What is a Blacklist / Blocklist for Email Server?

About

A blacklist is a list of domain / ip / mac address that are not trusted and should be blocked from any activities.

It happens when:

• the email received has been flagged as spam by the reader.
• there is too much bad behavior (for instance, sending too many emails in a short amount of time, trying to login by brute force, ..)

They are not on trusted list.

When an IP is blacklisted because of a bad reputation (if you are a spammer or if you are a email provider), you need to change it.

Usage

They are used to classify or not traffic as good or bad.

For email, they are used to classify a message as spam or not. They are therefore found in Anti-Spam products.

Database

Blacklist database systems return an opinion if an inbound email should be accepted (based on IP Address, …)

DNSBL

A DNSBL is a Domain Name System (DNS) Black List (BL) ie:

• a list of IP address ranges or other information compiled
• and presented as a DNS zone

It's also known as:

• Blacklist DNS Servers
• or Real-time blackhole list (RBL)

Uceprotect

Level 1 denylist at http://wget-mirrors.uceprotect.net/rbldnsd-all/dnsbl-1.uceprotect.net.gz

List

• https://mailspike.org/

Spamhaus

Spamhaus has several DSN blacklist zone:

The Zen for IP listing that has 3 sub-zones are:

• The “Spamhaus Block List” (SBL):
  • Direct spam sources
  • Spammer hosting/DNS
  • Spam organizations
• The “Exploits Block List” (XBL)
  • Bad Bots
  • Malware-infected computers.
• The “Policy Block List” (PBL)
  • IP space that should not be sending email directly to the Internet (For instance, IP ranges assigned by ISPs to broadband or dial-up customers)

The Domain Block List (DBL) zone:

• a list of domain names with poor reputations