Comparison of DNS blacklists

Last updated April 25, 2024

The following table lists technical information for assumed reputable^{[ by whom? ]} DNS blacklists used for blocking spam.

Blacklist operator	DNS blacklist	Zone	Listing goal	Nomination	Listing lifetime	Notes	Collateral listings	Notifies upon listing
Abusix	combined	combined.mail.abusix.zone	Aggregate zone	Aggregate zone	Aggregate Zone	Single lookup that contains results from black, exploit and policy lists	No	No
	black	black.mail.abusix.zone	Lists individual IP addresses that have sent mail to spam traps, and some manually-added address blocks.	Mostly automatic with some manual additions	For automated, listings 5.6 days after last event. Manual additions are permanent.		No	No (but planned)
	exploit	exploit.mail.abusix.zone	Lists IP addresses behaving in a way that indicates they are compromised, infected, proxies, or VPN or TOR exit nodes.	Automatic	5.6 days after last event		No	No (but planned)
	policy	dynamic.mail.abusix.zone	Lists IP addresses that should not be connecting directly to MX, such as residential IP addresses etc.	Automatic	Permanent (until delist requested)	Lists ranges that have generic or templated rDNS. Individual IP addresses can be delisted immediately via web.	No	No
	dblack	dblack.mail.abusix.zone	Lists domains seen in spam hitting traps.	Automatic	5.6 days after last event	Can be used as an RHSBL and a URIBL.	No	No (but planned)
	nod	nod.mail.abusix.zone	Lists domains that are newly observed (first use).	Automatic	25 hours	Based on historical passive DNS data, lists domains first seen in the wild within the last 25 hours).	No	No
	shorthash	shorthash.mail.abusix.zone	Lists short URLs (SHA-1 hashed) seen in traps.	Automatic	5.6 days after last event	Created to handle popular shorteners that are misused to hide domains from blacklisting	No	No
	diskhash	diskhash.mail.abusix.zone	Lists URLs of online drive services (SHA-1 hashed) seen in traps.	Automatic	5.6 days after last event	Current only listing Google Drive and Yandex Disk URLs that are used to avoid domain blacklisting.	No	No
ARM Research Labs, LLC GBUdb	Truncate	truncate.gbudb.net	Extremely conservative list of single IP4 addresses that produce exclusively spam/malware as indicated by the GBUdb IP Reputation system. Most systems should be able to safely reject connections based on this list.	Automatic: IP addresses are added when the GBUdb "cloud" statistics reach a probability figure that indicates 95% of messages produce a spam/malware pattern match and a confidence figure that indicates sufficient data to trust the probability data.	Automatic: Continuous while reputation statistics remain bad. Warning: Produces false positives, and has no remedy/removal process. IP addresses are dropped quickly if the statistics improve (within an hour). IP addresses are dropped within 36 hours (typ) if no more messages are seen (dead zombie).	Source data is derived from a global network of Message Sniffer^[1] filtering nodes in real-time. Truncate data is updated from statistics every 10 minutes. Warning: Unreliable, as it produces false positives. It is impossible to find additional information or to manually troubleshoot the problem. It is based on results created by their proprietary software running a proprietary algorithm.	No	No
Metunet Research Labs Metunet	dnsbl	rbl.metunet.com	Single IP4 addresses that produce exclusively spam or malware. Mail service providers are protected.	Automatic	Last activities after one year automatic or delist request by mail	Removal requests are quickly and manually reviewed and processed without fees.	No	No
Mailspike / Anubisnetworks	mailspike.org	bl.mailspike.org	IP4 / IPv6 addresses that produce spam or malware.	Automatic	List is updated daily. Reputation is gradually restored after days of good / null activity	Immediate delisting via the website	No	No
invaluement DNSBL	ivmSIP	Paid access via rsync	Single IP addresses which only send UBE. Specializing in snowshoe spam and other 'under the radar' spam which evades many other DNSBLs. Has FP-level comparable to Zen.	Automatic (upon receipt of spam to a real person's mailbox), with extensive whitelists and filtering to prevent false positives	Typically an automatic expiration 11 days after the last abuse was seen, but with some exceptions	Spam samples are always kept on file for each listing. Removal requests are manually reviewed and processed without fees.	No	No
	ivmSIP/24	Paid access via rsync	Lists /24 blocks of IP addresses which usually only send UBE and containing at least several addresses which are confirmed emitters of junk mail. Collateral listings are kept to a minimum because subsections are often carved from /24 listings when spammers and legit senders share the same /24 block.	Automatic once at least several IP addresses from a given block are individually listed on ivmSIP, with extensive whitelists and filtering to prevent false positives	Expiration time increases to many weeks as the fraction of IP addresses in the /24 block in question sending junk mail increases.	Removal requests are quickly and manually reviewed and processed without fees.	Yes	No
	ivmURI	Paid access via rsync	Comparable to uribl.com and surbl.org, this is a list of IP addresses and domains which are used by spammers in the clickable links found in the body of spam messages	Automatic (upon receipt of spam to a real person's mailbox), with extensive whitelists and filtering to prevent false positives	Typically an automatic expiration several weeks after the last abuse was seen	Spam samples are always kept on file for each listing. Removal requests are quickly and manually reviewed and processed without fees.	No	No
Spam and Open Relay Blocking System (SORBS)	dnsbl	dnsbl.sorbs.net	Unsolicited bulk/commercial e-mail senders	N/A (See individual zones)	N/A (See individual zones)	Aggregate zone (all aggregates and what they include are listed on SORBS)^[2]	As per component list	Via SORBS Report Manager
	safe.dnsbl	safe.dnsbl.sorbs.net	Unsolicited bulk/commercial e-mail senders	N/A (See individual zones)	N/A (See individual zones)	"Safe" Aggregate zone (all zones in dnsbl.sorbs.net except "recent", "old", "spam" and "escalations")	No	Via SORBS Report Manager
	http.dnsbl	http.dnsbl.sorbs.net	Open HTTP proxy servers	Feeder servers	Until delisting requested		No	Via SORBS Report Manager
	socks.dnsbl	socks.dnsbl.sorbs.net	Open SOCKS proxy servers	Feeder servers	Until delisting requested		No	Via SORBS Report Manager
	misc.dnsbl	misc.dnsbl.sorbs.net	Additional proxy servers	Feeder servers	Until delisting requested	Those not already listed in the HTTP or SOCKS databases	No	Via SORBS Report Manager
	smtp.dnsbl	smtp.dnsbl.sorbs.net	Open SMTP relay servers	Feeder servers	Until delisting requested		No	Via SORBS Report Manager
	web.dnsbl	web.dnsbl.sorbs.net	IP addresses with vulnerabilities that are exploitable by spammers (e.g. FormMail scripts)	Feeder servers	Until delisting requested or automated expiry		No	Via SORBS Report Manager
	new.spam.dnsbl	new.spam.dnsbl.sorbs.net	Hosts that have sent spam to the SORBS spam traps or administrators in the last 48 hours	SORBS administrators and spam traps	Renewed every 20 minutes based inclusion in on 'spam.dnsbl.sorbs.net'		No	Via SORBS Report Manager
	recent.spam.dnsbl	recent.spam.dnsbl.sorbs.net	Hosts that have sent spam to the SORBS spam traps or administrators in the last 28 days	SORBS administrators and spam traps	Renewed every 20 minutes based inclusion in on 'spam.dnsbl.sorbs.net'		No	Via SORBS Report Manager
	old.spam.dnsbl	old.spam.dnsbl.sorbs.net	Hosts that have sent spam to the SORBS spam traps or administrators in the last year	SORBS administrator and spam traps	Renewed every 20 minutes based inclusion in on 'spam.dnsbl.sorbs.net'		No	Via SORBS Report Manager
	spam.dnsbl	spam.dnsbl.sorbs.net	Hosts that have allegedly sent spam to the SORBS spam traps or administrators ever	SORBS administrators and spam traps	Until delisting requested		No	Via SORBS Report Manager
	escalations.dnsbl	escalations.dnsbl.sorbs.net	Address blocks of service providers believed to support spammers	SORBS administrators	Until delisting requested and matter resolved	Service providers are added on receipt of a 'third strike' spam	Yes	Via SORBS Report Manager
	block.dnsbl	block.dnsbl.sorbs.net	Hosts demanding that they never be tested	Request by host	N/A		No	Via SORBS Report Manager
	zombie.dnsbl	zombie.dnsbl.sorbs.net	Hijacked networks	SORBS administrators (manual submission)	Until delisting requested		No	Via SORBS Report Manager
	dul.dnsbl	dul.dnsbl.sorbs.net	Dynamic IP address ranges	SORBS administrators (manual submission)	Until delisting requested	Not a list of dial-up IP addresses	No	Via SORBS Report Manager
	noservers.dnsbl	noservers.dnsbl.sorbs.net	No Servers Permitted by ISP Policy	Administered by address registrants	Not Applicable.	No Servers Permitted by ISP Policy	No	Via SORBS Report Manager
	rhsbl	rhsbl.sorbs.net	Aggregate RHS zones	N/A	N/A		No	No
	badconf.rhsbl	badconf.rhsbl.sorbs.net	Domains with invalid A or MX records in DNS	Open submission via automated testing page	Until delisting requested		No	No
	nomail.rhsbl	nomail.rhsbl.sorbs.net	Domains which the owners have confirmed will not be used for sending mail	Owner submission	Until delisting requested		No	No
Spamhaus	Spamhaus Blocklist (SBL)	sbl.spamhaus.org	This list contains IP addresses that are observed to be involved in sending spam, snowshoe spamming, botnet command and controllers (C&Cs), bulletproof hosting companies and hijacked address space.	Manual	From five minutes to a year or more, depending on issue and resolution		Rarely (escalation)	Yes (partial)
	eXploits Blocklist (XBL)	N/A	This lists the individual IPv4 addresses (/32s) that are infected with malware, worms, and Trojans; third party exploits, such as open proxies; or devices controlled by botnets. The constantly updated list is designed to protect networks from malware and spam by preventing mailservers from accepting connections from compromised computing devices.	Third-party with automated additions	Varies, under a month, self removal via Composite Blocking List lookup	Consists of the Composite Blocking List	No	No
	Extended eXploits Blocklist (eXBL)	N/A	This list is a real-time database of raw and filtered feeds that provides additional information on hijacked IP addresses. The eXBL is available to selected security organizations and cyber incident response teams.	Third-party with automated additions	Varies, under a month, self removal via Composite Blocking List lookup	Consists of the Composite Blocking List	No	No
	Domain Blocklist (DBL)	dbl.spamhaus.org	Domains owned by spammers and used for spam or other malicious purposes. This blocklist also contains domains owned by non-spammers which are used for legitimate purposes, but have been hijacked by spammers.	Ranking of over 80 different metrics and machine learning	A few days, with self-removal generally allowed		{{}}	Rarely
	Enhanced Domain Blocklist (eDBL)	dbl.spamhaus.org	This list provides detailed information on each domain listing and is available via an API. This enables querying of the DBL engine, returning a JSON record for each domain. The Enhanced Domain Blocklist (eDBL) can be used to track a particular domain's score over a longer period, or to combine Domain Blocklist data with other information.		A few days. Self-removal generally allowed.		{{}}	Rarely
	Policy Blocklist (PBL)	pbl.spamhaus.org	This list includes IP address ranges for end-user devices, such as home routers, smart TVs, and other Information of Things (IoT) devices, from which mail should never be sent. This protects networks from the potential of being compromised by malware spread by botnet command and controller servers (C&Cs).	Manual, by providers controlling the IPs or by Spamhaus PBL Team	Self-removal (see spamhaus web site)	Should not be confused with the MAPS DUL and Wirehub Dynablocker lists	No	No
	Hash Blocklist (HBL)	hbl.spamhaus.org	This list contains the following content areas: Cryptowallet (Bitcoin etc.), malware and e-mail addresses. Hash Blocklists (HBL) are lists of cryptographic hashes associated with malicious content, as opposed to IP addresses or domains. They are extremely useful for filtering fraudulent mail coming from ISPs, domains, or IP addresses that Spamhaus is unable to list e.g. Gmail. Additionally, they can block mail containing malware files.	Manual, by providers controlling the addresses or by Spamhaus PBL Team	Self-removal (see spamhaus web site)		No	No
	Zero Reputation Domains (ZRD)	<key>.authbl.dq.spamhaus.net	This lists newly registered domains for 24 hours. Domains that have just been registered are rarely used by legitimate organizations immediately. Cybercriminals register and burn 100s of domains daily. The Zero Reputation Domain (ZRD) blocklist helps to protect users from following links and visiting newly registered domains until it is established that they are not associated with zero day attacks; phishing, bot-herding, spyware or ransomware campaigns.	Automated	24 hours		No	No
	Zen	zen.spamhaus.org	A single lookup for querying the SBL, XBL and PBL databases			Preferred list to check all Spamhaus address lists with one query	As per component list	As per component list
THREATINT	DNSBL	dnsbl.threatint.zone	IP addresses used to send spam and/or scan networks/hosts	spam traps, honeypots	Automatic: 48 hrs after activity stops		No	No
JustSpam	JustSpam.Org	dnsbl.justspam.org	IP addresses used to send spam to trap	spam traps	Until Free Removal	Sending a special mail generated using the removalform contains the listed IP in the mailheader.	No	No
Passive Spam Block List	PSBL	psbl.surriel.com (also free available via rsync )	IP addresses used to send spam to trap	spam traps	Temporary, until spam stops		No	No
Weighted Private Block List	WPBL	db.wpbl.info	IP addresses used to send UBE to members	spam traps	Temporary, until spam stops		No	No
SpamCop Blocking List	SCBL	bl.spamcop.net	IP addresses which have been used to transmit reported mail to SpamCop users	Users submit	Temporary, until spam stops, has self removal		No	Yes (partial)
SpamRats	RATS-NoPtr	noptr.spamrats.com	IP addresses detected as abusive at ISPs using MagicMail Servers, with no reverse DNS service	Automatically Submitted	Listed until removed, and reverse DNS configured		Yes	No
	RATS-Dyna	dyna.spamrats.com	IP addresses detected as abusive at ISPs using MagicMail Servers, with non-conforming reverse DNS service (See Best Practises) indicative of compromised systems	Automatically Submitted	Listed until removed, and reverse DNS set to conform to Best Practises		Yes	No
	RATS-Spam	spam.spamrats.com	IP addresses detected as abusive at ISPs using MagicMail Servers, and manually confirmed as spam sources	Manually Submitted	Listed until removed		Yes	No
	RATS-Auth	auth.spamrats.com	IP addresses detected probing passwords or authenticating without sending mail	Automatically Submitted	Listed until removed		Yes	No
Junk Email Filter	Hostkarma	hostkarma.junkemailfilter.com	Detects viruses by behavior using fake high MX and tracking non-use of QUIT	Automated [de]listing	Black list entries last 4 days. White list entries last 10 days.	127.0.0.1=white 127.0.0.2=black 127.0.0.3=yellow	Yes	No
Heise Zeitschriften Verlag GmbH & Co. KG, hosted by manitu GmbH	NiX Spam (nixspam)	ix.dnsbl.manitu.net	Lists single IP addresses (no address ranges) that send spam to spam traps. Lists mailhosts, rather than domains, and thus blocks entire hosting providers and ISPs.	Automated listing due to spam trap hits. Exceptions apply to bounces, NDRs and whitelisted IP addresses.	12 hours after last listing or until self delisting	TXT records provide information of listing incident - NiX Spam also provides hashes for fuzzy checksum plugin (iXhash) for SpamAssassin.	No	Yes (for ISPs/ESPs on request)
blocklist.de	dnsbl	bl.blocklist.de	IP addresses used to in attacks over SSH, IMAP, SMTP, FTP, or HTTP, or for attacks involving remote file inclusion, SQL injection, or DDOS	Automatic: over honeypots and with over 515 users and 630 servers from blocklist.de via Fail2Ban or own scripts	Automatic: 48 Hours after the last Attack. But earlier remove is available over the Delist-Link	Services are free. Source data is from Honeypot-Systems and over 515 User with 630 Servern there reports Attacks with Fail2Ban	No	Yes
s5h.net Internet Services	s5h.net	all.s5h.net	Spam sources from mail, forums, referrer spam and dictionary attacks	Traps	Twelve months unless ISPs request removal earlier	By request. ISPs can provide request exclusion.	Yes	No
BarracudaCentral	RBL	b.barracudacentral.org	Spam Trap	Provides a list of IP addresses which are sending spam. The Barracuda Reputation system uses automated collection methods to add and delete IP addresses from the BRBL.	Until delisting requested	Requires registration of administrator and hosts to use. Removal requests are typically investigated and processed within 12 hours of submission if provided with a valid explanation.	No	No
The NordSpam Project	NordSpam IP Blacklist	bl.nordspam.com	IP addresses detected as unsolicited bulk/commercial e-mail senders, Web spam	Manual	Until delisting requested	Removal requests are manually reviewed and processed without fees.	Rarely (escalation)	Sometimes
The NordSpam Project	NordSpam Domain Blacklist	dbl.nordspam.com	Unsolicited bulk/commercial e-mail senders, Web spam	Manual	Until delisting requested	Removal requests are manually reviewed and processed without fees.	No	Sometimes
0Spam Project	bl.0spam.org	bl.0spam.org	Lists single IP's for spam, malware, abuse, RFC Non-Compliance, Bad configuration and fraud	Automated listings from: Machine Learning, Spam traps, and abuse detection	Until IP Owner/Authorized administrator/End User requests listing removal	0spam AI detects: # General spam, # RFC-non-compliance issue, # Bouncing mail to the wrong server, # Unauthorized Mail relay, # Spoof & Bouncing spoofed-sender mail, # Fraud or scam mail, malware or illegal or abusive content	No	Yes
	rbl.0spam.org	rbl.0spam.org	Lists single IP's for spam, malware, abuse, RFC Non-Compliance, Bad configuration and fraud	Automated listings from: Machine Learning, Spam traps, and abuse detection	Automated removal after 24 hours of no spam.	0spam AI detects: # General spam, # RFC-non-compliance issue, # Bouncing mail to the wrong server, # Unauthorized Mail relay, # Spoof & Bouncing spoofed-sender mail, # Fraud or scam mail, malware or illegal or abusive content	No	Yes

	nbl.0spam.org	nbl.0spam.org	Lists Class C networks with high number of unaddressed abuse reports on the bl.0spam.org list.	Automated listings for spam source Class C blocks	Until IP Owner/Authorized administrator/End User requests listing removal	It's suggestion to use the nbl.0spam.org list in conjunction with rule based filtering. This is a NetworkBlockList(NBL) so it lists full Class C IP blocks containing a high number of spam IP's. Use with SPF/DKIM Fail to produce the most accurate results.	No	Yes
dbl.0spam.org	dbl.0spam.org	Lists single IP's for domains found to be in spam emails.	Automated listings from: Parsing spam emails	Until IP Owner/Authorized administrator/End User requests listing removal	This list contains the IP's of domains found to be in emails identified as spam. You should NOT use this list as a sole identifier of spam.	No	Yes
Brukalai.lt	DNSBL	black.dnsbl.brukalai.lt	Addresses and domains for junk mail filtering (aggregate zone)	Mostly automatic with some manual additions	Until delisting requested		Yes	No
Metunet	DNSBL	rbl.metunet.com	Single IP4 addresses produce exclusively spam or malware. Respective Mail providers protected like Free and paid mail providers.	Automatic	One year after last activity (automatic) or delist request by mail	Removal requests are quickly and manually reviewed and processed without fees.	No	No
Excello s.r.o.	Virusfree BIP	bip.virusfree.cz	Botnet IP list. Single IPv4 addresses produced from spam, pure bots. No mail server addresses.	Automatic listing	Automatic delisting	Included in RSPAMD	No	No
Excello s.r.o.	Virusfree BAD	bad.virusfree.cz	BAD senders list. Single IPv4 addresses with high spam rate. Mostly botnets and large spammers. Also, mail servers which send malware are listed.	Automatic listing	Automatic delisting		No	No

Notes

"Collateral listings"—Deliberately listing non-offending IP addresses, in order to coerce ISPs to take action against spammers under their control.

"Notifies upon listing"—Warns registrants of listed IP addresses or domains (so registrants can take actions to fix problems).

Suspect RBL providers

Suspect RBL providers are those who employ well-documented patterns^[3] of questionable or reckless practices^[4] or have questionable actors based on statements or communications from the RBL's principal management to official forums.^[5] These practices usually include acceptance of de-listing payments (also known as ransom payments) - which incentivizes fraud - such as is the case with UCEPROTECT/Whitelisted.org.^[6] Often, these RBL providers use circular rhetoric such as "only spammers would claim we are illegitimate" in furtherance of their scheme. These RBL providers have shown clear or lengthy patterns of misconduct or unstable behavior in public forums or operations or both.^[3]^[5] It is recommended that ISPs carefully consider these RBL providers before incorporating them into spam blocking regimens. These RBL providers have demonstrated the potential and willingness to adversely affect vast swaths of internet communications for misguided, reckless or likely fraudulent purposes. Using these RBL providers will likely result in clogging up ISP support channels while negatively affecting legitimate business customers.

Blacklist operator	Questionable Operations	DNS blacklist	Zone	Listing goal	Nomination	Listing lifetime	Notes	Collateral listings	Notifies upon listing
UCEPROTECT-Network	Accepts monetary fees to de-list which incentivizes fraud or abuse;^[4] principal management engages in questionable behavior in official communications^[5]	UCEPROTECT Level 1	dnsbl-1.uceprotect.net (also free available via rsync ^[7])	Single IP addresses that send mail to spamtraps. Or anything that could have attacked them, even if not related to email.	Automatic by a cluster of more than 60 trapservers ^[8]	Automatic expiration 7 days after the last abuse was seen, optionally express delisting for a small fee.	UCEPROTECT's primary and the only independent list	No	No
		UCEPROTECT Level 2	dnsbl-2.uceprotect.net (also free available via rsync ^[7])	Allocations with exceeded UCEPROTECT Level 1 listings	Automatic calculated from UCEPROTECT-Level 1	Automatic removal as soon as Level 1 listings decrease below Level 2 listing border, optionally express delisting (for a fee)	Fully depending on Level 1	Yes	No
		UCEPROTECT Level 3	dnsbl-3.uceprotect.net (also free available via rsync ^[7])	ASN's with excessive UCEPROTECT Level 1 listings	Automatic calculated from UCEPROTECT-Level 1	Automatic removal as soon as Level 1 listings decrease below Level 3 listing border, optionally express delisting (fee)	Fully depending on Level 1	Yes	No
SPFBL.net	Offers paid delisting^[9] which violates Section 2.2.5 Conflict of Interest, RFC 6471 ^[10]	RBL	dnsbl.spfbl.net	Bad reputation, difficult to identify the responsible, dynamic addresses, SLAAC flag without genuine mail service and inappropriate use of the URL	Provides a list of IPv4/IPv6 addresses and domains which are sending spam or phishing.	Until delisting requested or seven days with good reputation	The feedback system runs at SMTP layer. See Feedback	Yes	Yes

Related Research Articles

The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to each of the associated entities. Most prominently, it translates readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols. The Domain Name System has been an essential component of the functionality of the Internet since 1985.

<span class="mw-page-title-main">Open mail relay</span>

An open mail relay is a Simple Mail Transfer Protocol (SMTP) server configured in such a way that it allows anyone on the Internet to send e-mail through it, not just mail destined to or originating from known users. This used to be the default configuration in many mail servers; indeed, it was the way the Internet was initially set up, but open mail relays have become unpopular because of their exploitation by spammers and worms. Many relays were closed, or were placed on blacklists by other servers.

A Domain Name System blocklist, Domain Name System-based blackhole list, Domain Name System blacklist (DNSBL) or real-time blackhole list (RBL) is a service for operation of mail servers to perform a check via a Domain Name System (DNS) query whether a sending host's IP address is blacklisted for email spam. Most mail server software can be configured to check such lists, typically rejecting or flagging messages from such sites.

A whitelist or allowlist is a list or register of entities that are being provided a particular privilege, service, mobility, access or recognition. Entities on the list will be accepted, approved and/or recognized. Whitelisting is the reverse of blacklisting, the practice of identifying entities that are denied, unrecognised, or ostracised.

Telephone number mapping is a system of unifying the international telephone number system of the public switched telephone network with the Internet addressing and identification name spaces. Internationally, telephone numbers are systematically organized by the E.164 standard, while the Internet uses the Domain Name System (DNS) for linking domain names to IP addresses and other resource information. Telephone number mapping systems provide facilities to determine applicable Internet communications servers responsible for servicing a given telephone number using DNS queries.

Various anti-spam techniques are used to prevent email spam.

<span class="mw-page-title-main">Email spam</span> Unsolicited electronic advertising by email

Email spam, also referred to as junk email, spam mail, or simply spam, is unsolicited messages sent in bulk by email (spamming). The name comes from a Monty Python sketch in which the name of the canned pork product Spam is ubiquitous, unavoidable, and repetitive. Email spam has steadily grown since the early 1990s, and by 2014 was estimated to account for around 90% of total email traffic.

The Distributed Sender Blackhole List was a Domain Name System-based Blackhole List that listed IP addresses of insecure e-mail hosts. DSBL could be used by server administrators to tag or block e-mail messages that came from insecure servers, which is often spam.

The Spamhaus Project is an international organisation based in the Principality of Andorra, founded in 1998 by Steve Linford to track email spammers and spam-related activity. The name spamhaus, a pseudo-German expression, was coined by Linford to refer to an internet service provider, or other firm, which spams or knowingly provides service to spammers.

Email authentication, or validation, is a collection of techniques aimed at providing verifiable information about the origin of email messages by validating the domain ownership of any message transfer agents (MTA) who participated in transferring and possibly modifying a message.

SpamCop is an email spam reporting service, allowing recipients of unsolicited bulk or commercial email to report IP addresses found by SpamCop's analysis to be senders of the spam to the abuse reporting addresses of those IP addresses. SpamCop uses these reports to compile a list of computers sending spam called the "SpamCop Blocking List" or "SpamCop Blacklist" (SCBL).

SORBS is a list of e-mail servers suspected of sending or relaying spam. It has been augmented with complementary lists that include various other classes of hosts, allowing for customized email rejection by its users.

A smart host or smarthost is an email server via which third parties can send emails and have them forwarded on to the email recipients' email servers.

WHOIS is a query and response protocol that is used for querying databases that store an Internet resource's registered users or assignees. These resources include domain names, IP address blocks and autonomous systems, but it is also used for a wider range of other information. The protocol stores and delivers database content in a human-readable format. The current iteration of the WHOIS protocol was drafted by the Internet Society, and is documented in RFC 3912.

Bill Woodcock is the executive director of Packet Clearing House, the international organization responsible for providing operational support and security to critical Internet infrastructure, including Internet exchange points and the core of the domain name system; the chairman of the Foundation Council of Quad9; the president of WoodyNet; and the CEO of EcoTruc and EcoRace, companies developing electric vehicle technology for work and motorsport. Bill founded one of the earliest Internet service providers, and is best known for his 1989 development of the anycast routing technique that is now ubiquitous in Internet content distribution networks and the domain name system.

A challenge–response system is a type of that automatically sends a reply with a challenge to the (alleged) sender of an incoming e-mail. It was originally designed in 1997 by Stan Weatherby, and was called Email Verification. In this reply, the purported sender is asked to perform some action to assure delivery of the original message, which would otherwise not be delivered. The action to perform typically takes relatively little effort to do once, but great effort to perform in large numbers. This effectively filters out spammers. Challenge–response systems only need to send challenges to unknown senders. Senders that have previously performed the challenging action, or who have previously been sent e-mail(s) to, would be automatically

In networking, a black hole refers to a place in the network where incoming or outgoing traffic is silently discarded, without informing the source that the data did not reach its intended recipient.

SURBL is a collection of URI DNSBL lists of Uniform Resource Identifier (URI) hosts, typically web site domains, that appear in unsolicited messages. SURBL can be used to search incoming e-mail message bodies for spam payload links to help evaluate whether the messages are unsolicited. For example, if http://www.example.com is listed, then e-mail messages with a message body containing this URI may be classified as unsolicited. URI DNSBLs differ from prior DNSBLs, which commonly list mail sending IP addresses. SURBL is a specific instance of the general URI DNSBL list type.

Not Just Another Bogus List (NJABL) was a DNS blacklist.

The Mail Abuse Prevention System (MAPS) is an organization that provides anti-spam support by maintaining a DNSBL. They provide five black lists, categorising why an address or an IP block is listed:

References

↑ "armresearch.com". armresearch.com. Retrieved 2012-05-06.
↑ "sorbs.net". sorbs.net. Retrieved 2012-05-06.
1 2 GitHub. "About removing UceProtect". github.com. Retrieved 2021-04-02.
1 2 Security Boulevard. "UCEPROTECT: When RBLs Go Bad". securityboulevard.com. Archived from the original on 21 April 2021. Retrieved 2021-04-02.
1 2 3 IETF. "IETF Mail Archive: [Asrg] Final statement". mailarchive.ietf.org. Retrieved 2021-04-02.
↑ whitelisted.org. "UceProtect Ransom Payment Collection Arm". www.whitelisted.org. Retrieved 2021-04-03.
1 2 3 UCEPROTECT. "UCEPROTECT-Network - Germanys first Spam protection database". Uceprotect.net. Retrieved 2012-05-06.
↑ Simpson, Ken. "Getting Onto a Blacklist Without Sending Any Spam". MailChannels Anti-Spam Blog. MailChannels Corporation. Archived from the original on 19 September 2011. Retrieved 16 September 2011.
↑ spfbl.net. "Query and delist - Rules for paid delist". spfbl.net. Retrieved 2023-08-25.
↑ C. Lewis and M. Sergeant (January 2012). "Overview of Best Email DNS-Based List (DNSBL) Operational Practices - 2.2.5. Conflict of Interest". IETF. Retrieved 2023-08-25.

External links

List of all RBLs, Information about all existing blacklists including discontinued blacklists.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "armresearch.com". armresearch.com. Retrieved 2012-05-06.

[2] "sorbs.net". sorbs.net. Retrieved 2012-05-06.

[uceprotectQuestionableConductPatterns-3] 1 2 GitHub. "About removing UceProtect". github.com. Retrieved 2021-04-02.

[uceprotectQuestionablePractices-4] 1 2 Security Boulevard. "UCEPROTECT: When RBLs Go Bad". securityboulevard.com. Archived from the original on 21 April 2021. Retrieved 2021-04-02.

[uceprotectQuestionableActors-5] 1 2 3 IETF. "IETF Mail Archive: [Asrg] Final statement". mailarchive.ietf.org. Retrieved 2021-04-02.

[uceprotectRansomPotentialFraud-6] whitelisted.org. "UceProtect Ransom Payment Collection Arm". www.whitelisted.org. Retrieved 2021-04-03.

[uceprotect1-7] 1 2 3 UCEPROTECT. "UCEPROTECT-Network - Germanys first Spam protection database". Uceprotect.net. Retrieved 2012-05-06.

[mailchannels-blog-1-8] Simpson, Ken. "Getting Onto a Blacklist Without Sending Any Spam". MailChannels Anti-Spam Blog. MailChannels Corporation. Archived from the original on 19 September 2011. Retrieved 16 September 2011.

[spfblnetpaid-9] spfbl.net. "Query and delist - Rules for paid delist". spfbl.net. Retrieved 2023-08-25.

[rfc6471s2.2.5-10] C. Lewis and M. Sergeant (January 2012). "Overview of Best Email DNS-Based List (DNSBL) Operational Practices - 2.2.5. Conflict of Interest". IETF. Retrieved 2023-08-25.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]