Table of Contents

About

A blacklist is a list of domain / ip / mac address that are not trusted and should be blocked from any activities.

It happens when:

  • the email received has been flagged as spam by the reader.
  • there is too much bad behavior (for instance, sending too many emails in a short amount of time, trying to login by brute force, ..)

They are not on trusted list.

When an IP is blacklisted because of a bad reputation (if you are a spammer or if you are a email provider), you need to change it.

Usage

They are used to classify or not traffic as good or bad.

For email, they are used to classify a message as spam or not. They are therefore found in Anti-Spam products.

Database

Blacklist database systems return an opinion if an inbound email should be accepted (based on IP Address, …)

DNSBL

A DNSBL is a Domain Name System (DNS) Black List (BL) ie:

  • a list of IP address ranges or other information compiled
  • and presented as a DNS zone

It's also known as:

  • Blacklist DNS Servers
  • or Real-time blackhole list (RBL)

Uceprotect

Level 1 denylist at http://wget-mirrors.uceprotect.net/rbldnsd-all/dnsbl-1.uceprotect.net.gz

List

Spamhaus

Spamhaus has several DSN blacklist zone:

The Zen for IP listing that has 3 sub-zones are:

  • The “Spamhaus Block List” (SBL):
    • Direct spam sources
    • Spammer hosting/DNS
    • Spam organizations
  • The “Exploits Block List” (XBL)
  • The “Policy Block List” (PBL)
    • IP space that should not be sending email directly to the Internet (For instance, IP ranges assigned by ISPs to broadband or dial-up customers)

The Domain Block List (DBL) zone:

  • a list of domain names with poor reputations