A+ R A-

Comparison of DNS blacklists - Wikipedia, the free encyclopedia

The following table lists technical information for a number of DNS blacklists.

[3] N/A
(paid access via rsync)
lists /24 blocks of IP addresses which usually only send UBE and containing at least several addresses which are confirmed emitters of junk mail. Automatic once at least several IP addresses from a given block are individually listed on ivmSIP, with extensive whitelists and filtering to prevent false positives expiration time increases to many weeks as th...

e fraction of IP addresses in the /24 block in question sending junk mail increases Removal requests are quickly and manually reviewed and processed without fees. [4] N/A
(paid access via rsync) comparable to uribl.com and surbl.org, this is a list of IP addresses and domains which are used by spammers in the clickable links found in the body of spam messages Automatic (upon receipt of a spam to a real person's mailbox), with extensive whitelists and filtering to prevent false positives Typically an automatic expiration several weeks after the last abuse was seen. Spam samples are always kept on file for each listing. Removal requests are quickly and manually reviewed and processed without fees. [5] dnsbl.proxybl.org Lists all types of open (publicly accessible) proxies Automated listing through crawling of websites As long as proxy is verified open (automated) Time between verifications increases exponentially in relation to the number of times the host was verified an open proxy [6] dnsbl-1.uceprotect.net
(also free available via rsync [7]) Single IP addresses that send mail to spamtraps Automatic by a cluster of more than 60 trapservers Automatic expiration 7 days after the last abuse was seen, optionally express delisting (fee) UCEPROTECT's primary and the only independent list [8] dnsbl-2.uceprotect.net
(also free available via rsync [9]) Allocations with exceeded UCEPROTECT Level 1 listings Automatic calculated from UCEPROTECT-Level 1 Automatic removal as soon as Level 1 listings decrease below Level 2 listing border, optionally express delisting (fee) Fully depending on Level 1 [10] dnsbl-3.uceprotect.net
(also free available via rsync [11]) ASN's with excessive UCEPROTECT Level 1 listings Automatic calculated from UCEPROTECT-Level 1 Automatic removal as soon as Level 1 listings decrease below Level 3 listing border, optionally express delisting (fee) Fully depending on Level 1 safe.dnsbl.sorbs.net Unsolicited bulk/commercial email senders N/A (See individual zones) N/A (See individual zones) "Safe" Aggregate zone (all zones in dnsbl.sorbs.net except "recent" and "escalations") http.dnsbl.sorbs.net Open HTTP proxy servers Feeder servers Until delisting requested. socks.dnsbl.sorbs.net Open SOCKS proxy servers Feeder servers Until delisting requested. misc.dnsbl.sorbs.net Additional proxy servers Feeder servers Until delisting requested. Those not already listed in the HTTP or SOCKS databases smtp.dnsbl.sorbs.net Open SMTP relay servers Feeder servers Until delisting requested. web.dnsbl.sorbs.net IP addresses with vulnerabilities that are exploitable by spammers (e.g. FormMail scripts) Feeder servers Until delisting requested or Automated Expiry new.spam.dnsbl.sorbs.net Hosts that have sent spam to the admins of SORBS in the last 48 hours SORBS Admin and Spamtrap Renewed every 20 minutes based inclusion in on 'spam.dnsbl.sorbs.net' recent.spam.dnsbl.sorbs.net Hosts that have sent spam to the admins of SORBS in the last 28 days SORBS Admin and Spamtrap Renewed every 20 minutes based inclusion in on 'spam.dnsbl.sorbs.net' old.spam.dnsbl.sorbs.net Hosts that have sent spam to the admins of SORBS in the last year SORBS Admin and Spamtrap Renewed every 20 minutes based inclusion in on 'spam.dnsbl.sorbs.net' spam.dnsbl.sorbs.net Hosts that have allegedly sent spam to the admins of SORBS at any time SORBS Admin and Spamtrap. Until 1 year after the last spam is received and a request has been made or until the "fine" is paid for express delisting escalations.dnsbl.sorbs.net Netblocks of service providers believed to support spammers SORBS Admin fed. Until delisting requested and matter resolved. Service providers are added on receipt of a 'third strike' spam block.dnsbl.sorbs.net Hosts demanding that they never be tested Request by host N/A zombie.dnsbl.sorbs.net Hijacked networks SORBS Admin (manual submission) Until delisting requested. dul.dnsbl.sorbs.net Dynamic IP address ranges SORBS Admin (manual submission) Until delisting requested. Not a list of dial-up IP addresses rhsbl.sorbs.net Aggregate RHS zones N/A N/A badconf.rhsbl.sorbs.net Domains with invalid A or MX records in DNS Open submission via automated testing page. Until delisting requested. nomail.rhsbl.sorbs.net Domains which the owners have confirmed will not be used for sending email Owner submission Until delisting requested. [15] xbl.spamhaus.org Illegal third-party exploits (e.g. open proxies and Trojan Horses) Third-party (see Notes) with automated additions Varies, under a month. Includes the Composite Blocking List and parts of the Not Just Another Bogus List [16] pbl.spamhaus.org Static, dial-up & DHCP IP address space that is not meant to be initiating SMTP connections Manual Unknown Should not be confused with the MAPS DUL and Wirehub Dynablocker lists [17] sbl-xbl.spamhaus.org A single lookup for querying the SBL and XBL databases [18] zen.spamhaus.org A single lookup for querying the SBL, XBL and PBL databases. The one to use to get all. [19] rbl.orbitrbl.com Unsolicited bulk/Commercial email senders (/24 IP address block) Feeder servers Until delisting requested? (Only When Found to be Non Spam Source) Aggregate zone [22] psbl.surriel.com
(also free available via rsync [23]) IP addresses used to send spam to trap spamtraps Temporary, until spam stops [24] intercept.datapacket.net IP addresses used to send spam to trap spamtraps Temporary, until spam stops [25] db.wpbl.info IP addresses used to send UBE to members spamtraps Temporary, until spam stops [27] noptr.spamrats.com IP addresses detected as abusive at ISPss using MagicMail Servers, with no reverse DNS service Automatically Submitted Listed until removed, and reverse DNS configured [28] dyna.spamrats.com IP addresses detected as abusive at ISPss using MagicMail Servers, with non-conforming reverse DNS service (See Best Practises) indicative of compromised systems Automatically Submitted Listed until removed, and reverse DNS set to conform to Best Practises [29] spam.spamrats.com IP addresses detected as abusive at ISPss using MagicMail Servers, and manually confirmed as spam sources Manually Submitted Listed until removed [30] bl.spamcannibal.org IP addresses and related generic netblocks that have sent spam spamtraps until removal requested and matter resolved listed=127.0.0.2 [31] any.dnsl.ipquery.org Spam sources, relay abusers, backscatterers Automated, based on traffic observed locally, with some human supervision Automatic expiry (varies by type); webpage allows delisting Keeps a listing history; retains specimens bhnc.njabl.org These hosts have done things proper SMTP servers don't do. spamtraps until de-listing requested [33] spamtrap.drbl.drand.net IP addresses used to send spam to traps or members Automated [de]listing. Varies from spam type, rate and other sophisticated factors. 30 s to 1 week. Hight IP network aggregate threshold >= 254. [34] hostkarma.junkemailfilter.com
blacklist.hostkarma.com Detects viruses by behavior using fake high MX and tracking non-use of QUIT Automated [de]listing Black list Data lives for 4 days. White list data lives for 10 days. 127.0.0.1=white 127.0.0.2=black 127.0.0.3=yellow [35] dsn.rfc-ignorant.org
(also free available via Rsync [36]) refusal to accept bounces (DSN) Open submission via automated testing page. Until delisting requested. [37] postmaster.rfc-ignorant.org
(also free available via Rsync [38]) refusal to accept e-mail to postmaster [39] abuse.rfc-ignorant.org
(also free available via Rsync [40]) refusal to accept e-mail to abuse [41] whois.rfc-ignorant.org
(also free available via Rsync [42]) bogus whois information [43] bogusmx.rfc-ignorant.org
(also free available via Rsync [44]) bogus MX record rhsbl.ahbl.org Domains sending spam, domains owned by spammers, comment spam domains, spammed URLs Manual ircbl.ahbl.org Subset of dnsbl, contains only open proxies, compromised machines, comment spammers Until delisting requested Designed for use on IRC servers tor.ahbl.org Current tor relay and exit nodes Automated N/A [47] dnsbl.dronebl.org All-in-one abusive hosts blacklist Automated listing via distributed monitoring points Permanent until delisted via website. [48] list.quorum.to. ( or per-subscriber: [id].list.quorum.to. ) Stop spam from hosts that send no legitimate mail (list most non-mail-sending hosts). Listings based on "instant" automated checks, recipient nomination and traps. Listings can be challenged. Subscribers vote to decide sender status. Public list follows standard dnsbl protocol. Subscription based service is more capable, but does not follow standard. [49] User-defined: [*].geobl.spamanalysis.org Lists hosts known as being in certain geographic locations. Users set their own list of blocked countries. Hosts reported as being incorrectly located may be delisted. Allows basic monitoring, listed if A=127.0.0.2 or TXT=blocked [50] rbl.atlbl.net World wide abuse detection network made of spamtraps/honeypots. Automatic, as soon as no further abuse is detected. Allows simple DNSBL lookups of email spam sources. [51] hbl.atlbl.net List malware/abuse sources by hostname and domain for use in email and forum spam detection. World wide abuse detection network made of spamtraps/honeypots. Automatic, as soon as no further abuse is detected. Allows simple DNSBL lookups of abuse sources. [52] access.atlbl.net World wide abuse detection network made of spamtraps/honeypots. Automatic, as soon as no further abuse is detected. Allows simple DNSBL lookups of IP addresses for known abusive sources such as SSH brute force attack sources and other forms of internet crime and abuse.

Read Full Article

Related

No related articles found


Share It

Headlines

AdwareAlert

AdwareAlert is a corrupt anti-spyware application that tries to use the mistyped title of the legitimate Ad Aware anti-spyware tool in order to scam its users into paying the creators another $50. It pretends to be a legitimate spyware remover, while in reality, AdwareAlert is a complete fake that u...

Latest Security News

Internet Defender

Internet Defender is a rogue anti-spyware program that uses fake scan results and false security alerts as a method to make you think you are infected with malware. It's from the same family as Security Defender. The rogue pretends to scan your computer for viruses and reports fake infections. It th...

Latest Security News

Security Shield

Security Shield is a rogue anti-spyware program from the same family as System Tool and Security Tool. Once installed, it will supposedly scan your computer for spyware, adware, trojans and other malware. Of course, it will find numerous infections and then will prompt you to pay for a full version ...

Latest Security News

Got News?

Latest

Profile Analyzer: Protect websites from …

Posted on 15 March 2012. Silver Tail Systems announced Profi...

Latest Security News

Is Ukraine the perfect place for hackers…

Posted on 14 March 2012. What is it that makes the Ukraine s...

Latest Security News

Key management device for payment securi…

Posted on 14 March 2012. Thales announced its Key Management...

Latest Security News

Popular

Get email updates