Professional Documents
Culture Documents
Spam List
Spam List
[2]
truncate.gbudb.net
Extremely conservative list of single IP4 addresses that produce exclusively spam/malware as indicated by the GBUdb IP Most systems should be able to safely reject connections based on this list.
Automatic: IPs are added when the GBUdb "cloud" statistics reach a probability figure that indicates 95% of messages produce a spam/malware pattern match and a indicates sufficient data to trust the probability data.
Automatic: Continuous while reputation statistics remain bad. IPs are dropped quickly if the statistics improve (within an hour). IPs are dropped within 36 hours (typ) if no more messages are seen (dead zombie).
Source data is derived from a global network of Message [3] Sniffer filtering nodes in real-time. Truncate data is updated from statistics every 10 minutes.
invaluement DNSBL
[4]
ivmSIP
[5]
Single IP addresses which only send UBE. Specializing in snowshoe spam and other 'under the radar' spams which evade many other DNSBLs. Has FP-level comparable to Zen.
Automatic (upon real person's mailbox), with extensive whitelists and filtering to prevent false positives
Typically an 11 days after the last abuse was seen, but with some exceptions
Spam samples are always kept on file for each listing. Removal requests are quickly and manually reviewed and processed without fees.
ivmSIP/24
[6]
lists /24 blocks of IP addresses which usually only send UBE and several addresses which are confirmed emitters of junk mail.
Automatic once at least several IP addresses from a given block are ivmSIP, with extensive whitelists and filtering to prevent false positives
expiration time increases to many weeks as the fraction of IP addresses in the sending junk mail increases
Removal requests are quickly and manually reviewed and processed without fees.
ivmURI
[7]
comparable to uribl.com and surbl.org, this is a list of IP addresses and domains which are used by spammers in the clickable links found in the body of spam messages
Automatic (upon real person's mailbox), with extensive whitelists and filtering to prevent false positives
Spam samples are always kept on file for each listing. Removal requests are quickly and manually reviewed and processed without fees.
2
dnsbl.proxybl.org Lists all types of open (publicly accessible) proxies Automated listing through crawling of websites As long as proxy is verified open (automated) Time between verifications increases exponentially in relation to the number of times the host was verified an open proxy
proxyBL
dnsbl
[8]
[9]
Automatic by a 60 trapservers
Automatic expiration UCEPROTECT's 7 days after the last abuse was seen, optionally express delisting (fee) primary and the only independent list
[10])
UCEPROTECT Level 2
[11]
Automatic removal as soon as Level 1 listings decrease below Level 2 listing border, optionally express delisting (fee)
[10])
UCEPROTECT Level 3
[12]
Automatic removal as soon as Level 1 listings decrease below Level 3 listing border, optionally express delisting (fee)
[10])
3
dnsbl.sorbs.net Unsolicited bulk/commercial email senders N/A (See individual zones) N/A (See individual zones)
dnsbl
[13]
Aggregate zone (all aggregates and what they include are listed on [14])
safe.dnsbl
safe.dnsbl.sorbs.net
"Safe" Aggregate zone (all zones in dnsbl.sorbs.net except "recent" and "escalations")
http.dnsbl
http.dnsbl.sorbs.net
Feeder servers
socks.dnsbl
socks.dnsbl.sorbs.net
Feeder servers
misc.dnsbl
misc.dnsbl.sorbs.net
Feeder servers
smtp.dnsbl
smtp.dnsbl.sorbs.net
Feeder servers
web.dnsbl
web.dnsbl.sorbs.net
IP addresses with vulnerabilities that are exploitable by spammers (e.g. FormMail scripts)
Feeder servers
new.spam.dnsbl
new.spam.dnsbl.sorbs.net
Hosts that have sent spam to the admins of SORBS in the last 48 hours
recent.spam.dnsbl
recent.spam.dnsbl.sorbs.net
Hosts that have sent spam to the admins of SORBS in the last 28 days
4
old.spam.dnsbl.sorbs.net Hosts that have sent spam to the admins of SORBS in the last year SORBS Admin and Spamtrap Renewed every 20 minutes based inclusion in on 'spam.dnsbl.sorbs.net'
old.spam.dnsbl
spam.dnsbl
spam.dnsbl.sorbs.net
Hosts that have allegedly sent spam to the admins of SORBS at any time
Until 1 year after the last spam is received and a request has been made or until the "fine" is paid for express delisting
escalations.dnsbl
escalations.dnsbl.sorbs.net
block.dnsbl
block.dnsbl.sorbs.net
Request by host
N/A
zombie.dnsbl
zombie.dnsbl.sorbs.net
Hijacked networks
Until delisting requested. Until delisting requested. Not a list of dial-up IP addresses
dul.dnsbl
dul.dnsbl.sorbs.net
rhsbl
rhsbl.sorbs.net
N/A
N/A
badconf.rhsbl
badconf.rhsbl.sorbs.net
nomail.rhsbl
nomail.rhsbl.sorbs.net
Domains which the owners have confirmed will not be used for sending email
5
sbl.spamhaus.org Verified sources of spam, including spammers and their support services Manual From 30 minutes to a year or more, depending on issue and resolution
Spamhaus
SBL Advisory
[15]
XBL Advisory
[16]
xbl.spamhaus.org
Includes the Composite Blocking List and parts of the Not Just Another Bogus List
PBL Advisory
[17]
pbl.spamhaus.org
Static, dial-up & DHCP IP address space that is not meant to be initiating SMTP connections
Manual
Unknown
Should not be confused with the MAPS DUL and Wirehub Dynablocker lists
SBL+XBL
[18]
sbl-xbl.spamhaus.org
Zen
[19]
zen.spamhaus.org
A single lookup for querying the SBL, XBL and PBL databases.
RBL
[20]
rbl.orbitrbl.com
Feeder servers
Aggregate zone
CBL
[21]
Only IP addresses exhibiting characteristics specific to open proxies, spamware, and the like.
large spamtraps
PSBL
[23]
IP addresses used to send spam to trap IP addresses used to send spam to trap
spamtraps
[24])
Intercept - DNS Blacklist (DNSBL) db.wpbl.info Intercept
[25]
intercept.datapacket.net
spamtraps
WPBL
[26]
spamtraps
SCBL
[27]
bl.spamcop.net
IP addresses which have been used to transmit reported email to SpamCop users
users submit
6
noptr.spamrats.com IP addresses detected as abusive at ISP's using MagicMail Servers, with no reverse DNS service Automatically Submitted Listed until removed, and reverse DNS configured
SpamRats
RATSNOPTR
[28]
RATSDYNA
[28]
dyna.spamrats.com
IP addresses detected as abusive at ISP's using MagicMail Servers, with non-conforming reverse DNS service (See Best Practises) indicative of compromised systems
Automatically Submitted
Listed until removed, and reverse DNS set to conform to Best Practises
RATSSPAM
[28]
spam.spamrats.com
IP addresses detected as abusive at ISP's using MagicMail Servers, and manually confirmed as spam sources
Manually Submitted
SpamCannibal
spamcannibal.org
[29]
bl.spamcannibal.org
spamtraps
until removal
Even if a
requested and matter particular IP has resolved by changing not sent spam, it server DNS ptr record to a non-generic name. may be included in a generic netblock which will provide many false positives. listed=127.0.0.2
IPQuery
ipquery.org
[30]
any.dnsl.ipquery.org
NJABL DNSBL
[31]
dnsbl.njabl.org
open SMTP relays, multi-stage SMTP open relays, spam sources, Insecure CGI scripts that allow open relaying, and open proxy servers
bhnc.njabl.org
These hosts have done things proper SMTP servers don't do.
spamtraps
7
spamtrap.drbl.drand.net IP addresses used to send spam to traps or members Automated [de]listing. Varies from spam type, rate and other sophisticated factors. 30 s to 1 week. Hight IP network aggregate threshold >= 254.
[32]
Hostkarma
[33]
hostkarma.junkemailfilter.com Detects viruses by Automated [de]listing Black list Data lives 127.0.0.1=white blacklist.hostkarma.com behavior using fake high MX and tracking non-use of QUIT for 4 days. White list 127.0.0.2=black data lives for 10 days. 127.0.0.3=yellow
RFC-Ignorant.Org
DSN (<>)
[34]
[35])
postmaster
[36]
[35])
abuse
[37]
[35])
whois
[38]
[35])
bogusmx
[39]
bogus MX record
[35])
The Abusive Hosts Blocking List (AHBL) dnsbl
[40]
dnsbl.ahbl.org
Aggregate zone, contains UCE/bulk email senders, open proxies, open relays, trojaned/infected machines, comment/trackback spammers
Aggregate zone (all aggregates and what they include are listed on [41])
rhsbl
rhsbl.ahbl.org
Domains sending spam, domains owned by spammers, comment spam domains, spammed URLs
Manual
ircbl
ircbl.ahbl.org
Subset of dnsbl, contains only open proxies, compromised machines, comment spammers
tor
tor.ahbl.org
Automated
N/A
8
dnsbl.dronebl.org All-in-one abusive Automated listing via hosts blacklist distributed monitoring points Permanent until delisted via website.
Dronebl
dnsbl
[42]
Quorum.to
ip-dnsbl
[43]
Stop spam from hosts that send no legitimate mail (list most non-mail-sending hosts).
Public list follows standard dnsbl protocol. Subscription based service is more capable, but does not follow standard.
Spamanalysis.org
GeoBL
[44]
User-defined: [*].geobl.spamanalysis.org
ATLBL
ATLBL RBL
[45]
rbl.atlbl.net
ATLBL HBL
[45]
hbl.atlbl.net
List malware/abuse sources by hostname and domain for use in email and forum spam detection.
ATLBL ABL
[45]
access.atlbl.net
Allows simple of IP addresses for known abusive sources such as SSH brute force attack sources and other forms of internet crime and abuse.
Heise Zeitschriften Verlag GmbH & Co. KG and hosted by manitu [46] GmbH
[47]
ix.dnsbl.manitu.net
Lists single IPs (no Automated listing due IP ranges) that send spam to spamtraps. to spamtrap hits. Exceptions apply to bounces, NDRs and whitelisted IPs.
TXT records provide information of listing incident NiX Spam also provides hashes for fuzzy checksum plugin (iXhash) for SpamAssassin.
9
dnsbl.inps.de Single IP addresses IP addresses can be reported as known spam sources by users, additionally automated listing if spam arrives at the mailservers of inps.de IP addresses are listed until they are removed manually via the website. A- and TXT records are available for each entry; Removal is free after 30 days for automatic additions and after 7 days for manual additions; otherwise removal fee is at least EUR 10,00.
inps.de
inps.de-DNSBL
[48]
External links
Blacklists Compared [49], weekly reports since July 2001 Blacklist Monitor - accuracy and inaccuracy rates of various blacklists [50] Spam Links - DNS & RHS Blackhole Lists [51] Multiple DNSBL lookup online tool [52] Spam Blacklist Removal Instructions for Major ISPs [53] Resource that lists hundreds of DNSBL zones. [54]
References
[1] [2] [3] [4] [5] [6] http:/ / www. gbudb. com/ http:/ / www. gbudb. com/ truncate/ http:/ / www. armresearch. com/ http:/ / dnsbl. invaluement. com/ http:/ / dnsbl. invaluement. com/ ivmsip/ http:/ / dnsbl. invaluement. com/ ivmsip24/
[7] http:/ / dnsbl. invaluement. com/ ivmuri/ [8] http:/ / proxybl. org/ [9] http:/ / www. uceprotect. net/ en/ index. php?m=3& s=3 [10] http:/ / www. uceprotect. net/ en/ index. php?m=6& s=10 [11] http:/ / www. uceprotect. net/ en/ index. php?m=3& s=4 [12] http:/ / www. uceprotect. net/ en/ index. php?m=3& s=5 [13] http:/ / www. sorbs. net/ [14] http:/ / www. sorbs. net/ using. shtml [15] http:/ / www. spamhaus. org/ sbl [16] http:/ / www. spamhaus. org/ xbl [17] http:/ / www. spamhaus. org/ pbl [18] http:/ / www. spamhaus. org [19] http:/ / www. spamhaus. org/ zen [20] http:/ / www. orbitrbl. com [21] http:/ / cbl. abuseat. org/ [22] http:/ / www. njabl. org/ rsync. html [23] http:/ / psbl. surriel. com/ [24] http:/ / psbl. surriel. com/ howto/ [25] http:/ / intercept. datapacket. net/ [26] http:/ / www. wpbl. info/ [27] http:/ / spamcop. net/ bl. shtml [28] http:/ / www. spamrats. com
10
11
License
Creative Commons Attribution-Share Alike 3.0 Unported http:/ / creativecommons. org/ licenses/ by-sa/ 3. 0/