Comparison of DNS blacklists
From Seo Wiki - Search Engine Optimization and Programming Languages
Jump to navigationJump to search
The following table lists technical information for a number of DNS blacklists.
| Blacklist operator | DNS blacklist | Informational URL | Zone | Listing goal | Nomination | Listing lifetime | Notes |
|---|---|---|---|---|---|---|---|
| invaluement DNSBL | ivmSIP | [1] | N/A (accessed via rsync) |
Single IP's which only send UBE. Specializing in snowshoe spam and other 'under the radar' spams which evade many other DNSBLs. Has FP-level comparable to Zen. | Automatic (upon receipt of a spam to a real person's mailbox), with extensive whitelists and filtering to prevent false positives | Typically an automatic expiration 11 days after the last abuse was seen, but with some exceptions | Spam samples are always kept on file for each listing. Removal requests are quickly and manually reviewed and processed without fees. |
| ivmSIP/24 | [2] | N/A (accessed via rsync) |
lists /24 blocks of IPs which usually only send UBE and where at least several IPs in that block are confirmed emitters of only spam. | Automatic once at least several IPs from that block are individually listed on ivmSIP, with extensive whitelists and filtering to prevent false positives | expiration time grows into many weeks as the number of IPs sending spam from the /24 block increases | Removal requests are quickly and manually reviewed and processed without fees. | |
| ivmURI | [3] | N/A (accessed via rsync) |
comparable to uribl.com and surbl.org, this is a list of IPs and domains which are used by spammers in the clickable links found in the body of spam messages | Automatic (upon receipt of a spam to a real person's mailbox), with extensive whitelists and filtering to prevent false positives | Typically an automatic expiration several weeks after the last abuse was seen. | Spam samples are always kept on file for each listing. Removal requests are quickly and manually reviewed and processed without fees. | |
| proxyBL | dnsbl | [4] | dnsbl.proxybl.org | Lists all types of open (publicly accessible) proxies | Automated listing through crawling of websites | As long as proxy is verified open (automated) | Time between verifications increases exponentially in relation to the number of times the host was verified an open proxy |
| UCEPROTECT-Network | UCEPROTECT Level 1 | [5] | dnsbl-1.uceprotect.net | Single IP's that send mail to Spamtraps | Automatic by a cluster of more than 60 trapservers | Automatic expiration 7 days after the last abuse was seen, optionally express delisting (fee) | UCEPROTECT's primary and the only independent list |
| UCEPROTECT Level 2 | [6] | dnsbl-2.uceprotect.net | Allocations with exceeded UCEPROTECT Level 1 listings | Automatic calculated from UCEPROTECT-Level 1 | Automatic removal as soon as Level 1 listings decrease below Level 2 listing border, optionally express delisting (fee) | Fully depending on Level 1 | |
| UCEPROTECT Level 3 | [7] | dnsbl-3.uceprotect.net | ASN's with excessive UCEPROTECT Level 1 listings | Automatic calculated from UCEPROTECT-Level 1 | Automatic removal as soon as Level 1 listings decrease below Level 3 listing border, optionally express delisting (fee) | Fully depending on Level 1 | |
| Spam and Open Relay Blocking System (SORBS) | dnsbl | [8] | dnsbl.sorbs.net | Unsolicited bulk/commercial email senders | N/A (See individual zones) | N/A (See individual zones) | Aggregate zone (all aggregates and what they include are listed on [9]) |
| safe.dnsbl | safe.dnsbl.sorbs.net | Unsolicited bulk/commercial email senders | N/A (See individual zones) | N/A (See individual zones) | "Safe" Aggregate zone (all zones in dnsbl.sorbs.net except "recent" and "escalations") | ||
| http.dnsbl | http.dnsbl.sorbs.net | Open HTTP proxy servers | Feeder servers | Until delisting requested. | |||
| socks.dnsbl | socks.dnsbl.sorbs.net | Open SOCKS proxy servers | Feeder servers | Until delisting requested. | |||
| misc.dnsbl | misc.dnsbl.sorbs.net | Additional proxy servers | Feeder servers | Until delisting requested. | Those not already listed in the HTTP or SOCKS databases | ||
| smtp.dnsbl | smtp.dnsbl.sorbs.net | Open SMTP relay servers | Feeder servers | Until delisting requested. | |||
| web.dnsbl | web.dnsbl.sorbs.net | IP addresses with vulnerabilities that are exploitable by spammers (e.g. FormMail scripts) | Feeder servers | Until delisting requested or Automated Expiry | |||
| new.spam.dnsbl | new.spam.dnsbl.sorbs.net | Hosts that have sent spam to the admins of SORBS in the last 48 hours | SORBS Admin and Spamtrap | Renewed every 20 minutes based inclusion in on 'spam.dnsbl.sorbs.net' | |||
| recent.spam.dnsbl | recent.spam.dnsbl.sorbs.net | Hosts that have sent spam to the admins of SORBS in the last 28 days | SORBS Admin and Spamtrap | Renewed every 20 minutes based inclusion in on 'spam.dnsbl.sorbs.net' | |||
| old.spam.dnsbl | old.spam.dnsbl.sorbs.net | Hosts that have sent spam to the admins of SORBS in the last year | SORBS Admin and Spamtrap | Renewed every 20 minutes based inclusion in on 'spam.dnsbl.sorbs.net' | |||
| spam.dnsbl | spam.dnsbl.sorbs.net | Hosts that have sent spam to the admins of SORBS at any time | SORBS Admin and Spamtrap. | Until delisting requested or matter resolved | |||
| escalations.dnsbl | escalations.dnsbl.sorbs.net | Netblocks of service providers believed to support spammers | SORBS Admin fed. | Until delisting requested and matter resolved. | Service providers are added on receipt of a 'third strike' spam | ||
| block.dnsbl | block.dnsbl.sorbs.net | Hosts demanding that they never be tested | Request by host | N/A | |||
| zombie.dnsbl | zombie.dnsbl.sorbs.net | Hijacked networks | SORBS Admin (manual submission) | Until delisting requested. | |||
| dul.dnsbl | dul.dnsbl.sorbs.net | Dynamic IP address ranges | SORBS Admin (manual submission) | Until delisting requested. | Not a list of dial-up IP addresses | ||
| rhsbl | rhsbl.sorbs.net | Aggregate RHS zones | N/A | N/A | |||
| badconf.rhsbl | badconf.rhsbl.sorbs.net | Domains with invalid A or MX records in DNS | Open submission via automated testing page. | Until delisting requested. | |||
| nomail.rhsbl | nomail.rhsbl.sorbs.net | Domains which the owners have confirmed will not be used for sending email | Owner submission | Until delisting requested. | |||
| Spamhaus | SBL Advisory | [10] | sbl.spamhaus.org | Verified sources of spam, including spammers and their support services | Manual | From 30 minutes to a year or more, depending on issue and resolution | |
| XBL Advisory | [11] | xbl.spamhaus.org | Illegal third-party exploits (e.g. open proxies and Trojan Horses) | Third-party (see Notes) with automated additions | Varies, under a month. | Includes the Composite Blocking List and parts of the Not Just Another Bogus List | |
| PBL Advisory | [12] | pbl.spamhaus.org | All Static, dialup & DHCP IP address space that is not meant to be initiating SMTP connections | Manual | Unknown | Should not be confused with the MAPS DUL and Wirehub Dynablocker lists | |
| SBL+XBL | [13] | sbl-xbl.spamhaus.org | A single lookup for querying the SBL and XBL databases | ||||
| Zen | [14] | zen.spamhaus.org | A single lookup for querying the SBL, XBL and PBL databases. | The one to use to get all. | |||
| ORBITrbl Aggressive RBL | RBL | [15] | rbl.orbitrbl.com | Unsolicited bulk/Commercial email senders (Block Class C IP Block) | Feeder servers | Until delisting requested? (Only When Found to be Non Spam Source) | Aggregate zone |
| Composite Blocking List | CBL | [16] | cbl.abuseat.org | Only IPs exhibiting characteristics specific to open proxies, spamware, etc. | large spamtraps | Temporary, until spam stops | Use Spamhaus XBL or Spamhaus Zen instead; they include CBL. |
| Passive Spam Block List | PSBL | [17] | psbl.surriel.com | IP addresses which send spam to trap | spamtraps | Temporary, until spam stops | |
| Intercept - DNS Blacklist (DNSBL) | Intercept | [18] | intercept.datapacket.net | IP addresses which send spam to trap | spamtraps | Temporary, until spam stops | |
| Weighted Private Block List | WPBL | [19] | db.wpbl.info | IP addresses which send UBE to members | spamtraps | Temporary, until spam stops | |
| SpamCop Blocking List | SCBL | [20] | bl.spamcop.net | IP addresses which have transmitted reported email to SpamCop users | users submit | Temporary, until spam stops | |
| SpamRats | RATSNOPTR | [21] | noptr.spamrats.com | IP addresses detected as abusive at ISP/Telcos using MagicMail Servers, with no reverse DNS | Automatically Submitted | Listed until removed, and reverse DNS configured | |
| RATSDYNA | [22] | dyna.spamrats.com | IP addresses detected as abusive at ISP/Telcos using MagicMail Servers, with non-conforming reverse DNS (See Best Practises) indicative of a compromised PC | Automatically Submitted | Listed until removed, and reverse DNS set to conform to Best Practises | ||
| RATSSPAM | [23] | spam.spamrats.com | IP addresses detected as abusive at ISP/Telcos using MagicMail Servers, and manually confirmed as a Spam Source | Manually Submitted | Listed until removed | ||
| SpamCannibal | spamcannibal.org | [24] | bl.spamcannibal.org | ip addresses and related generic netblock that have sent spam to local mail hosts | spamtraps | until removal requested and matter resolved | listed=127.0.0.2 |
| Not Just Another Bogus List | NJABL DNSBL | [25] | dnsbl.njabl.org | SMTP open relays, Multi-stage SMTP open relays, spam sources, Insecure CGI scripts that allow open relaying, open proxy servers | spamtraps, testing, testing by trusted contributors | Varies | |
| Bad host, no cookie | bhnc.njabl.org | These hosts have done things proper SMTP servers don't do. | spamtraps | until de-listing requested | |||
| Distributed Realtime Blocking List | drand DRBL node | [26] | spamtrap.drbl.drand.net | IP addresses which send spam to trap, IP addresses which send UBE to members. | Automated [de]listing. | Varies from spam type, rate and other sophisticated factors. 30s-1w. | Hight IP network aggregate threshold >= 254. |
| Dynamic Realtime Blocking List | RU RBL | [27] | db.rurbl.ru | IP addresses which send spam or viruses to mail server with special sensors. | Automated [de]listing. | Varies from spam or virus pushing characteristics. 5s - 20min. | explanations |
| Junk Email Filter | Hostkarma | [28] | hostkarma.junkemailfilter.com blacklist.hostkarma.com |
Detects viruses by behavior using fake high MX and tracking non-use of QUIT. | Automated [de]listing | Black list Data lives for 4 days. White list data lives for 10 days. | 127.0.0.1=white 127.0.0.2=black 127.0.0.3=yellow |
| RFC-Ignorant.Org | DSN (<>) | [29] | dsn.rfc-ignorant.org | refusal to accept bounces (DSN) | Open submission via automated testing page. | Until delisting requested. | |
| postmaster | [30] | postmaster.rfc-ignorant.org | refusal to accept e-mail to postmaster | ||||
| abuse | [31] | abuse.rfc-ignorant.org | refusal to accept e-mail to abuse | ||||
| whois | [32] | whois.rfc-ignorant.org | bogus whois information | ||||
| bogusmx | [33] | bogusmx.rfc-ignorant.org | bogus MX record | ||||
| The Abusive Hosts Blocking List (AHBL) | dnsbl | [34] | dnsbl.ahbl.org | Aggregate zone, contains UCE/bulk email senders, open proxies, open relays, trojaned/infected machines, comment/trackback spammers | Feeder systems, manual | Until delisting requested | Aggregate zone (all aggregates and what they include are listed on [35]) |
| rhsbl | rhsbl.ahbl.org | Domains sending spam, domains owned by spammers, comment spam domains, spammed URLs | Manual | ||||
| ircbl | ircbl.ahbl.org | Subset of dnsbl, contains only open proxies, compromised machines, comment spammers | Until delisting requested | Designed for use on IRC servers | |||
| tor | tor.ahbl.org | Current tor relay and exit nodes | Automated | N/A | |||
| Dronebl | dnsbl | [36] | dnsbl.dronebl.org | All-in-one abusive hosts blacklist | Automated listing via distributed monitoring points | Permanent until delisted via website. | |
| Quorum.to | ip-dnsbl | [37] | list.quorum.to. ( or per-subscriber: [id].list.quorum.to. ) | Stop spam from hosts that send no legitimate mail (list most non-mail-sending hosts). | Listings based on "instant" automated checks, recipient nomination and traps. | Listings can be challenged. Subscribers vote to decide sender status. | Public list follows standard dnsbl protocol. Subscription based service is more capable, but does not follow standard. |
| Spamanalysis.org | GeoBL | [38] | User-defined: [*].geobl.spamanalysis.org | Lists hosts known as being in certain geographic locations. | Users set their own list of blocked countries. | Hosts reported as being incorrectly located may be delisted. | Allows basic monitoring, listed if A=127.0.0.2 or TXT=blocked |
| ATLBL | ATLBL RBL | [39] | rbl.atlbl.net | Lists email bourne spam IP sources with latest accurate data. | World wide abuse detection network made of spamtraps/honeypots. | Automatic, as soon as no further abuse is detected. | Allows simple DNSBL lookups of email spam sources. |
| ATLBL HBL | [40] | hbl.atlbl.net | List malware/abuse sources by hostname and domain for use in email and forum spam detection. | World wide abuse detection network made of spamtraps/honeypots. | Automatic, as soon as no further abuse is detected. | Allows simple DNSBL lookups of abuse sources. | |
| ATLBL ABL | [41] | access.atlbl.net | Lists abusive IP sources with latest accurate data. | World wide abuse detection network made of spamtraps/honeypots. | Automatic, as soon as no further abuse is detected. | Allows simple DNSBL lookups of IPs for known abusive sources such as SSH brute force attack sources and other forms of internet crime and abuse. |
External links
- Blacklists Compared, weekly reports since July 2001
- DNSBL Statistics - A controversial[42][43][44] comparison of several popular DNSBL's.
- Blacklist Monitor - accuracy and inaccuracy rates of various blacklists
- Spam Links - DNS & RHS Blackhole Lists
- Multiple DNSBL lookup online tool
If you like SEOmastering Site, you can support it by - BTC: bc1qppjcl3c2cyjazy6lepmrv3fh6ke9mxs7zpfky0 , TRC20 and more...
→
