Comparison of DNS blacklists

Comparison of DNS blacklists: The following table lists technical information for a number of DNS blacklists.

Blacklist operator DNS blacklist Informational URL Zone Listing goal Nomination Listing lifetime Notes

ARM Research Labs, LLC GBUdb Truncate [1] truncate.gbudb.net Extremely conservative list of single IP4 addresses that produce exclusively spam/malware as indicated by the GBUdb IP Reuptation system. Most systems should be able to safely reject connections based on this list. Automatic: IPs are added when the GBUdb "cloud" statistics reach a probability figure that indicates 95% of messages produce a spam/malware pattern match and a confidence figure that indicates sufficient data to trust the probability data. Automatic: Continuous while reputation statistics remain bad. IPs are dropped quickly if the statistics improve (within an hour). IPs are dropped within 36 hours (typ) if no more messages are seen (dead zombie). Source data is derived from a global network of Message Sniffer^[1] filtering nodes in real-time. Truncate data is updated from statistics every 10 minutes.

invaluement DNSBL ivmSIP [2] N/A
(paid access via rsync) Single IP addresses which only send UBE. Specializing in snowshoe spam and other 'under the radar' spams which evade many other DNSBLs. Has FP-level comparable to Zen. Automatic (upon receipt of a spam to a real person's mailbox), with extensive whitelists and filtering to prevent false positives Typically an automatic expiration 11 days after the last abuse was seen, but with some exceptions Spam samples are always kept on file for each listing. Removal requests are quickly and manually reviewed and processed without fees.

ivmSIP/24 [3] N/A
(paid access via rsync) lists /24 blocks of IP addresses which usually only send UBE and containing at least several addresses which are confirmed emitters of junk mail. Automatic once at least several IP addresses from a given block are individually listed on ivmSIP, with extensive whitelists and filtering to prevent false positives expiration time increases to many weeks as the fraction of IP addresses in the /24 block in question sending junk mail increases Removal requests are quickly and manually reviewed and processed without fees.

ivmURI [4] N/A
(paid access via rsync) comparable to uribl.com and surbl.org, this is a list of IP addresses and domains which are used by spammers in the clickable links found in the body of spam messages Automatic (upon receipt of a spam to a real person's mailbox), with extensive whitelists and filtering to prevent false positives Typically an automatic expiration several weeks after the last abuse was seen. Spam samples are always kept on file for each listing. Removal requests are quickly and manually reviewed and processed without fees.

proxyBL dnsbl [5] dnsbl.proxybl.org Lists all types of open (publicly accessible) proxies Automated listing through crawling of websites As long as proxy is verified open (automated) Time between verifications increases exponentially in relation to the number of times the host was verified an open proxy

UCEPROTECT-Network UCEPROTECT Level 1 [6] dnsbl-1.uceprotect.net
(also free available via rsync [7]) Single IP addresses that send mail to spamtraps Automatic by a cluster of more than 60 trapservers ^[2] Automatic expiration 7 days after the last abuse was seen, optionally express delisting (fee) UCEPROTECT's primary and the only independent list

UCEPROTECT Level 2 [8] dnsbl-2.uceprotect.net
(also free available via rsync [9]) Allocations with exceeded UCEPROTECT Level 1 listings Automatic calculated from UCEPROTECT-Level 1 Automatic removal as soon as Level 1 listings decrease below Level 2 listing border, optionally express delisting (fee) Fully depending on Level 1

UCEPROTECT Level 3 [10] dnsbl-3.uceprotect.net
(also free available via rsync [11]) ASN's with excessive UCEPROTECT Level 1 listings Automatic calculated from UCEPROTECT-Level 1 Automatic removal as soon as Level 1 listings decrease below Level 3 listing border, optionally express delisting (fee) Fully depending on Level 1

Spam and Open Relay Blocking System (SORBS) dnsbl [12] dnsbl.sorbs.net Unsolicited bulk/commercial email senders N/A (See individual zones) N/A (See individual zones) Aggregate zone (all aggregates and what they include are listed on SORBS)^[3]

safe.dnsbl safe.dnsbl.sorbs.net Unsolicited bulk/commercial email senders N/A (See individual zones) N/A (See individual zones) "Safe" Aggregate zone (all zones in dnsbl.sorbs.net except "recent" and "escalations")

http.dnsbl http.dnsbl.sorbs.net Open HTTP proxy servers Feeder servers Until delisting requested.

socks.dnsbl socks.dnsbl.sorbs.net Open SOCKS proxy servers Feeder servers Until delisting requested.

misc.dnsbl misc.dnsbl.sorbs.net Additional proxy servers Feeder servers Until delisting requested. Those not already listed in the HTTP or SOCKS databases

smtp.dnsbl smtp.dnsbl.sorbs.net Open SMTP relay servers Feeder servers Until delisting requested.

web.dnsbl web.dnsbl.sorbs.net IP addresses with vulnerabilities that are exploitable by spammers (e.g. FormMail scripts) Feeder servers Until delisting requested or Automated Expiry

new.spam.dnsbl new.spam.dnsbl.sorbs.net Hosts that have sent spam to the admins of SORBS in the last 48 hours SORBS Admin and Spamtrap Renewed every 20 minutes based inclusion in on 'spam.dnsbl.sorbs.net'

recent.spam.dnsbl recent.spam.dnsbl.sorbs.net Hosts that have sent spam to the admins of SORBS in the last 28 days SORBS Admin and Spamtrap Renewed every 20 minutes based inclusion in on 'spam.dnsbl.sorbs.net'

old.spam.dnsbl old.spam.dnsbl.sorbs.net Hosts that have sent spam to the admins of SORBS in the last year SORBS Admin and Spamtrap Renewed every 20 minutes based inclusion in on 'spam.dnsbl.sorbs.net'

spam.dnsbl spam.dnsbl.sorbs.net Hosts that have allegedly sent spam to the admins of SORBS at any time SORBS Admin and Spamtrap. Until 1 year after the last spam is received and a request has been made or until the "fine" is paid for express delisting

escalations.dnsbl escalations.dnsbl.sorbs.net Netblocks of service providers believed to support spammers SORBS Admin fed. Until delisting requested and matter resolved. Service providers are added on receipt of a 'third strike' spam

block.dnsbl block.dnsbl.sorbs.net Hosts demanding that they never be tested Request by host N/A

zombie.dnsbl zombie.dnsbl.sorbs.net Hijacked networks SORBS Admin (manual submission) Until delisting requested.

dul.dnsbl dul.dnsbl.sorbs.net Dynamic IP address ranges SORBS Admin (manual submission) Until delisting requested. Not a list of dial-up IP addresses

rhsbl rhsbl.sorbs.net Aggregate RHS zones N/A N/A

badconf.rhsbl badconf.rhsbl.sorbs.net Domains with invalid A or MX records in DNS Open submission via automated testing page. Until delisting requested.

nomail.rhsbl nomail.rhsbl.sorbs.net Domains which the owners have confirmed will not be used for sending email Owner submission Until delisting requested.

Spamhaus SBL Advisory [13] sbl.spamhaus.org Verified sources of spam, including spammers and their support services Manual From 30 minutes to a year or more, depending on issue and resolution

XBL Advisory [14] xbl.spamhaus.org Illegal third-party exploits (e.g. open proxies and Trojan Horses) Third-party (see Notes) with automated additions Varies, under a month. Includes the Composite Blocking List and parts of the Not Just Another Bogus List

PBL Advisory [15] pbl.spamhaus.org Static, dial-up & DHCP IP address space that is not meant to be initiating SMTP connections Manual Unknown Should not be confused with the MAPS DUL and Wirehub Dynablocker lists

SBL+XBL [16] sbl-xbl.spamhaus.org A single lookup for querying the SBL and XBL databases

Zen [17] zen.spamhaus.org A single lookup for querying the SBL, XBL and PBL databases. The one to use to get all.

ORBITrbl Aggressive RBL RBL [18] rbl.orbitrbl.com Unsolicited bulk/Commercial email senders (/24 IP address block) Feeder servers Until delisting requested? (Only When Found to be Non Spam Source) Aggregate zone

Composite Blocking List CBL [19] cbl.abuseat.org
(also free available rsync access, on request see FAQ [20]) Only IP addresses exhibiting characteristics specific to open proxies, spamware, botnets and the like. Automatic: large spamtraps and production mail servers Temporary, until spam stops Use Spamhaus XBL or Spamhaus Zen instead; they include CBL.

Passive Spam Block List PSBL [21] psbl.surriel.com
(also free available via rsync [22]) IP addresses used to send spam to trap spamtraps Temporary, until spam stops

Intercept - DNS Blacklist (DNSBL) Intercept [23] intercept.datapacket.net IP addresses used to send spam to trap spamtraps Temporary, until spam stops

Weighted Private Block List WPBL [24] db.wpbl.info IP addresses used to send UBE to members spamtraps Temporary, until spam stops

SpamCop Blocking List SCBL [25] bl.spamcop.net IP addresses which have been used to transmit reported email to SpamCop users users submit Temporary, until spam stops

SpamRats RATSNOPTR [26] noptr.spamrats.com IP addresses detected as abusive at ISP's using MagicMail Servers, with no reverse DNS service Automatically Submitted Listed until removed, and reverse DNS configured

RATSDYNA [27] dyna.spamrats.com IP addresses detected as abusive at ISP's using MagicMail Servers, with non-conforming reverse DNS service (See Best Practises) indicative of compromised systems Automatically Submitted Listed until removed, and reverse DNS set to conform to Best Practises

RATSSPAM [28] spam.spamrats.com IP addresses detected as abusive at ISP's using MagicMail Servers, and manually confirmed as spam sources Manually Submitted Listed until removed

SpamCannibal spamcannibal.org [29] bl.spamcannibal.org IP addresses and related generic netblocks that have sent spam. spamtraps until removal requested and matter resolved by changing server DNS ptr record to a non-generic name. Even if a particular IP has not sent spam, it may be included in a generic netblock which will provide many false positives. listed=127.0.0.2

IPQuery ipquery.org [30] any.dnsl.ipquery.org Spam sources, relay abusers, backscatterers Automated, based on traffic observed locally, with some human supervision Automatic expiry (varies by type); webpage allows delisting Keeps a listing history; retains specimens

Not Just Another Bogus List NJABL DNSBL [31] dnsbl.njabl.org open SMTP relays, multi-stage SMTP open relays, spam sources, Insecure CGI scripts that allow open relaying, and open proxy servers spamtraps, testing, testing by trusted contributors Varies

Bad host, no cookie bhnc.njabl.org These hosts have done things proper SMTP servers don't do. spamtraps until de-listing requested

Distributed Realtime Blocking List drand DRBL node [32] spamtrap.drbl.drand.net IP addresses used to send spam to traps or members Automated [de]listing. Varies from spam type, rate and other sophisticated factors. 30 s to 1 week. Hight IP network aggregate threshold >= 254.

Junk Email Filter Hostkarma [33] hostkarma.junkemailfilter.com
blacklist.hostkarma.com Detects viruses by behavior using fake high MX and tracking non-use of QUIT Automated [de]listing Black list Data lives for 4 days. White list data lives for 10 days. 127.0.0.1=white 127.0.0.2=black 127.0.0.3=yellow

RFC-Ignorant.Org DSN (<>) [34] dsn.rfc-ignorant.org
(also free available via Rsync [35]) refusal to accept bounces (DSN) Open submission via automated testing page. Until delisting requested.

postmaster [36] postmaster.rfc-ignorant.org
(also free available via Rsync [37]) refusal to accept e-mail to postmaster

abuse [38] abuse.rfc-ignorant.org
(also free available via Rsync [39]) refusal to accept e-mail to abuse

whois [40] whois.rfc-ignorant.org
(also free available via Rsync [41]) bogus whois information

bogusmx [42] bogusmx.rfc-ignorant.org
(also free available via Rsync [43]) bogus MX record

The Abusive Hosts Blocking List (AHBL) dnsbl [44] dnsbl.ahbl.org Aggregate zone, contains UCE/bulk email senders, open proxies, open relays, trojaned/infected machines, comment/trackback spammers Feeder systems, manual Until delisting requested Aggregate zone (all aggregates and what they include are listed on AHBL)^[4]

rhsbl rhsbl.ahbl.org Domains sending spam, domains owned by spammers, comment spam domains, spammed URLs Manual

ircbl ircbl.ahbl.org Subset of dnsbl, contains only open proxies, compromised machines, comment spammers Until delisting requested Designed for use on IRC servers

tor tor.ahbl.org Current tor relay and exit nodes Automated N/A

Dronebl dnsbl [45] dnsbl.dronebl.org All-in-one abusive hosts blacklist Automated listing via distributed monitoring points Permanent until delisted via website.

Quorum.to ip-dnsbl [46] list.quorum.to. ( or per-subscriber: [id].list.quorum.to. ) Stop spam from hosts that send no legitimate mail (list most non-mail-sending hosts). Listings based on "instant" automated checks, recipient nomination and traps. Listings can be challenged. Subscribers vote to decide sender status. Public list follows standard dnsbl protocol. Subscription based service is more capable, but does not follow standard.

Spamanalysis.org GeoBL [47] User-defined: [*].geobl.spamanalysis.org Lists hosts known as being in certain geographic locations. Users set their own list of blocked countries. Hosts reported as being incorrectly located may be delisted. Allows basic monitoring, listed if A=127.0.0.2 or TXT=blocked

ATLBL ATLBL RBL [48] rbl.atlbl.net World wide abuse detection network made of spamtraps/honeypots. Automatic, as soon as no further abuse is detected. Allows simple DNSBL lookups of email spam sources.

ATLBL HBL [49] hbl.atlbl.net List malware/abuse sources by hostname and domain for use in email and forum spam detection. World wide abuse detection network made of spamtraps/honeypots. Automatic, as soon as no further abuse is detected. Allows simple DNSBL lookups of abuse sources.

ATLBL ABL [50] access.atlbl.net World wide abuse detection network made of spamtraps/honeypots. Automatic, as soon as no further abuse is detected. Allows simple DNSBL lookups of IP addresses for known abusive sources such as SSH brute force attack sources and other forms of internet crime and abuse.

Heise Zeitschriften Verlag GmbH & Co. KG and hosted by manitu GmbH NiX Spam (nixspam) [51] ix.dnsbl.manitu.net Lists single IPs (no IP ranges) that send spam to spamtraps. Automated listing due to spamtrap hits. Exceptions apply to bounces, NDRs and whitelisted IPs. 12 hours after last listing or until self delisting TXT records provide information of listing incident - NiX Spam also provides hashes for fuzzy checksum plugin (iXhash) for SpamAssassin.

inps.de inps.de-DNSBL [52] dnsbl.inps.de Single IP addresses IP addresses can be reported as known spam sources by users, additionally automated listing if spam arrives at the mailservers of inps.de IP addresses are listed until they are removed manually via the website. A- and TXT records are available for each entry; Removal is free after 30 days for automatic additions and after 7 days for manual additions; otherwise removal fee is at least EUR 10,00.

References

^ armresearch.com

^ Simpson, Ken. "Getting Onto a Blacklist Without Sending Any Spam". MailChannels Anti-Spam Blog. MailChannels Corporation. http://mailchannels.com/blog/2010/11/getting-off-of-blacklists-uceprotect-in-particular/. Retrieved 16 September 2011.

^ sorbs.net

^ ahbl.org

External links

Blacklists Compared, weekly reports since July 2001

Blacklist Monitor - accuracy and inaccuracy rates of various blacklists

Spam Links - DNS & RHS Blackhole Lists

Multiple DNSBL lookup online tool

Spam Blacklist Removal Instructions for Major ISPs

Resource that lists hundreds of DNSBL zones.

Categories:
Spamming

Blacklist operator	DNS blacklist	Informational URL	Zone	Listing goal	Nomination	Listing lifetime	Notes
ARM Research Labs, LLC GBUdb	Truncate	[1]	truncate.gbudb.net	Extremely conservative list of single IP4 addresses that produce exclusively spam/malware as indicated by the GBUdb IP Reuptation system. Most systems should be able to safely reject connections based on this list.	Automatic: IPs are added when the GBUdb "cloud" statistics reach a probability figure that indicates 95% of messages produce a spam/malware pattern match and a confidence figure that indicates sufficient data to trust the probability data.	Automatic: Continuous while reputation statistics remain bad. IPs are dropped quickly if the statistics improve (within an hour). IPs are dropped within 36 hours (typ) if no more messages are seen (dead zombie).	Source data is derived from a global network of Message Sniffer^[1] filtering nodes in real-time. Truncate data is updated from statistics every 10 minutes.
invaluement DNSBL	ivmSIP	[2]	N/A (paid access via rsync)	Single IP addresses which only send UBE. Specializing in snowshoe spam and other 'under the radar' spams which evade many other DNSBLs. Has FP-level comparable to Zen.	Automatic (upon receipt of a spam to a real person's mailbox), with extensive whitelists and filtering to prevent false positives	Typically an automatic expiration 11 days after the last abuse was seen, but with some exceptions	Spam samples are always kept on file for each listing. Removal requests are quickly and manually reviewed and processed without fees.
ivmSIP/24	[3]	N/A (paid access via rsync)	lists /24 blocks of IP addresses which usually only send UBE and containing at least several addresses which are confirmed emitters of junk mail.	Automatic once at least several IP addresses from a given block are individually listed on ivmSIP, with extensive whitelists and filtering to prevent false positives	expiration time increases to many weeks as the fraction of IP addresses in the /24 block in question sending junk mail increases	Removal requests are quickly and manually reviewed and processed without fees.
ivmURI	[4]	N/A (paid access via rsync)	comparable to uribl.com and surbl.org, this is a list of IP addresses and domains which are used by spammers in the clickable links found in the body of spam messages	Automatic (upon receipt of a spam to a real person's mailbox), with extensive whitelists and filtering to prevent false positives	Typically an automatic expiration several weeks after the last abuse was seen.	Spam samples are always kept on file for each listing. Removal requests are quickly and manually reviewed and processed without fees.
proxyBL	dnsbl	[5]	dnsbl.proxybl.org	Lists all types of open (publicly accessible) proxies	Automated listing through crawling of websites	As long as proxy is verified open (automated)	Time between verifications increases exponentially in relation to the number of times the host was verified an open proxy
UCEPROTECT-Network	UCEPROTECT Level 1	[6]	dnsbl-1.uceprotect.net (also free available via rsync [7])	Single IP addresses that send mail to spamtraps	Automatic by a cluster of more than 60 trapservers ^[2]	Automatic expiration 7 days after the last abuse was seen, optionally express delisting (fee)	UCEPROTECT's primary and the only independent list
UCEPROTECT Level 2	[8]	dnsbl-2.uceprotect.net (also free available via rsync [9])	Allocations with exceeded UCEPROTECT Level 1 listings	Automatic calculated from UCEPROTECT-Level 1	Automatic removal as soon as Level 1 listings decrease below Level 2 listing border, optionally express delisting (fee)	Fully depending on Level 1
UCEPROTECT Level 3	[10]	dnsbl-3.uceprotect.net (also free available via rsync [11])	ASN's with excessive UCEPROTECT Level 1 listings	Automatic calculated from UCEPROTECT-Level 1	Automatic removal as soon as Level 1 listings decrease below Level 3 listing border, optionally express delisting (fee)	Fully depending on Level 1
Spam and Open Relay Blocking System (SORBS)	dnsbl	[12]	dnsbl.sorbs.net	Unsolicited bulk/commercial email senders	N/A (See individual zones)	N/A (See individual zones)	Aggregate zone (all aggregates and what they include are listed on SORBS)^[3]
safe.dnsbl	safe.dnsbl.sorbs.net	Unsolicited bulk/commercial email senders	N/A (See individual zones)	N/A (See individual zones)	"Safe" Aggregate zone (all zones in dnsbl.sorbs.net except "recent" and "escalations")
http.dnsbl	http.dnsbl.sorbs.net	Open HTTP proxy servers	Feeder servers	Until delisting requested.
socks.dnsbl	socks.dnsbl.sorbs.net	Open SOCKS proxy servers	Feeder servers	Until delisting requested.
misc.dnsbl	misc.dnsbl.sorbs.net	Additional proxy servers	Feeder servers	Until delisting requested.	Those not already listed in the HTTP or SOCKS databases
smtp.dnsbl	smtp.dnsbl.sorbs.net	Open SMTP relay servers	Feeder servers	Until delisting requested.
web.dnsbl	web.dnsbl.sorbs.net	IP addresses with vulnerabilities that are exploitable by spammers (e.g. FormMail scripts)	Feeder servers	Until delisting requested or Automated Expiry
new.spam.dnsbl	new.spam.dnsbl.sorbs.net	Hosts that have sent spam to the admins of SORBS in the last 48 hours	SORBS Admin and Spamtrap	Renewed every 20 minutes based inclusion in on 'spam.dnsbl.sorbs.net'
recent.spam.dnsbl	recent.spam.dnsbl.sorbs.net	Hosts that have sent spam to the admins of SORBS in the last 28 days	SORBS Admin and Spamtrap	Renewed every 20 minutes based inclusion in on 'spam.dnsbl.sorbs.net'
old.spam.dnsbl	old.spam.dnsbl.sorbs.net	Hosts that have sent spam to the admins of SORBS in the last year	SORBS Admin and Spamtrap	Renewed every 20 minutes based inclusion in on 'spam.dnsbl.sorbs.net'
spam.dnsbl	spam.dnsbl.sorbs.net	Hosts that have allegedly sent spam to the admins of SORBS at any time	SORBS Admin and Spamtrap.	Until 1 year after the last spam is received and a request has been made or until the "fine" is paid for express delisting
escalations.dnsbl	escalations.dnsbl.sorbs.net	Netblocks of service providers believed to support spammers	SORBS Admin fed.	Until delisting requested and matter resolved.	Service providers are added on receipt of a 'third strike' spam
block.dnsbl	block.dnsbl.sorbs.net	Hosts demanding that they never be tested	Request by host	N/A
zombie.dnsbl	zombie.dnsbl.sorbs.net	Hijacked networks	SORBS Admin (manual submission)	Until delisting requested.
dul.dnsbl	dul.dnsbl.sorbs.net	Dynamic IP address ranges	SORBS Admin (manual submission)	Until delisting requested.	Not a list of dial-up IP addresses
rhsbl	rhsbl.sorbs.net	Aggregate RHS zones	N/A	N/A
badconf.rhsbl	badconf.rhsbl.sorbs.net	Domains with invalid A or MX records in DNS	Open submission via automated testing page.	Until delisting requested.
nomail.rhsbl	nomail.rhsbl.sorbs.net	Domains which the owners have confirmed will not be used for sending email	Owner submission	Until delisting requested.
Spamhaus	SBL Advisory	[13]	sbl.spamhaus.org	Verified sources of spam, including spammers and their support services	Manual	From 30 minutes to a year or more, depending on issue and resolution
XBL Advisory	[14]	xbl.spamhaus.org	Illegal third-party exploits (e.g. open proxies and Trojan Horses)	Third-party (see Notes) with automated additions	Varies, under a month.	Includes the Composite Blocking List and parts of the Not Just Another Bogus List
PBL Advisory	[15]	pbl.spamhaus.org	Static, dial-up & DHCP IP address space that is not meant to be initiating SMTP connections	Manual	Unknown	Should not be confused with the MAPS DUL and Wirehub Dynablocker lists
SBL+XBL	[16]	sbl-xbl.spamhaus.org	A single lookup for querying the SBL and XBL databases
Zen	[17]	zen.spamhaus.org	A single lookup for querying the SBL, XBL and PBL databases.			The one to use to get all.
ORBITrbl Aggressive RBL	RBL	[18]	rbl.orbitrbl.com	Unsolicited bulk/Commercial email senders (/24 IP address block)	Feeder servers	Until delisting requested? (Only When Found to be Non Spam Source)	Aggregate zone
Composite Blocking List	CBL	[19]	cbl.abuseat.org (also free available rsync access, on request see FAQ [20])	Only IP addresses exhibiting characteristics specific to open proxies, spamware, botnets and the like.	Automatic: large spamtraps and production mail servers	Temporary, until spam stops	Use Spamhaus XBL or Spamhaus Zen instead; they include CBL.
Passive Spam Block List	PSBL	[21]	psbl.surriel.com (also free available via rsync [22])	IP addresses used to send spam to trap	spamtraps	Temporary, until spam stops
Intercept - DNS Blacklist (DNSBL)	Intercept	[23]	intercept.datapacket.net	IP addresses used to send spam to trap	spamtraps	Temporary, until spam stops
Weighted Private Block List	WPBL	[24]	db.wpbl.info	IP addresses used to send UBE to members	spamtraps	Temporary, until spam stops
SpamCop Blocking List	SCBL	[25]	bl.spamcop.net	IP addresses which have been used to transmit reported email to SpamCop users	users submit	Temporary, until spam stops
SpamRats	RATSNOPTR	[26]	noptr.spamrats.com	IP addresses detected as abusive at ISP's using MagicMail Servers, with no reverse DNS service	Automatically Submitted	Listed until removed, and reverse DNS configured
RATSDYNA	[27]	dyna.spamrats.com	IP addresses detected as abusive at ISP's using MagicMail Servers, with non-conforming reverse DNS service (See Best Practises) indicative of compromised systems	Automatically Submitted	Listed until removed, and reverse DNS set to conform to Best Practises
RATSSPAM	[28]	spam.spamrats.com	IP addresses detected as abusive at ISP's using MagicMail Servers, and manually confirmed as spam sources	Manually Submitted	Listed until removed
SpamCannibal	spamcannibal.org	[29]	bl.spamcannibal.org	IP addresses and related generic netblocks that have sent spam.	spamtraps	until removal requested and matter resolved by changing server DNS ptr record to a non-generic name.	Even if a particular IP has not sent spam, it may be included in a generic netblock which will provide many false positives. listed=127.0.0.2
IPQuery	ipquery.org	[30]	any.dnsl.ipquery.org	Spam sources, relay abusers, backscatterers	Automated, based on traffic observed locally, with some human supervision	Automatic expiry (varies by type); webpage allows delisting	Keeps a listing history; retains specimens
Not Just Another Bogus List	NJABL DNSBL	[31]	dnsbl.njabl.org	open SMTP relays, multi-stage SMTP open relays, spam sources, Insecure CGI scripts that allow open relaying, and open proxy servers	spamtraps, testing, testing by trusted contributors	Varies
Bad host, no cookie	bhnc.njabl.org	These hosts have done things proper SMTP servers don't do.	spamtraps	until de-listing requested
Distributed Realtime Blocking List	drand DRBL node	[32]	spamtrap.drbl.drand.net	IP addresses used to send spam to traps or members	Automated [de]listing.	Varies from spam type, rate and other sophisticated factors. 30 s to 1 week.	Hight IP network aggregate threshold >= 254.
Junk Email Filter	Hostkarma	[33]	hostkarma.junkemailfilter.com blacklist.hostkarma.com	Detects viruses by behavior using fake high MX and tracking non-use of QUIT	Automated [de]listing	Black list Data lives for 4 days. White list data lives for 10 days.	127.0.0.1=white 127.0.0.2=black 127.0.0.3=yellow
RFC-Ignorant.Org	DSN (<>)	[34]	dsn.rfc-ignorant.org (also free available via Rsync [35])	refusal to accept bounces (DSN)	Open submission via automated testing page.	Until delisting requested.
postmaster	[36]	postmaster.rfc-ignorant.org (also free available via Rsync [37])	refusal to accept e-mail to postmaster
abuse	[38]	abuse.rfc-ignorant.org (also free available via Rsync [39])	refusal to accept e-mail to abuse
whois	[40]	whois.rfc-ignorant.org (also free available via Rsync [41])	bogus whois information
bogusmx	[42]	bogusmx.rfc-ignorant.org (also free available via Rsync [43])	bogus MX record
The Abusive Hosts Blocking List (AHBL)	dnsbl	[44]	dnsbl.ahbl.org	Aggregate zone, contains UCE/bulk email senders, open proxies, open relays, trojaned/infected machines, comment/trackback spammers	Feeder systems, manual	Until delisting requested	Aggregate zone (all aggregates and what they include are listed on AHBL)^[4]
rhsbl	rhsbl.ahbl.org	Domains sending spam, domains owned by spammers, comment spam domains, spammed URLs	Manual
ircbl	ircbl.ahbl.org	Subset of dnsbl, contains only open proxies, compromised machines, comment spammers	Until delisting requested	Designed for use on IRC servers
tor	tor.ahbl.org	Current tor relay and exit nodes	Automated	N/A
Dronebl	dnsbl	[45]	dnsbl.dronebl.org	All-in-one abusive hosts blacklist	Automated listing via distributed monitoring points	Permanent until delisted via website.
Quorum.to	ip-dnsbl	[46]	list.quorum.to. ( or per-subscriber: [id].list.quorum.to. )	Stop spam from hosts that send no legitimate mail (list most non-mail-sending hosts).	Listings based on "instant" automated checks, recipient nomination and traps.	Listings can be challenged. Subscribers vote to decide sender status.	Public list follows standard dnsbl protocol. Subscription based service is more capable, but does not follow standard.
Spamanalysis.org	GeoBL	[47]	User-defined: [*].geobl.spamanalysis.org	Lists hosts known as being in certain geographic locations.	Users set their own list of blocked countries.	Hosts reported as being incorrectly located may be delisted.	Allows basic monitoring, listed if A=127.0.0.2 or TXT=blocked
ATLBL	ATLBL RBL	[48]	rbl.atlbl.net		World wide abuse detection network made of spamtraps/honeypots.	Automatic, as soon as no further abuse is detected.	Allows simple DNSBL lookups of email spam sources.
ATLBL HBL	[49]	hbl.atlbl.net	List malware/abuse sources by hostname and domain for use in email and forum spam detection.	World wide abuse detection network made of spamtraps/honeypots.	Automatic, as soon as no further abuse is detected.	Allows simple DNSBL lookups of abuse sources.
ATLBL ABL	[50]	access.atlbl.net		World wide abuse detection network made of spamtraps/honeypots.	Automatic, as soon as no further abuse is detected.	Allows simple DNSBL lookups of IP addresses for known abusive sources such as SSH brute force attack sources and other forms of internet crime and abuse.
Heise Zeitschriften Verlag GmbH & Co. KG and hosted by manitu GmbH	NiX Spam (nixspam)	[51]	ix.dnsbl.manitu.net	Lists single IPs (no IP ranges) that send spam to spamtraps.	Automated listing due to spamtrap hits. Exceptions apply to bounces, NDRs and whitelisted IPs.	12 hours after last listing or until self delisting	TXT records provide information of listing incident - NiX Spam also provides hashes for fuzzy checksum plugin (iXhash) for SpamAssassin.
inps.de	inps.de-DNSBL	[52]	dnsbl.inps.de	Single IP addresses	IP addresses can be reported as known spam sources by users, additionally automated listing if spam arrives at the mailservers of inps.de	IP addresses are listed until they are removed manually via the website.	A- and TXT records are available for each entry; Removal is free after 30 days for automatic additions and after 7 days for manual additions; otherwise removal fee is at least EUR 10,00.

Игры ⚽ Нужна курсовая?

Look at other dictionaries:

DNSBL — A DNSBL (DNS based Blackhole List, Block List, or Blacklist; see below) is a list of IP addresses published through the Internet Domain Name Service (DNS) either as a zone file that can be used by DNS server software, or as a live DNS zone that… … Wikipedia
Spam and Open Relay Blocking System — SORBS (Spam and Open Relay Blocking System) is a list of e mail servers suspected of sending or relaying spam (a DNS blacklist). It has been augmented with complementary lists that include various other classes of hosts, allowing for customized… … Wikipedia
The Spamhaus Project — is an international organisation (founded by Steve Linford in 1998) to track e mail spammers and spam related activity. It is named for the anti spam jargon term coined by Linford, spamhaus, a pseudo German expression for an ISP or other firm… … Wikipedia
Composite Blocking List — In computer networking, the Composite Blocking List (CBL) is a DNS based Blackhole List of suspected E mail spam sending computer infections. The CBL takes its source data from very large spamtraps/mail infrastructures, and only lists IPs… … Wikipedia
Mail Abuse Prevention System — The Mail Abuse Prevention System (MAPS) is an organisation that provides anti spam support by maintaining a DNSBL. They provide five black lists, categorising why an address or an IP block is listed: Real time Blackhole List (RBL), the one for… … Wikipedia
SpamCop — is a free spam reporting service, allowing recipients of unsolicited bulk email (UBE) and unsolicited commercial email (UCE) to report offenses to the senders Internet Service Providers (ISPs), and sometimes their web hosts. SpamCop uses these… … Wikipedia
Anti-spam techniques — To prevent e mail spam (aka unsolicited bulk email), both end users and administrators of e mail systems use various anti spam techniques. Some of these techniques have been embedded in products, services and software to ease the burden on users… … Wikipedia
Anti-spam techniques (e-mail) — To prevent e mail spam, both end users and administrators of e mail systems use various anti spam techniques. Some of these techniques have been embedded in products, services and software to ease the burden on users and administrators. No one… … Wikipedia
Domain Name System — The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the… … Wikipedia
Proxy server — For Wikipedia s policy on editing from open proxies, please see Wikipedia:Open proxies. Communication between two computers (shown in grey) connected through a third computer (shown in red) acting as a proxy. In … Wikipedia

Academic Dictionaries and Encyclopedias

Comparison of DNS blacklists

References

External links

Look at other dictionaries:

Share the article and excerpts

Academic Dictionaries and Encyclopedias

Wikipedia

Comparison of DNS blacklists

References

External links

Look at other dictionaries:

Share the article and excerpts

Direct link