path: root/dnslists.otl

TODO
	check and link (de)listing policy
		NOGO: delisting for money
	check and link usage policy
	check and link return codes
	find newsfeed or mailinglist
	give feedback?
	implement in exim
	implement in SA
	implement in rspamd
00_META
	https://bugs.launchpad.net/ubuntu/+source/amispammer/+bug/835614
	http://www.blalert.com/dnsbls
	http://www.dnsbl.info/dnsbl-list.php
	http://dnsbl.inps.de/index.cgi?lang=en&site=00002
	http://www.sdsc.edu/~jeff/spam/cbc.html
	http://moensted.dk/spam/
	https://whatismyipaddress.com/blacklist-check
	https://multirbl.valli.org/
	https://glockapps.com/blacklist/
	https://docs.hetrixtools.com/monitored-blacklists/
	https://www.blacklistmaster.com/
	https://knowledge.validity.com/hc/en-us/sections/204468388-Blocklists
	https://github.com/zbetcheckin/DNSBLs
	https://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists
	https://www.impressionwise.com/kb/threats/rbl-advisories.html
00_ELANG
	http://dnsbl.aspnet.hu/
		hungarian?
	http://spam-rbl.fr/
		french
	https://mav.com.br/
		maybe? they have antispam but it’s all portugese? or spanish? no idea
00_DEAD
	http://openrbl.org/
		as seems dead
			404s
			wiki is down
	http://mailhosts.org/
		dead
			https://www.blalert.com/dnsbl/shortlist.mailhosts.org
	blitzed.org
		dead since 2006
			https://www.dnsbl.com/2007/02/status-of-opmblitzedorg-dead.html
				referenced ML post is 404
	blackholes.five-ten-sg.com
		Offline as of 1/1/2013
			https://whatismyipaddress.com/five-ten-sg
	dynip.rothen.com
		On 9/29/2020 the ROTHEN blacklist appears to have started to list the entire internet
			https://www.dnsbl.info/dnsbl-details.php?dnsbl=dynip.rothen.com
	fl.chickenboner.biz
		dead since 2011
			https://community.spiceworks.com/topic/329762-blacklist-removal
			https://bugs.launchpad.net/ubuntu/+source/amispammer/+bug/835614
		website contains spam/crap
	http://cart00ney.surriel.com/
		cart00ney.org is dead
	http://dsbl.org/
		points to surriel.com
	http://csma.biz/
		domain is for sale
		dead since 2013
			https://www.dnsbl.com/2013/02/status-of-blcsmabiz-dead.html
	http://dnsbl.net.au/
		website contains info about living in australia? called "AusBlog"
		http://www.dnsbl.com/2009/04/status-of-dnsblnetau-dead.html
	http://moensted.dk/spam/
		dead since 2010
		https://moensted.dk/spam/
	http://rbl.mw-internet.net/
		domain was parked
		2023: it is an asian(?) gambling(?) website
	http://www.blackholes.us/
		dead since 2009
			https://www.dnsbl.com/2009/10/status-of-blackholesus-dead.html
	http://www.deadbeef.com/
		dead, no info
	spamsources.dnsbl.info
		dead since 2011 or so
			http://www.dnsbl.info/spamsources-dnsbl-defunct.php
	http://www.gweep.ca/
		domain dead, no other info
	http://www.njabl.org/
		dead since 2013
			https://en.wikipedia.org/wiki/Not_Just_Another_Bogus_List
	http://wytnij.to/
		website parked, no other info
	https://www.transip.nl/
		dead since 2013
			https://www.blalert.com/dnsbl/proxy.block.transip.nl
			https://www.blalert.com/dnsbl/residential.block.transip.nl
	pss.spambusters.org.ar
		NXDOMAIN
	rbl.snark.net
		NXDOMAIN
		https://snark.net/ gives access denied
	whois.rfc-ignorant.org
		NXDOMAIN
		rfc-ignorant.org registered but no A/AAAA record
		dead since 2012
			http://www.h-online.com/security/news/item/RFC-Ignorant-org-blacklist-closes-down-1724814.html
			https://www.dnsbl.com/2012/09/status-of-rfc-ignorantorg-shutting-down.html
	will-spam-for-food.eu.org
		unmaintained
		dead
			https://rfc1149.net/blog/2012/01/22/who-did-resurrect-will-spam-for-food/
	http://proxybl.org/
		dead, seemingly written on http://proxybl.org/blog but that’s also dead
		https://linuxreviews.org/Mail_Spam_Blacklists
		https://community.sophos.com/utm-firewall/f/web-server-security/50273/dnsbl-proxybl-org-offline
	dev.null.dk
		timeout, also on the parent null.dk
		effectively dead
	dnsbl.mags.net
		seems dead, no info to be found
		domain does not respond
	http://msrbl.blogspot.ch/
		http://msrbl.blogspot.com/ says "no updates" since 2010 but supposed to be reactivated
		effectively dead
	http://www.olsentech.net/
		strange content on web
		effectively dead
	rbl.orbitrbl.com
		http://www.orbitrbl.com/
		timeout
	rbl.polarcomm.net
		NXDOMAIN
		registered but no A/AAAA record
	cidr.bl.mcafee.com
		https://kc.mcafee.com/corporate/index?page=content&id=KB53783
			404
		no info to be found
		dead?
	http://anti-spam.org.cn/?locale=en_US
		unreachable DNS
	rbl.talkactive.net
		seems dead
		talkactive.net redirects twice to some hosting company
		last listings in 2017
			https://multirbl.valli.org/detail/rbl.talkactive.net.html
			https://www.blacklistmaster.com/blacklists?view=details&blacklist=rbl.talkactive.net
	dnsbl.ipocalypse.net
		no policies published
		dead
			was a private list of an irc network
			network was renamed idlechat.net in 2014
			became a discord chat in 2022(?)
	http://blakjak.net/RBL
		external access disabled
		2023: seems dead, website is a weird error
		https://www.blalert.com/dnsbl/rbl.blakjak.net
			This is a private list that we do not monitor as the maintainer has explicity announced that the list is for his personal use
	http://cyberlogic.net/
		french (canada)
		https://www.dnsbl.info/dnsbl-details.php?dnsbl=dnsbl.cyberlogic.net
			On or about 5/21/2018 the cyberlogic DNSBL ceased functioning properly.
		https://www.dnsbl.com/2018/05/
			As reported on the mailop mailing list on Friday May 25, 2018, the blocking list at dnsbl.cyberlogic.net now contains a "wildcard" DNS entry, effectively listing the entire internet
	http://www.rbl.jp/allrbl-e.html
		website asks for login or just errors
	http://www.spamhauswhitelist.com/en/
		looks like a parked domain with ads
	http://stopspam.org/rblcheck/index.php
		aka dul.pacifier.net
		http://www.stopspam.org/rbl-info/
			stopped in 2013
	http://countries.nerd.dk/
		unable to connect, also for nerd.dk
	http://dul.ru/dul.en.html
		DEAD for sale
	http://dns.measurement-factory.com/surveys/openresolvers.html
		dead
			»The following text describes past open DNS resolver surveys and an associated DNS lookup service that has been long shut down«
	http://www.sectoor.de/tor.php
		timeouts
	http://anticaptcha.net/
		for sale
	http://blacklist.lashback.com/
		query zone: ubl.unsubscore.com
		provider’s website https://lashback.com/ seems alive and active (news entries from 2023) but does not link to the blacklist
		rsync URLs seem dead, so does the download url
	http://blacklist.woody.ch/
		no entries in the displayed "top 100"
		may have been absorbed into the swinog blacklists, see antispam.imp.ch
	http://cbl.abuseat.org/
		https://www.abuseat.org/
			changes to the CBL that occured in January 2021. In short, the CBL infrastructure was replaced by the Spamhaus XBL structure
	http://dnsbl.burnt-tech.com/
		domain is for sale
	http://rbl.dns-servicios.com/rbl.php
		website can not be found
	http://spamcannibal.org/
		dead, as of at least 2018
	http://st.technovision.dk/
		https://docs.hetrixtools.com/st-technovision-dk-inactive-removed/
			[December 8, 2021] This RBL has stopped responding to DNS queries.
	http://spamstinks.com/
		cert is for generic hostname
		website shows some login form
	http://virbl.bit.nl/
		https://www.rollernet.us/2017/01/shutdown-of-virbl-dnsbl-bit-nl/
			January 23, 2017: »The Virbl-project site has been replaced by this static message to inform those that find their ways here. The Virbl DNSBL-zone was emptied and will be removed all together at a moment further on in the future.«
00_NEEDS_RECHECK
	https://antispam.imp.ch/
		no usage policy
		no return code info
		no good listing policy
		information received from inquiry to provider
			website will be updated
			return codes
				dnsrbl.swinog.ch and uribl.swinog.ch (holding time increases with hits)
					127.0.1.8 = default
					127.0.0.10 => TRAP (Email sent to a spamtrap)
					127.0.0.11 => REPO (Email reported as Spam by customer)
				spamrbl.imp.ch (3 days holding time)
					IPs are listed when trying to send mail to the spamtrap mailserver
					MD5 hash: attachment sent to the swinog blacklist
				wormrbl.imp.ch
					DEAD
	http://blacklist.woody.ch/rblcheck.php3
		dead?
		waiting for feedback
	http://dnsbl.iip.lu/
		https://docs.hetrixtools.com/lookup-dnsbl-iip-lu-false-positive-removed/
			in 2016: lookup.dnsbl.iip.lu blacklist started issuing false positive responses and upon further investigation looks to be abandoned/dead.
		https://www.blalert.com/dnsbl/lookup.dnsbl.iip.lu
			This blacklist is marked as "shut down" and non-operational as of 2017-12-31.
	http://dnsbl.inps.de/
		timeout
		https://www.dnsbl.com/search/label/dnsbl.inps.de
			Today, May 25, 2020, he has announced that it is shutting down, due to concerns around GDPR and personal challenges brought on by the coronavirus pandemic.
		https://docs.hetrixtools.com/dnsbl-inps-de-removed-from-our-system/
			[May 29,2018] IPv4 RBL dnsbl.inps.de has been removed from our system, as they have decided to discontinue the RBL project for the time being.
		https://glockapps.com/blacklist/dnsbl-inps-de/
			Today, May 25, 2020, he has announced that it is shutting down, due to concerns around GDPR and personal challenges brought on by the coronavirus pandemic.
		https://www.dnsbl.info/dnsbl-details.php?dnsbl=dnsbl.inps.de
			This blacklist is offline as of May 1, 2020.
		https://web.archive.org/web/20220428013500/http://www.inps.de/
00_NEEDS_RESEARCH
	bl.tiopan.com
	blocked.hilli.dk
	dialups.visi.com
	dnsbl.antispam.or.id
	dob.sibl.support-intelligence.net
	intruders.docs.uu.se
	map.spam-rbl.com
	rbl.triumf.ca
	all.s5h.net
		http://www.usenix.org.uk/content/rbl.html
	torexit.dan.me.uk
	http://pedantic.org/
		as of 20140701
	rbl.fasthosts.co.uk
		https://help.fasthosts.co.uk/app/answers/detail/a_id/140/kw/rbl
		seems dead?
		https://antispam.fasthosts.co.uk/
00_ALIVE
	00_RECONSIDER
		http://barracudacentral.org/rbl
			requires account with extensive information (more than spamhaus e.g.):
				your name.
				your company name.
				your phone number.
				your address.
				your city name.
				your state/province name.
				your zip/postal code.
				the name of the alternate contact.
				the phone number of the alternate contact.
				the email address of the alternate contact.
			seems well documented
	00_E_EVIL
		sbl.nszones.com
			http://www.spamhaus.org/organization/statement/008/fake-dnsbl-uncovered-nszones.com
		http://www.backscatterer.org/
			questionable policy - pay for (quicker) delisting
			https://support.hornetsecurity.com/hc/en-us/articles/360011880797-Why-are-Hornetsecurity-IP-addresses-listed-at-Backscatterer-
				as of December 29, 2021: »The removal at the blacklist backscatterer.org can only be done for a fee«
			https://www.warmy.io/blog/backscatterer-blacklist-how-to-remove-your-ip-from-it
				in March 17, 2023 does not mention need to pay
			https://support.forcepoint.com/s/article/Forcepoint-IP-s-blocklisted-by-UCEProtect-and-Backscatterer-org
				recommend against using it
			https://whatismyipaddress.com/backscatterer
				mentions strict delisting process and "express delisting" but nothing further
			https://bobcares.com/blog/backscatterer-blacklist/
				goes through the process with screenshots showing express delisting for 109$
			https://community.cisco.com/t5/email-security/issues-with-www-backscatterer-org-any-one/td-p/1298377
				more opinions
			https://www.titanhq.com/blog/warning-ignore-pay-for-de-listing-blacklist-service/
				Jan 17th, 2020: »UCEProtect also charges a delisting fee. TitanHQ discourages email administrators from using the UCEProtect blacklist and we do not recommend paying for list removal«
			https://web.archive.org/web/20150320180344/http://www.jvfconsulting.com/blog/130/Backscatterer_Network_Spam_List_Is_Another_UCEPROTECT_Extortion_Scam.html
				another opinion
	00_E_INFORMATION
		blacklist.sci.kun.nl
			https://cncz.science.ru.nl/en/howto/email-spam/
			not really its own DNSBL?
			no usage information
			no usage policy
		http://anonmails.de/
			seems serious but missing necessary info
				usage policy
				listing policy
		http://blacklist.jippg.org/
			no usage policy
			no listing policy
			no return code info
		bip.virusfree.cz
			used by rspamd
			https://www.virusfree.cz/en/help is the only place I can find any official reference to this list at all but no policies or usage information
		https://www.nixspam.net/
			previously http://www.dnsbl.manitu.net/
			query zone: ix.dnsbl.manitu.net
			provided by the reputable german publisher 'heise' which makes the high quality c’t, iX, and telepolis magacines
			difficult to find info regarding listing policy
			asked for more information to be added
				https://www.heise.de/forum/iX/Kommentare/Gemeinsam-stark/Nutzungsbedingungen-Return-Codes-sonstige-Infos/posting-42669177/show/
		access.redhawk.org
			website works but barely any info, not even how to query it
			https://www.redhawk.org/?p=64
			https://www.redhawk.org/SpamHawk/index.php
		https://senderscore.org/
			requires registration?
			Scam? http://www.complaintsboard.com/complaints/buyer-beware-senderscoreorg-is-a-scam-c276871.html
			https://senderscore.org/assess/blocklist-lookup/
			FAQ: https://knowledge.validity.com/hc/en-us/articles/360006992592-Return-Path-Blocklist-RPBL-FAQ-
			no information how to query found
		mail-abuse.org
			https://ers.trendmicro.com/
			trendmicro paid service
			https://docs.trendmicro.com/en-us/enterprise/email-reputation-services-online-help/getting-started_001/configuring-email-re/creating-an-account.aspx
				»If you don’t create an account, you can still query the reputation of an IP address«
			I don’t find any pricing or usage information
		http://dnsbl.tornevall.org/
			https://www.tornevall.net/
			related to https://www.fraudbl.org/
			seems a bit unstructured and not very well documented
				I can’t be arsed to deal with confluence slowing my browser to a halt repeatedly and it’s really hard to navigate but there seems to be some information on https://docs.tornevall.net/display/TORNEVALL/Endpoint%3A+dnsbl+-+DNSBL+v5+with+API+v3
			seems active
		http://rbl.schulte.org/
			seems active
			listing policy seems to be: they received spam from an IP
			usage policy: Anyone can use this RBL list [sic]
			return codes: probably boolean, i.e. either listed or not
		http://relaytest.kundenserver.de/
			by 1und1 (now ionos?), used internally
			https://www.blalert.com/dnsbl/relays.bl.kundenserver.de
			no usage policy found
			no listing policy found
			no return code explanation found
	00_E_PAID
	00_E_PRIVATE
		88.blacklist.zap
			http://blogs.technet.com/b/fss/archive/2009/05/08/forefront-dnsbl-yeah-or-nay.aspx
			https://web.archive.org/web/20150812003556/http://blogs.technet.com/b/fss/archive/2009/05/08/forefront-dnsbl-yeah-or-nay.aspx
			https://www.blalert.com/dnsbl/88.blacklist.zap
				88.blacklist.zap is an internal blacklist maintained by Microsoft's Forefront
			https://www.dnsbl.com/search/label/frontbridge
		http://drmx.org/
			»Use of any DrMX.ORG DNS Zone is by request and by contract only.«
		rbl.tdk.net
			tdk.net seems dead on http(s)
			private
				https://www.blalert.com/dnsbl/rbl.tdk.net
			old link: http://postmaster.tdc.dk/publish.php?id=31787
				tdc.dk redirects to yousee.dk
				https://web.archive.org/web/20170703084224/http://postmaster.tdc.dk/publish.php?id=31787
		rbl.zenon.net
			private
				https://www.blalert.com/dnsbl/rbl.zenon.net
			http://www.noc.zenon.net/rbl/
			russian(?)
		https://ahbl.org/
			was public until 2015
			now private, invite-only
	http://rfc-clueless.org/
		lists domains
			that do not adhere to common best practices or requirements
		does NOT list spammers!
		listing criteria are explained well
			http://rfc-clueless.org/pages/listing_policy
		return codes are explained
			http://rfc-clueless.org/
		usage policy is not so clear but the FAQ implies that it’s just free to use for everyone
		many timeouts
			first noticed in 2014 and deactivated
			retried in 2023 and still the case
	http://spameatingmonkey.com/
		lists IPs
			that sent backscatter
			that sent to spamtrap
			added by policy
				this includes dial-up!
				https://spameatingmonkey.com/faq/policy-based-listing
		lists domains/URIs
			by age
			in spam bodies
		usage policy seems clear
			https://spameatingmonkey.com/faq/query-limits
		listing policy seems clear
			https://spameatingmonkey.com/services
		return codes documented
			https://spameatingmonkey.com/services
		http://blogspambl.com/
			redirects to spameatingmonkey.com
	http://uribl.com/
		lists domains/URIs
			that appear in spam bodies
			has whitelist
		lists IPs
			that URIs in spam bodies resolve to
		return codes are documented
			https://uribl.com/about.shtml#implementation
			bitmasked
			127.0.0.1 is used to signal abusive query behaviour
	http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists
		called "hostkarma"
		lists domains/URIs
		lists IPs
		usage policy is relatively clear that it’s free, except maybe for big for-profit oranizations
		listing policy is documented
		return codes are documented
		seems very trustworthy
	http://www.sorbs.net/
		good reputation
		lists domains/URIs
		lists IPs
		usage policy is clear that it’s free
		listing policy is documented
		return codes are documented
		seems trustworthy
	http://www.spamhaus.org/
		good reputation
		very well done
		seems very professional
		lists domains/URIs
		lists IPs
		usage policy is clear
			https://www.spamhaus.org/organization/dnsblusage/
		listing policies are clearly documented
		return codes are clearly documented
	http://www.surbl.org/
		good reputation
		lists domains/URIs
		usage policy is clear
			https://surbl.org/usage-policy
		listing policy is documented
		return codes are documented
			bitmasked
			127.0.0.1 means blocked
	http://zapbl.net/
		lists domains/URIs
		lists IPs
		listing policy seems clear
			https://zapbl.net/policy
		usage policy seems clearly free for everyone
			https://zapbl.net/using
		return codes are documented
		seems well done
	https://rbl.foobar.hu/
		lists domains/URIs
		lists IPs
		listing policy seems clear
		usage policy seems clearly free for everyone
		return codes are documented
		possibly unmaintained or dead
			footer says: ©2013-14
	http://apews.org/?page=filter
		questionable
			https://www.dnsbl.com/search/label/apews
			https://whatismyipaddress.com/apews
		dead?
			no news on http://apews-user.blogspot.com/ since 2014
		not further looked into because of the above
	https://www.dnswl.org/
		seems to be run with best intentions but has had issues from what I have heard from some users
		IRC channel has some activity
		usage policy relatively clear
			free within certain limits
		listing policy
			self-service
		return codes are documented
	00_E_FOCUS
		https://www.dnsblchile.org/index.en.html
			chilenian spam so not interesting for me
			seems alive
	00_LISTS_BLOGSPAMMERS
		https://www.madavi.de/madavibl/
			»This blacklist should only be used to block comment spammer (on blogs and websites). Don’t use it for mail.«
		http://bsb.empty.us/
			does not exist anymore
			empty.us returns »Nothing here, obviously.«
	00_LISTS_COUNTRIES
		korea
			http://korea.services.net/
	00_LISTS_DIALUPS
	00_LISTS_OPENRESOLVERS
	00_LISTS_TORNODES
		https://www.dan.me.uk/dnsbl
		http://rbl.efnetrbl.org/
			aka http://tor.efnet.org/
			lists IPs
			lists open proxies, infected machines, tornodes, etc.
	https://0spam.org/
		clear information on usage policy
			Nothing. The 0Spam Project is absolutely free for email providers, IT professionals and general removal request.
			DNSBL service and removals are 100% for free for all uses; commercial, non profit and personal.
		seems serious
		listing policies are a little less clear
			bl.0spam.org DNSBL | 0spam Spam Trap Primary Database
			nbl.0spam.org Network Black List | Spam Source Networks, high volume of spam trap hits in a Class C block will result in network listings in this DNSBL.
			url.0spam.org URL Black List | This list contains the IP address of domains found to be in the source of spam emails found in our traps.
		return codes not very clear
	https://abuse.ro/
		policy
			spamtraps
			The last IP address before destination in the email headers is listed into rbl.abuse.ro list.
			Sender domains are analyzed and if confirmed to be not spoofed, are listed into dbl.abuse.ro list
			Spamvertized domains (including those indirectly linked through services like bit.ly) are listed into uribl.abuse.ro list
	http://dronebl.org/
		usage policy is clear: free for whatever
		listing policy is not quite so clear
			can be mostly inferred from the classes but not entirely clear IMHO
		has an IRC channel
		return codes
			not explicitly mentioned but it’s 127.0.0.X where X is the class from https://dronebl.org/classes
	http://psbl.org/
		query zone: psbl.surriel.com
		no usage policy, but seems implied that usage is free
		listing policy
			no explicit, complete policy given but sending to spamtraps is mentioned to get you listed and seems the exclusive mechanism
		return codes
			not documented, probably only boolean
	http://rbldata.interserver.net/
		listing policy more or less clear
		usage policy not given but since usage is explained it’s probably free for all
		return codes seem to be binary, i.e. either listed or not
		lists IPs
		lists domains/URIs
	http://rv-soft.info/
		usage policy not explicit but seems to be free
		listing policy also not explicit but can be inferred from return code explanation
		return codes are explained
	http://spamrats.com/
		clear usage policy (ToS)
		listing policies documented
		return codes of aggregated list documented
		lists IPs
	http://v4bl.org/
		usage policy documented
		listing policy not really clear
		return codes documented
	http://wpbl.info/
		listing procedure is documented
		usage policy implied: free to use
		return codes documented
	http://www.aupads.org/
		aka www.antispam-ufrj.pads.ufrj.br
		aka www.orve.org 
		listing policy more or less clear
		lists IPs and FQDNs
		usage policy seems clear: freely exported by anybody who wants to use them«
	http://www.blockedservers.com/
	http://www.blocklist.de/en/index.html
	http://www.emailbasura.org/cgi-bin/emailbasura-ini.pl?lang=eng
	http://www.gbudb.com/truncate/
	http://www.justspam.org/
	http://www.kempt.net/dnsbl/
	http://www.leadmon.net/spamguard/
	http://www.spamcop.net/
		good policy
		good reputation
	http://www.spamsources.fabel.dk/
		sensible policy
	http://www.srntools.com/blacklist/
	http://www.uceprotect.net/en/index.php
	https://bl.konstant.no/
	https://choon.net/rbl.php
	https://www.abuse.ch/
		https://www.abuse.ch/?tag=httpbl
	https://www.kisarbl.or.kr/
	https://www.megarbl.net/
	https://www.team-cymru.org/Services/Bogons/dns.html
	http://mailspike.net/usage.html
		reputation-based
	http://www.whitelisted.org/
		paid subscription
		policy on site
	https://puck.nether.net/or/
		policies on website
	http://www.isipp.com/email-accreditation/iadb-query-instruction/
		requires signup
		not quite a usage policy, but seems ok
		strange split of ipv4 and ipv6
		seems dead?