Comparison of DNS blacklists

From Seo Wiki - Search Engine Optimization and Programming Languages

Jump to: navigation, search

The following table lists technical information for a number of DNS blacklists.

Blacklist operator DNS blacklist Informational URL Zone Listing goal Nomination Listing lifetime Notes
invaluement DNSBL ivmSIP [1] N/A
(accessed via rsync)
Single IP's which only send UBE. Specializing in snowshoe spam and other 'under the radar' spams which evade many other DNSBLs. Has FP-level comparable to Zen. Automatic (upon receipt of a spam to a real person's mailbox), with extensive whitelists and filtering to prevent false positives Typically an automatic expiration 11 days after the last abuse was seen, but with some exceptions Spam samples are always kept on file for each listing. Removal requests are quickly and manually reviewed and processed without fees.
ivmSIP/24 [2] N/A
(accessed via rsync)
lists /24 blocks of IPs which usually only send UBE and where at least several IPs in that block are confirmed emitters of only spam. Automatic once at least several IPs from that block are individually listed on ivmSIP, with extensive whitelists and filtering to prevent false positives expiration time grows into many weeks as the number of IPs sending spam from the /24 block increases Removal requests are quickly and manually reviewed and processed without fees.
ivmURI [3] N/A
(accessed via rsync)
comparable to uribl.com and surbl.org, this is a list of IPs and domains which are used by spammers in the clickable links found in the body of spam messages Automatic (upon receipt of a spam to a real person's mailbox), with extensive whitelists and filtering to prevent false positives Typically an automatic expiration several weeks after the last abuse was seen. Spam samples are always kept on file for each listing. Removal requests are quickly and manually reviewed and processed without fees.
proxyBL dnsbl [4] dnsbl.proxybl.org Lists all types of open (publicly accessible) proxies Automated listing through crawling of websites As long as proxy is verified open (automated) Time between verifications increases exponentially in relation to the number of times the host was verified an open proxy
UCEPROTECT-Network UCEPROTECT Level 1 [5] dnsbl-1.uceprotect.net Single IP's that send mail to Spamtraps Automatic by a cluster of more than 60 trapservers Automatic expiration 7 days after the last abuse was seen, optionally express delisting (fee) UCEPROTECT's primary and the only independent list
UCEPROTECT Level 2 [6] dnsbl-2.uceprotect.net Allocations with exceeded UCEPROTECT Level 1 listings Automatic calculated from UCEPROTECT-Level 1 Automatic removal as soon as Level 1 listings decrease below Level 2 listing border, optionally express delisting (fee) Fully depending on Level 1
UCEPROTECT Level 3 [7] dnsbl-3.uceprotect.net ASN's with excessive UCEPROTECT Level 1 listings Automatic calculated from UCEPROTECT-Level 1 Automatic removal as soon as Level 1 listings decrease below Level 3 listing border, optionally express delisting (fee) Fully depending on Level 1
Spam and Open Relay Blocking System (SORBS) dnsbl [8] dnsbl.sorbs.net Unsolicited bulk/commercial email senders N/A (See individual zones) N/A (See individual zones) Aggregate zone (all aggregates and what they include are listed on [9])
safe.dnsbl safe.dnsbl.sorbs.net Unsolicited bulk/commercial email senders N/A (See individual zones) N/A (See individual zones) "Safe" Aggregate zone (all zones in dnsbl.sorbs.net except "recent" and "escalations")
http.dnsbl http.dnsbl.sorbs.net Open HTTP proxy servers Feeder servers Until delisting requested.
socks.dnsbl socks.dnsbl.sorbs.net Open SOCKS proxy servers Feeder servers Until delisting requested.
misc.dnsbl misc.dnsbl.sorbs.net Additional proxy servers Feeder servers Until delisting requested. Those not already listed in the HTTP or SOCKS databases
smtp.dnsbl smtp.dnsbl.sorbs.net Open SMTP relay servers Feeder servers Until delisting requested.
web.dnsbl web.dnsbl.sorbs.net IP addresses with vulnerabilities that are exploitable by spammers (e.g. FormMail scripts) Feeder servers Until delisting requested or Automated Expiry
new.spam.dnsbl new.spam.dnsbl.sorbs.net Hosts that have sent spam to the admins of SORBS in the last 48 hours SORBS Admin and Spamtrap Renewed every 20 minutes based inclusion in on 'spam.dnsbl.sorbs.net'
recent.spam.dnsbl recent.spam.dnsbl.sorbs.net Hosts that have sent spam to the admins of SORBS in the last 28 days SORBS Admin and Spamtrap Renewed every 20 minutes based inclusion in on 'spam.dnsbl.sorbs.net'
old.spam.dnsbl old.spam.dnsbl.sorbs.net Hosts that have sent spam to the admins of SORBS in the last year SORBS Admin and Spamtrap Renewed every 20 minutes based inclusion in on 'spam.dnsbl.sorbs.net'
spam.dnsbl spam.dnsbl.sorbs.net Hosts that have sent spam to the admins of SORBS at any time SORBS Admin and Spamtrap. Until delisting requested or matter resolved
escalations.dnsbl escalations.dnsbl.sorbs.net Netblocks of service providers believed to support spammers SORBS Admin fed. Until delisting requested and matter resolved. Service providers are added on receipt of a 'third strike' spam
block.dnsbl block.dnsbl.sorbs.net Hosts demanding that they never be tested Request by host N/A
zombie.dnsbl zombie.dnsbl.sorbs.net Hijacked networks SORBS Admin (manual submission) Until delisting requested.
dul.dnsbl dul.dnsbl.sorbs.net Dynamic IP address ranges SORBS Admin (manual submission) Until delisting requested. Not a list of dial-up IP addresses
rhsbl rhsbl.sorbs.net Aggregate RHS zones N/A N/A
badconf.rhsbl badconf.rhsbl.sorbs.net Domains with invalid A or MX records in DNS Open submission via automated testing page. Until delisting requested.
nomail.rhsbl nomail.rhsbl.sorbs.net Domains which the owners have confirmed will not be used for sending email Owner submission Until delisting requested.
Spamhaus SBL Advisory [10] sbl.spamhaus.org Verified sources of spam, including spammers and their support services Manual From 30 minutes to a year or more, depending on issue and resolution
XBL Advisory [11] xbl.spamhaus.org Illegal third-party exploits (e.g. open proxies and Trojan Horses) Third-party (see Notes) with automated additions Varies, under a month. Includes the Composite Blocking List and parts of the Not Just Another Bogus List
PBL Advisory [12] pbl.spamhaus.org All Static, dialup & DHCP IP address space that is not meant to be initiating SMTP connections Manual Unknown Should not be confused with the MAPS DUL and Wirehub Dynablocker lists
SBL+XBL [13] sbl-xbl.spamhaus.org A single lookup for querying the SBL and XBL databases
Zen [14] zen.spamhaus.org A single lookup for querying the SBL, XBL and PBL databases. The one to use to get all.
ORBITrbl Aggressive RBL RBL [15] rbl.orbitrbl.com Unsolicited bulk/Commercial email senders (Block Class C IP Block) Feeder servers Until delisting requested? (Only When Found to be Non Spam Source) Aggregate zone
Composite Blocking List CBL [16] cbl.abuseat.org Only IPs exhibiting characteristics specific to open proxies, spamware, etc. large spamtraps Temporary, until spam stops Use Spamhaus XBL or Spamhaus Zen instead; they include CBL.
Passive Spam Block List PSBL [17] psbl.surriel.com IP addresses which send spam to trap spamtraps Temporary, until spam stops
Intercept - DNS Blacklist (DNSBL) Intercept [18] intercept.datapacket.net IP addresses which send spam to trap spamtraps Temporary, until spam stops
Weighted Private Block List WPBL [19] db.wpbl.info IP addresses which send UBE to members spamtraps Temporary, until spam stops
SpamCop Blocking List SCBL [20] bl.spamcop.net IP addresses which have transmitted reported email to SpamCop users users submit Temporary, until spam stops
SpamRats RATSNOPTR [21] noptr.spamrats.com IP addresses detected as abusive at ISP/Telcos using MagicMail Servers, with no reverse DNS Automatically Submitted Listed until removed, and reverse DNS configured
RATSDYNA [22] dyna.spamrats.com IP addresses detected as abusive at ISP/Telcos using MagicMail Servers, with non-conforming reverse DNS (See Best Practises) indicative of a compromised PC Automatically Submitted Listed until removed, and reverse DNS set to conform to Best Practises
RATSSPAM [23] spam.spamrats.com IP addresses detected as abusive at ISP/Telcos using MagicMail Servers, and manually confirmed as a Spam Source Manually Submitted Listed until removed
SpamCannibal spamcannibal.org [24] bl.spamcannibal.org ip addresses and related generic netblock that have sent spam to local mail hosts spamtraps until removal requested and matter resolved listed=127.0.0.2
Not Just Another Bogus List NJABL DNSBL [25] dnsbl.njabl.org SMTP open relays, Multi-stage SMTP open relays, spam sources, Insecure CGI scripts that allow open relaying, open proxy servers spamtraps, testing, testing by trusted contributors Varies
Bad host, no cookie bhnc.njabl.org These hosts have done things proper SMTP servers don't do. spamtraps until de-listing requested
Distributed Realtime Blocking List drand DRBL node [26] spamtrap.drbl.drand.net IP addresses which send spam to trap, IP addresses which send UBE to members. Automated [de]listing. Varies from spam type, rate and other sophisticated factors. 30s-1w. Hight IP network aggregate threshold >= 254.
Dynamic Realtime Blocking List RU RBL [27] db.rurbl.ru IP addresses which send spam or viruses to mail server with special sensors. Automated [de]listing. Varies from spam or virus pushing characteristics. 5s - 20min. explanations
Junk Email Filter Hostkarma [28] hostkarma.junkemailfilter.com
blacklist.hostkarma.com
Detects viruses by behavior using fake high MX and tracking non-use of QUIT. Automated [de]listing Black list Data lives for 4 days. White list data lives for 10 days. 127.0.0.1=white 127.0.0.2=black 127.0.0.3=yellow
RFC-Ignorant.Org DSN (<>) [29] dsn.rfc-ignorant.org refusal to accept bounces (DSN) Open submission via automated testing page. Until delisting requested.
postmaster [30] postmaster.rfc-ignorant.org refusal to accept e-mail to postmaster
abuse [31] abuse.rfc-ignorant.org refusal to accept e-mail to abuse
whois [32] whois.rfc-ignorant.org bogus whois information
bogusmx [33] bogusmx.rfc-ignorant.org bogus MX record
The Abusive Hosts Blocking List (AHBL) dnsbl [34] dnsbl.ahbl.org Aggregate zone, contains UCE/bulk email senders, open proxies, open relays, trojaned/infected machines, comment/trackback spammers Feeder systems, manual Until delisting requested Aggregate zone (all aggregates and what they include are listed on [35])
rhsbl rhsbl.ahbl.org Domains sending spam, domains owned by spammers, comment spam domains, spammed URLs Manual
ircbl ircbl.ahbl.org Subset of dnsbl, contains only open proxies, compromised machines, comment spammers Until delisting requested Designed for use on IRC servers
tor tor.ahbl.org Current tor relay and exit nodes Automated N/A
Dronebl dnsbl [36] dnsbl.dronebl.org All-in-one abusive hosts blacklist Automated listing via distributed monitoring points Permanent until delisted via website.
Quorum.to ip-dnsbl [37] list.quorum.to. ( or per-subscriber: [id].list.quorum.to. ) Stop spam from hosts that send no legitimate mail (list most non-mail-sending hosts). Listings based on "instant" automated checks, recipient nomination and traps. Listings can be challenged. Subscribers vote to decide sender status. Public list follows standard dnsbl protocol. Subscription based service is more capable, but does not follow standard.
Spamanalysis.org GeoBL [38] User-defined: [*].geobl.spamanalysis.org Lists hosts known as being in certain geographic locations. Users set their own list of blocked countries. Hosts reported as being incorrectly located may be delisted. Allows basic monitoring, listed if A=127.0.0.2 or TXT=blocked
ATLBL ATLBL RBL [39] rbl.atlbl.net Lists email bourne spam IP sources with latest accurate data. World wide abuse detection network made of spamtraps/honeypots. Automatic, as soon as no further abuse is detected. Allows simple DNSBL lookups of email spam sources.
ATLBL HBL [40] hbl.atlbl.net List malware/abuse sources by hostname and domain for use in email and forum spam detection. World wide abuse detection network made of spamtraps/honeypots. Automatic, as soon as no further abuse is detected. Allows simple DNSBL lookups of abuse sources.
ATLBL ABL [41] access.atlbl.net Lists abusive IP sources with latest accurate data. World wide abuse detection network made of spamtraps/honeypots. Automatic, as soon as no further abuse is detected. Allows simple DNSBL lookups of IPs for known abusive sources such as SSH brute force attack sources and other forms of internet crime and abuse.

External links

Personal tools

Served in 0.093 secs.