About
A blacklist is a list of domain / ip / mac address that are not trusted and should be blocked from any activities.
It happens when:
- the email received has been flagged as spam by the reader.
- there is too much bad behavior (for instance, sending too many emails in a short amount of time, trying to login by brute force, ..)
They are not on trusted list.
When an IP is blacklisted because of a bad reputation (if you are a spammer or if you are a email provider), you need to change it.
Usage
They are used to classify or not traffic as good or bad.
For email, they are used to classify a message as spam or not. They are therefore found in Anti-Spam products.
Database
Blacklist database systems return an opinion if an inbound email should be accepted (based on IP Address, …)
DNSBL
A DNSBL is a Domain Name System (DNS) Black List (BL) ie:
- a list of IP address ranges or other information compiled
- and presented as a DNS zone
It's also known as:
- Blacklist DNS Servers
- or Real-time blackhole list (RBL)
Uceprotect
Level 1 denylist at http://wget-mirrors.uceprotect.net/rbldnsd-all/dnsbl-1.uceprotect.net.gz
List
Spamhaus
Spamhaus has several DSN blacklist zone:
The Zen for IP listing that has 3 sub-zones are:
- The “Spamhaus Block List” (SBL):
- Direct spam sources
- Spammer hosting/DNS
- Spam organizations
- The “Exploits Block List” (XBL)
- Malware-infected computers.
- The “Policy Block List” (PBL)
- IP space that should not be sending email directly to the Internet (For instance, IP ranges assigned by ISPs to broadband or dial-up customers)
The Domain Block List (DBL) zone:
- a list of domain names with poor reputations