Comparison of DNS blacklists

From Wikipedia, the free encyclopedia

The following table lists technical information for a number of DNS blacklists.

Blacklist operator	DNS blacklist	Informational URL	Zone	Listing goal	Nomination	Listing lifetime	Notes
UCEPROTECT-Network	UCEPROTECT Level 1	[1]	dnsbl-1.uceprotect.net	Single IP's that send mail to ([Spamtraps])	Automatic by a cluster of more than 60 trapservers	Automatic expiration 7 days after the last abuse was seen, optionally express delisting	UCEPROTECT's primary and the only independent list
	UCEPROTECT Level 2	[2]	dnsbl-2.uceprotect.net	Allocations with exceeded UCEPROTECT Level 1 listings	Automatic calculated from UCEPROTECT-Level 1	Automatic removal as soon as Level 1 listings decrease below Level 2 listing border, optionally express delisting	Fully depending on Level 1
	UCEPROTECT Level 3	[3]	dnsbl-3.uceprotect.net	ASN's with excessive UCEPROTECT Level 1 listings	Automatic calculated from UCEPROTECT-Level 1	Automatic removal as soon as Level 1 listings decrease below Level 3 listing border, optionally express delisting	Fully depending on Level 1
Spam and Open Relay Blocking System (SORBS)	dnsbl	[4]	dnsbl.sorbs.net	Unsolicited bulk/commercial email senders	N/A (See individual zones)	N/A (See individual zones)	Aggregate zone (all aggregates and what they include are listed on [5])
	safe.dnsbl		safe.dnsbl.sorbs.net	Unsolicited bulk/commercial email senders	N/A (See individual zones)	N/A (See individual zones)	"Safe" Aggregate zone (all zones in dnsbl.sorbs.net except "recent" and "escalations")
	http.dnsbl		http.dnsbl.sorbs.net	Open HTTP proxy servers	Feeder servers	Until delisting requested.
	socks.dnsbl		socks.dnsbl.sorbs.net	Open SOCKS proxy servers	Feeder servers	Until delisting requested.
	misc.dnsbl		misc.dnsbl.sorbs.net	Additional proxy servers	Feeder servers	Until delisting requested.	Those not already listed in the HTTP or SOCKS databases
	smtp.dnsbl		smtp.dnsbl.sorbs.net	Open SMTP relay servers	Feeder servers	Until delisting requested.
	web.dnsbl		web.dnsbl.sorbs.net	IP addresses with vulnerabilities that are exploitable by spammers (e.g. FormMail scripts)	Feeder servers	Until delisting requested or Automated Expiry
	new.spam.dnsbl		new.spam.dnsbl.sorbs.net	Hosts that have sent spam to the admins of SORBS in the last 48 hours	SORBS Admin and Spamtrap	Renewed every 20 minutes based inclusion in on 'spam.dnsbl.sorbs.net'
	recent.spam.dnsbl		recent.spam.dnsbl.sorbs.net	Hosts that have sent spam to the admins of SORBS in the last 28 days	SORBS Admin and Spamtrap	Renewed every 20 minutes based inclusion in on 'spam.dnsbl.sorbs.net'
	old.spam.dnsbl		old.spam.dnsbl.sorbs.net	Hosts that have sent spam to the admins of SORBS in the last year	SORBS Admin and Spamtrap	Renewed every 20 minutes based inclusion in on 'spam.dnsbl.sorbs.net'
	spam.dnsbl		spam.dnsbl.sorbs.net	Hosts that have sent spam to the admins of SORBS at any time	SORBS Admin and Spamtrap.	Until delisting requested or matter resolved
	escalations.dnsbl		escalations.dnsbl.sorbs.net	Netblocks of service providers believed to support spammers	SORBS Admin fed.	Until delisting requested and matter resolved.	Service providers are added on receipt of a 'third strike' spam
	block.dnsbl		block.dnsbl.sorbs.net	Hosts demanding that they never be tested	Request by host	N/A
	zombie.dnsbl		zombie.dnsbl.sorbs.net	Hijacked networks	SORBS Admin (manual submission)	Until delisting requested.
	dul.dnsbl		dul.dnsbl.sorbs.net	Dynamic IP address ranges	SORBS Admin (manual submission)	Until delisting requested.	Not a list of dial-up IP addresses
	rhsbl		rhsbl.sorbs.net	Aggregate RHS zones	N/A	N/A
	badconf.rhsbl		badconf.rhsbl.sorbs.net	Domains with invalid A or MX records in DNS	Open submission via automated testing page.	Until delisting requested.
	nomail.rhsbl		nomail.rhsbl.sorbs.net	Domains which the owners have confirmed will not be used for sending email	Owner submission	Until delisting requested.
Spamhaus	SBL Advisory	[6]	sbl.spamhaus.org	Verified sources of spam, including spammers and their support services	Manual	From 30 minutes to a year or more, depending on issue and resolution
	XBL Advisory	[7]	xbl.spamhaus.org	Illegal third-party exploits (e.g. open proxies and Trojan Horses)	Third-party (see Notes) with automated additions	Varies, under a month.	Includes the Composite Blocking List and parts of the Not Just Another Bogus List
	PBL Advisory	[8]	pbl.spamhaus.org	All Static, dialup & DHCP IP address space that is not meant to be initiating SMTP connections	Manual	Unknown	Should not be confused with the MAPS DUL and Wirehub Dynablocker lists
	SBL+XBL	[9]	sbl-xbl.spamhaus.org	A single lookup for querying the SBL and XBL databases
	Zen	[10]	zen.spamhaus.org	A single lookup for querying the SBL, XBL and PBL databases.			The one to use to get all.
ORBITrbl Aggressive RBL	RBL	[11]	rbl.orbitrbl.com	Unsolicited bulk/Commercial email senders (Block Class C IP Block)	Feeder servers	Until delisting requested? (Only When Found to be Non Spam Source)	Aggregate zone
Composite Blocking List	CBL	[12]	cbl.abuseat.org	Only IPs exhibiting characteristics specific to open proxies, spamware, etc.	large spamtraps	Temporary, until spam stops	Imported by Spamhaus. Use ZEN instead, includes CBL.
Passive Spam Block List	PSBL	[13]	psbl.surriel.com	IP addresses which send spam to trap	spamtraps	Temporary, until spam stops
Intercept - DNS Blacklist (DNSBL)	Intercept	[14]	intercept.datapacket.net	IP addresses which send spam to trap	spamtraps	Temporary, until spam stops
Weighted Private Block List	WPBL	[15]	db.wpbl.info	IP addresses which send UBE to members	spamtraps	Temporary, until spam stops
SpamCop Blocking List	SCBL	[16]	bl.spamcop.net	IP addresses which have transmitted reported email to SpamCop users	users submit	Temporary, until spam stops
SpamRats	RATSNOPTR	[17]	noptr.spamrats.com	IP addresses detected as abusive at ISP/Telcos using MagicMail Servers, with no reverse DNS	Automatically Submitted	Listed until removed, and reverse DNS configured
	RATSDYNA	[18]	dyna.spamrats.com	IP addresses detected as abusive at ISP/Telcos using MagicMail Servers, with non-conforming reverse DNS (See Best Practises) indicative of a compromised PC	Automatically Submitted	Listed until removed, and reverse DNS set to conform to Best Practises
	RATSSPAM	[19]	spam.spamrats.com	IP addresses detected as abusive at ISP/Telcos using MagicMail Servers, and manually confirmed as a Spam Source	Manually Submitted	Listed until removed
SpamCannibal	spamcannibal.org	[20]	bl.spamcannibal.org	ip addresses and related generic netblock that have sent spam to local mail hosts	spamtraps	until removal requested and matter resolved	listed=127.0.0.2
Distributed Sender Blackhole List	list.DSBL.org	[21]	list.dsbl.org	all single hop relays	tested by trusted testers	until de-listing requested	explanation of test methods
	multihop.DSBL.org		multihop.dsbl.org	the outputs of multihop relays	tested by trusted testers	until de-listing requested	explanation of test methods
	unconfirmed.DSBL.org		unconfirmed.dsbl.org	all the output servers	tested by untrusted and anonymous testers	until de-listing requested	explanation of test methods
Not Just Another Bogus List	NJABL DNSBL	[22]	dnsbl.njabl.org	SMTP open relays, Multi-stage SMTP open relays, spam sources, Insecure CGI scripts that allow open relaying, open proxy servers	spamtraps, testing, testing by trusted contributors	Varies
	Bad host, no cookie		bhnc.njabl.org	These hosts have done things proper SMTP servers don't do.	spamtraps	until de-listing requested
Distributed Realtime Blocking List	drand DRBL node	[23]	spamtrap.drbl.drand.net	IP addresses which send spam to trap, IP addresses which send UBE to members.	Automated [de]listing.	Varies from spam type, rate and other sophisticated factors. 30s-1w.	Hight IP network aggregate threshold >= 254.
Dynamic Realtime Blocking List	RU RBL	[24]	db.rurbl.ru	IP addresses which send spam or viruses to mail server with special sensors.	Automated [de]listing.	Varies from spam or virus pushing characteristics. 5s - 20min.	explanations
Junk Email Filter	Hostkarma	[25]	hostkarma.junkemailfilter.com blacklist.hostkarma.com	Detects viruses by behavior using fake high MX and tracking non-use of QUIT.	Automated [de]listing	Black list Data lives for 4 days. White list data lives for 10 days.	127.0.0.1=white 127.0.0.2=black 127.0.0.3=yellow
RFC-Ignorant.Org	DSN (<>)	[26]	dsn.rfc-ignorant.org	refusal to accept bounces (DSN)	Open submission via automated testing page.	Until delisting requested.
	postmaster	[27]	postmaster.rfc-ignorant.org	refusal to accept e-mail to postmaster
	abuse	[28]	abuse.rfc-ignorant.org	refusal to accept e-mail to abuse
	whois	[29]	whois.rfc-ignorant.org	bogus whois information
	bogusmx	[30]	bogusmx.rfc-ignorant.org	bogus MX record
Abusive Hosts Blocking List (AHBL)	dnsbl	[31]	dnsbl.ahbl.org	Aggregate zone, contains UCE/Bulk email senders, open proxies, open relays, trojaned/infected machines, comment/trackback spammers	Feeder systems, manual	Until delisting requested	Aggregate zone (all aggregates and what they include are listed on [32])
	rhsbl		rhsbl.ahbl.org	Domains sending spam, domains owned by spammers, comment spam domains, spammed URLs	Manual
	ircbl		ircbl.ahbl.org	Subset of dnsbl, contains only open proxies, comprimised machines, comment spammers	Until delisting requested		Designed for use on IRC servers
	tor		tor.ahbl.org	Current tor relay and exit nodes	Automated	N/A

[edit] External links

• Blacklists Compared, weekly reports since July 2001
• DNSBL Statistics - A controversial[33][34][35] comparison of several popular DNSBL's.
• Spam Links - DNS & RHS Blackhole Lists
• Spam Links - Dead DNS and RHS Blackhole Lists

Categories: Spamming

Views

• Article
• Discussion
• Current revision

Navigation

• Main Page
• Contents
• Featured content
• Current events

Interaction

• About Wikipedia
• Community portal
• Recent changes
• Contact Wikipedia
• Donate to Wikipedia
• Help

Search

• This page was last modified 03:40, 2 June 2008 by Anonymous user(s) of Wikipedia. Based on work by Wikipedia user(s) Bruns, Marcperkel, JackSchmidt, Bwpach, UnCatBot, Wrs1864, C.v.wolfhausen, Steppres, Atanw, Phatom87, Ar-wiki, ErikWarmelink, Drand, Tabanger, Kalinga, Joy, Jberkes, SmackBot, Llykstw and Madda.
• All text is available under the terms of the GNU Free Documentation License. (See Copyrights for details.)
  Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a U.S. registered 501(c)(3) tax-deductible nonprofit charity.
  
• About Wikipedia
• Disclaimers

aa - ab - af - ak - als - am - an - ang - ar - arc - as - ast - av - ay - az - ba - bar - bat_smg - bcl - be - be_x_old - bg - bh - bi - bm - bn - bo - bpy - br - bs - bug - bxr - ca - cbk_zam - cdo - ce - ceb - ch - cho - chr - chy - co - cr - crh - cs - csb - cu - cv - cy - da - de - diq - dsb - dv - dz - ee - el - eml - en - eo - es - et - eu - ext - fa - ff - fi - fiu_vro - fj - fo - fr - frp - fur - fy - ga - gan - gd - gl - glk - gn - got - gu - gv - ha - hak - haw - he - hi - hif - ho - hr - hsb - ht - hu - hy - hz - ia - id - ie - ig - ii - ik - ilo - io - is - it - iu - ja - jbo - jv - ka - kaa - kab - kg - ki - kj - kk - kl - km - kn - ko - kr - ks - ksh - ku - kv - kw - ky - la - lad - lb - lbe - lg - li - lij - lmo - ln - lo - lt - lv - map_bms - mdf - mg - mh - mi - mk - ml - mn - mo - mr - mt - mus - my - myv - mzn - na - nah - nap - nds - nds_nl - ne - new - ng - nl - nn - no - nov - nrm - nv - ny - oc - om - or - os - pa - pag - pam - pap - pdc - pi - pih - pl - pms - ps - pt - qu - quality - rm - rmy - rn - ro - roa_rup - roa_tara - ru - rw - sa - sah - sc - scn - sco - sd - se - sg - sh - si - simple - sk - sl - sm - sn - so - sr - srn - ss - st - stq - su - sv - sw - szl - ta - te - tet - tg - th - ti - tk - tl - tlh - tn - to - tpi - tr - ts - tt - tum - tw - ty - udm - ug - uk - ur - uz - ve - vec - vi - vls - vo - wa - war - wo - wuu - xal - xh - yi - yo - za - zea - zh - zh_classical - zh_min_nan - zh_yue - zu -