at a moment further on in the future.« + http://www.blocklist.de/en/index.html + lots of timeouts as of 2023 + forum link is dead, among others + seems unmaintained but alive + latest news is from 2016 + latest blog entry from 2022 + Abusix, a network security company for mail security and abuse report handling, takes over blocklist.de to integrate it within its Abusix platform to further improve its data quality. + http://www.emailbasura.org/cgi-bin/emailbasura-ini.pl?lang=eng + placeholder/parked? + http://www.leadmon.net/spamguard/ + website times out 00_NEEDS_RECHECK https://antispam.imp.ch/ no usage policy @@ -259,6 +284,24 @@ TODO 00_E_EVIL sbl.nszones.com http://www.spamhaus.org/organization/statement/008/fake-dnsbl-uncovered-nszones.com + http://www.backscatterer.org/ + questionable policy - pay for (quicker) delisting + https://support.hornetsecurity.com/hc/en-us/articles/360011880797-Why-are-Hornetsecurity-IP-addresses-listed-at-Backscatterer- + as of December 29, 2021: »The removal at the blacklist backscatterer.org can only be done for a fee« + https://www.warmy.io/blog/backscatterer-blacklist-how-to-remove-your-ip-from-it + in March 17, 2023 does not mention need to pay + https://support.forcepoint.com/s/article/Forcepoint-IP-s-blocklisted-by-UCEProtect-and-Backscatterer-org + recommend against using it + https://whatismyipaddress.com/backscatterer + mentions strict delisting process and "express delisting" but nothing further + https://bobcares.com/blog/backscatterer-blacklist/ + goes through the process with screenshots showing express delisting for 109$ + https://community.cisco.com/t5/email-security/issues-with-www-backscatterer-org-any-one/td-p/1298377 + more opinions + https://www.titanhq.com/blog/warning-ignore-pay-for-de-listing-blacklist-service/ + Jan 17th, 2020: »UCEProtect also charges a delisting fee. TitanHQ discourages email administrators from using the UCEProtect blacklist and we do not recommend paying for list removal« + https://web.archive.org/web/20150320180344/http://www.jvfconsulting.com/blog/130/Backscatterer_Network_Spam_List_Is_Another_UCEPROTECT_Extortion_Scam.html + another opinion 00_E_INFORMATION blacklist.sci.kun.nl https://cncz.science.ru.nl/en/howto/email-spam/ @@ -299,6 +342,29 @@ TODO https://docs.trendmicro.com/en-us/enterprise/email-reputation-services-online-help/getting-started_001/configuring-email-re/creating-an-account.aspx »If you don’t create an account, you can still query the reputation of an IP address« I don’t find any pricing or usage information + http://dnsbl.tornevall.org/ + https://www.tornevall.net/ + related to https://www.fraudbl.org/ + seems a bit unstructured and not very well documented + I can’t be arsed to deal with confluence slowing my browser to a halt repeatedly and it’s really hard to navigate but there seems to be some information on https://docs.tornevall.net/display/TORNEVALL/Endpoint%3A+dnsbl+-+DNSBL+v5+with+API+v3 + seems active + http://rbl.schulte.org/ + seems active + listing policy seems to be: they received spam from an IP + usage policy: Anyone can use this RBL list [sic] + return codes: probably boolean, i.e. either listed or not + http://relaytest.kundenserver.de/ + by 1und1 (now ionos?), used internally + https://www.blalert.com/dnsbl/relays.bl.kundenserver.de + no usage policy found + no listing policy found + no return code explanation found + http://www.blockedservers.com/ + no usage policy + no listing policy + no documentation + "funny": + No rights given; all rights are in the dumpster; Copyleft 2012 - 3013 - page generated in 0.009843111038208 secs 00_E_PAID 00_E_PRIVATE 88.blacklist.zap @@ -448,6 +514,10 @@ TODO 00_LISTS_OPENRESOLVERS 00_LISTS_TORNODES https://www.dan.me.uk/dnsbl + http://rbl.efnetrbl.org/ + aka http://tor.efnet.org/ + lists IPs + lists open proxies, infected machines, tornodes, etc. https://0spam.org/ clear information on usage policy Nothing. The 0Spam Project is absolutely free for email providers, IT professionals and general removal request. @@ -458,11 +528,6 @@ TODO nbl.0spam.org Network Black List | Spam Source Networks, high volume of spam trap hits in a Class C block will result in network listings in this DNSBL. url.0spam.org URL Black List | This list contains the IP address of domains found to be in the source of spam emails found in our traps. return codes not very clear - http://dnsbl.tornevall.org/ - https://www.tornevall.net/ - related to https://www.fraudbl.org/ - seems a bit unstructured and not very well documented - seems active https://abuse.ro/ policy spamtraps @@ -470,35 +535,62 @@ TODO Sender domains are analyzed and if confirmed to be not spoofed, are listed into dbl.abuse.ro list Spamvertized domains (including those indirectly linked through services like bit.ly) are listed into uribl.abuse.ro list http://dronebl.org/ - http://mailspike.net/usage.html + usage policy is clear: free for whatever + listing policy is not quite so clear + can be mostly inferred from the classes but not entirely clear IMHO + has an IRC channel + return codes + not explicitly mentioned but it’s 127.0.0.X where X is the class from https://dronebl.org/classes http://psbl.org/ query zone: psbl.surriel.com - http://rbl.dns-servicios.com/rbl.php - http://rbl.schulte.org/ + no usage policy, but seems implied that usage is free + listing policy + no explicit, complete policy given but sending to spamtraps is mentioned to get you listed and seems the exclusive mechanism + return codes + not documented, probably only boolean http://rbldata.interserver.net/ - may be dead: http://www.blalert.com/dnsbl/rbl.interserver.net - http://relaytest.kundenserver.de/ + listing policy more or less clear + usage policy not given but since usage is explained it’s probably free for all + return codes seem to be binary, i.e. either listed or not + lists IPs + lists domains/URIs http://rv-soft.info/ - http://spamcannibal.org/dnsbl_check.shtml + usage policy not explicit but seems to be free + listing policy also not explicit but can be inferred from return code explanation + return codes are explained http://spamrats.com/ - http://spamstinks.com/ - http://st.technovision.dk/ - http://tor.efnet.org/ - http://rbl.efnetrbl.org/ MIRROR + clear usage policy (ToS) + listing policies documented + return codes of aggregated list documented + lists IPs http://v4bl.org/ - http://virbl.bit.nl/ + usage policy documented + listing policy not really clear + return codes documented http://wpbl.info/ + listing procedure is documented + usage policy implied: free to use + return codes documented http://www.aupads.org/ - http://www.backscatterer.org/ - fragwuerdige policy - bezahlen fuer schnelleres delisting - http://www.blockedservers.com/ - http://www.blocklist.de/en/index.html - http://www.emailbasura.org/cgi-bin/emailbasura-ini.pl?lang=eng + aka www.antispam-ufrj.pads.ufrj.br + aka www.orve.org + listing policy more or less clear + lists IPs and FQDNs + usage policy seems clear: freely exported by anybody who wants to use them« http://www.gbudb.com/truncate/ + listing policy + usage policy seems implied: free use + return codes documented + »Truncate is very conservative. On most systems it can be safely used to reject connections!« http://www.justspam.org/ + listing policy documented + warning: relies on listings in other DNSBLs! also for delisting! + usage policy clear + return codes: binary http://www.kempt.net/dnsbl/ - http://www.leadmon.net/spamguard/ - http://www.rbl.jp/allrbl-e.html + listing policy documented + usage policy documented + return codes undocumented http://www.spamcop.net/ good policy good reputation @@ -506,13 +598,8 @@ TODO sensible policy http://www.srntools.com/blacklist/ http://www.uceprotect.net/en/index.php - http://www.usenix.org.uk/content/rbl.html - http://zapbl.net/ https://bl.konstant.no/ https://choon.net/rbl.php - https://puck.nether.net/or/ - might be good - https://rbl.foobar.hu/ https://www.abuse.ch/ https://www.abuse.ch/?tag=httpbl https://www.kisarbl.or.kr/ @@ -520,19 +607,13 @@ TODO https://www.team-cymru.org/Services/Bogons/dns.html http://mailspike.net/usage.html reputation-based - http://www.spamhauswhitelist.com/en/ - policies for listing and usage on the website http://www.whitelisted.org/ paid subscription policy on site https://puck.nether.net/or/ policies on website - https://rbl.foobar.hu/ - usage and listing policies on website http://www.isipp.com/email-accreditation/iadb-query-instruction/ requires signup - https://choon.net/rbl.php not quite a usage policy, but seems ok strange split of ipv4 and ipv6 seems dead? - https://www.dnswl.org/