Blacklists or blocklists are lists of IP addresses, domain names, email addresses or content of the headers or the body, or some combination of these different types, that can be used to help identify spam. A special subset of IP address and domain name lists exist which can be queried using DNS, which are called DNS Blackhole Lists or DNSBLs. Blacklists can be unverified and cause “collateral damage”; their criteria for listing may not be clear.
Those blacklists listed here are just a tiny subset of all of the private access lists and ACLs that exist to block spam from private networks; that larger set is the source of the death of a thousand cuts that any spam friendly provider should eventually experience. They may not have the clout of SPEWS, but they may last even longer.
These list by IP address alone. They vary hugely in format, from sendmail access.db to plain text lists.
DNS Blackhole Lists (DNSBLs) are a special case of IP address lists which can be queried using DNS.
Bogons are IP address ranges (prefixes) that shouldn't be routable. See ASN blacklists for more.
Spamhaus
Don't Route Or Peer (DROP) List - www.spamhaus.org/DROP/
Bogon
Prefixes - www.team-cymru.org/Services/Bogons/
Internet
Alert Registry - cs.unm.edu/~karlinjf/IAR/
Korean
and Chinese IPs - www.okean.com/asianspamblocks.html
ISC's
China Servers Sending Spam - www.isc.org.cn/20020417/ca226065.htm
Maxmind IP
to Country - www.maxmind.com/app/country/
Ludost IP to Country
- ip.ludost.net/
Webhosting.info
IP to Country - ip-to-country.webhosting.info/
Block a country
- blockacountry.com/
Software77 Geo-IP
- software77.net/geo-ip/
Verio
Netblocks - www.the-foxhole.org/verio.txt
Comcast
IPs - www.tqmcube.com/comcast_advisory.php
Tor
exit nodes - tor.eff.org/cvs/tor/contrib/exitlist
Tor blacklist
- proxy.org/tor_blacklist.txt
Yambo
financials servers - www.spamtrackers.eu/feeds/domains/yamboservers.rss
Cotse
Current Dictionary Attack Systems Being Blocked - mail.cotse.net/dictionary_attacks_current.txt
Banned
IP Addresses - glodev.com/bannedips.php
Fight
Comment Spam, Ban IP's - www.gearhack.com/Articles/FightSpam/
UCE
Protect - www.uceprotect.net/
De-routed
IP Addresses - www.albury.net.au/netstatus/derouted.html
Networks
blocked by Erol's - users.erols.com/abuse/block4.html
Greens.org
tcprules list for SMTP - web.greens.org/etc/r.txt
Easystreet
banned IP addresses - support.easystreet.com/abuse/banned_ip.html
spammers ip address and
net blocks for free - spamips.4t.com/
UBE (Spam) Control
Measures at MSN TV - info.webtv.net/spam/
Blocked
Sites -- by IP Address - www.krusty-motorsports.com/blocked-by-ip.html
Sites
abused by spammers - utcc.utoronto.ca/abuse/antispam-stuff/rc.ipacl
- route config
The
Foxhole's Blocklists - www.the-foxhole.org/block.htm
Asuka
Network Service Reject Client - mercury.asuka.ne.jp/filters/reject_client
- mainly Japanese ranges
List
of blocked SMTP
clients - www.cs.uu.nl/technical/services/email/SPAMclients.php
TaNET Anti
Spam - 140.111.1.22/tanet/spam.html
IP
addresses not welcome at rhyolite.com - www.rhyolite.com/anti-spam/ipaddrs.html
XBL
- ftp://erik.selwerd.nl/erik/xbl/000000.bz2
spam block list
for btfh.net - https://mail.btfh.net/spam.txt
Beergoggles
Blocklist - members.cox.net/beergoggles/blocklist/
ImproWare spam
list - antispam.imp.ch/spamlist
Mainsleazespam
master list - mainsleazespam.com/iptables/Block-CIDR-MasterList.html
Cyber-TA
Highly Predictive Blacklisting - www.cyber-ta.org/releases/HPB/
J-Security
Center Top 100 Anti-Spam Blacklist - www.juniper.net/security/spam/
Autonomous Systems are groups of machines and routers that can be considered by the rest of the Internet to be one unit, as far as routing goes. By blocking an Autonomous System Number (ASN) you may block large numbers of machines in a network without having to track any new IP addresses routed by that ASN.
Bogus
AS Advertisements - www.cidr-report.org/as2.0/bogus-as-advertisements.html
Bogus
ASN Report - www.cymru.com/BGP/asnbogusrep.html
Spam
by ASN - utcc.utoronto.ca/~cks/space/blog/spam/SpamByASN
Add
X-ASN header - linuxmafia.com/~karsten/Download/procmail-asn-header
Where
does your spam come from? - matthias.leisi.net/archives/176-Where-does-your-spam-come-from.html
ASGEO - asgeo.netlantis.org/
Generally these consist of a single-line record list of blacklisted domains seen in the MAIL FROM or envelope-sender of incoming spam. Some give reasons, some don't. Domain blacklists will usually be effective against persistent spammers who have delusions that they are legitimate. Spammers who are fully aware that what they are doing is not legitimate will routinely change the sender address, so domain based blacklists will be less effective; steps to make domain blacklists effective again include session verification (such as SPF) and message verification (such as DomainKeys). Domain lists can also be used to filter messages based on the domains seen in URLs.
Right-Hand Side (RHS) Blackhole Lists are a special case of domain lists which can be queried using DNS.
By looking up the reverse DNS of connecting smtp clients, and matching the result against lists of dynamic DNS zones, it is possible to block access by dialups.
Generic
regular expressions for popular naming conventions - www.ddf.net/spam/bad_relays.txt
Dialup
zones - www.sdsc.edu/~jeff/spam/dialup_zones.txt
Dialup
lines zones - www.mousetrap.net/access/access.dialup
Dialup
rDNS - home.comcast.net/~mcwebber/blocking.txt
DSL_stoplist
- www.opennet.ru/dev/spam_check/dsl_stoplist.txt
Dynamic
IP addresses - www.joewein.de/sw/spam-dynip.htm
smtpd
patterns - ftp://ftp.rodents.montreal.qc.ca/mouse/misc/mail/smtpd.patterns
End
user spam sources - www.ecr6.ohio-state.edu/htbin/list_pmdf_mapping/end_users,spam_sources
Reynolds
DDN List - dnsbl.net.au/rddn/reynolds.ddn.list.txt
Dynamic
Regular Expression Anti-Spam Tools - www.linuxmagic.com/opensource/anti_spam/dynamic_regex
Dialup
nets - users.aber.ac.uk/auj/spam/dialupnets.txt
DialIP
hostname Perl filter - users.aber.ac.uk/auj/spam/DialIP.pm.txt
This suggestion from DNSBL.NET.AU would simplify blocking by rDNS:
Reverse
DNS
RFC - dnsbl.net.au/rdts/r-dns.rfc.php
Free
email provider domains - www.joewein.de/sw/spam-freemailer.htm
Wikimedia
spam blacklist - meta.wikimedia.org/wiki/Spam_blacklist
Domains
for senders of "Nadine" email - www.honet.com/Nadine/Envelope-Senders.htm
Easystreet.com
banned domains - support.easystreet.com/abuse/banned_domains.html
Texas.net
Spam Filter List - lonestar.texas.net/helpdesk/spamfilter.html
Free
and Nearly Free Mail Providers - www.rhyolite.com/anti-spam/freemail.html
Unwelcome
Mail Domains - www.rhyolite.com/anti-spam/unwelcome.html
Peace
Region Internet Society spammers list - www.pris.bc.ca/pris/prisinfo/aboutsys/spam.html
Current
Spam List - www.benjammin.net/www/pages/home/cgi-bin/spam-list
Hostasaurus
companies currently being blocked completely - www.hostasaurus.com/spamblock.php
Carl.net
Access List - www.carl.net/spam/access.txt
Roestock
email filter domains - www.roestock.demon.co.uk/emailfilter/domain.txt
sol4.net spam
blocks - sol4.net/spam_blocks.shtml
Stearns.org
domains blacklist - www.sa-blacklist.stearns.org/sa-blacklist/sa-blacklist.current.domains
Ddf.net spam
rhsbl - www.ddf.net/spam/rhsbl.txt
Filterlists
domain names - geocities.com/filterlists/domainnames.txt
Free
providers slow to remove drop-boxes - www.river.com/ops/spam/slum-domains.txt
River.com
bad domains - www.river.com/ops/spam/bad-domains.txt
Spam
domain blacklist (filtered by jwSpamSpy) - www.joewein.de/sw/blacklist.htm
Jeffs_Black_List
- www.smallevolution.com/sendmail.access
Pocomail
junk mail filtering banned senders - www.duntemann.com/junksender.txt
Mail4me
domain deny list - www.tt.tuat.ac.jp/mail4me/deny-domlist.txt
Chinese
domains - www.mousetrap.net/access/access.cn/
John
Bokma's blacklist - johnbokma.com/spam/blacklist.txt
Liste
der geblockten Domains - www.iwadis.de/support/e_mail_filter/198.asp
Sput.nl
domain blacklist - www.sput.nl/spam/blacklist.html
Sol4.net
spam domains - sol4.net/downloads/spam_domains
PCTelecom.us
known spam list - www.pctelecom.us/BANLIST.htm
Taz.net.au
spam domains - taz.net.au/Mail/SpamDomains
Linetap.com
unwanted addresses - linetap.com/linetaphelp/Ourspamlist.htm
Wpa.net repeat
spammers - www.wpa.net/spamtest.html
Wikimedia
spam blacklist - meta.wikimedia.org/wiki/Spam_blacklist
Backscatterers
- www.backscatterers.com/
Spamtrackers
spam domains - spamtrackers.eu/feeds/domains/spamdomains.rss
FiveandDime
access list - www.fiveanddime.net/ss/etc-mail-access.html
A mix of both IP and domain name blacklists. These are often Sendmail access lists (/etc/mail/access).
Vortex
Technology E-Mail block list - www.vortex.com/mailblock.html
Hermes Group
DNSBL - hermes-grp.com/spammers/
IA
State access list - www.mesoscale.iastate.edu/spam/access
Channel1.com
reject list - www.channel1.com/support/spammers
Electric Eye
Ultimate Banned List - electriceye.net/banned/
Bob's Block
List - www.unixhub.com/block.html
Rangenet.com
access list - mesabi.rangenet.com/accesslist.txt
Mousetrap.net
access list - www.mousetrap.net/access/access.companies
Jan
Moesen access list - jan.moesen.nu/code/server/sendmail/sendmail-anti-spam-access-db
Utoronto.ca
hosts deny list - utcc.utoronto.ca/abuse/antispam-stuff/hosts.deny-smtp
Birl's
blacklist for sendmail - concept.temple.edu/sysadmin/sendmail_blacklist.shtml
Useful if you're doing a full-text filter of your spam headers.
Uwaterloo.ca
spammers - ist.uwaterloo.ca/~reggers/spammers/spammers
Nitwit.com
spammers - nitwit.com/spam/spammers.txt
Toasted Spam
deny list - www.toastedspam.com/denylist
Med TechNet
blocked list - www.medtechnet.com/smtpd.txt
West-point.org
access list - www.west-point.org/publications/access.txt
Rain.com
access list - www.scn.rain.com/pub/network/anti-spam/SPAM
Mousetrap.net
access lists - www.mousetrap.net/access/
chux0r's
sendmail access list - chux0r.org/code/access.deny
Kom.com
access list - www.kom.com/spam/access.txt
It is possible to block email based on the envelope sender in an SMTP session. Using this method can be very unreliable if you are too specific, since it is trivial for a spammer to forge a new envelope sender address in his next spam; you should only use email lists to block spam if you know that the address is repeatedly used for deliveries.
Krusty-motorsports.com
sender reject list - www.krusty-motorsports.com/sender_reject
- see: Blocked
Sites
Spammers
list - www.nyx.net/~shrao/spammers.shtml
Taz.net.au
spammers - taz.net.au/Mail/Spammers
Dale
Forsyth spam list - members.tripod.com/dale_forsyth/spam.zip
Asuka
Networks reject sender - mercury.asuka.ne.jp/filters/reject_sender
Ohio
State envelope sender spam - www.ecr6.ohio-state.edu/htbin/list_pmdf_mapping/env_from_spam
I5NET known
spammers - www.i5net.net/stop_spam.htm
Tech2U
Banned Email List - www.tech2u.com.au/member/banned_list.html
MailWasher
blacklisted emails - www.w5hq.com/MailWasher/Blacklist.txt
Roestock
email rejects - www.roestock.demon.co.uk/emailfilter/emails.txt
Linuxbrit.co.uk
spammers list - linuxbrit.co.uk/downloads/spammers
Hu-berlin
blocked addresses - www2.informatik.hu-berlin.de/rbg/no_access.html
163.com
blacklist - corpmail.163.com/blacklist.htm
Unixsol
bad mail from - georgi.unixsol.org/programs/spam-filters/badmailfrom
mail4me
deny from list - www.tt.tuat.ac.jp/mail4me/deny-from.txt
UAF
spammers - www.sfos.uaf.edu/tech/spammers.php
Canadaemails.com
blocked emails - www.canadaemails.com/blocked.txt
Mlc.net kill list
- home.mlc.net/kill.txt
Monkeybrains.net
access list - mail.monkeybrains.net/SPAM_DOMAIN.txt
Mail4Me
From deny list - www.tt.tuat.ac.jp/mail4me/deny-from.txt
Mail4Me
Reply-To deny list - www.tt.tuat.ac.jp/mail4me/deny-reply-to.txt
Mail4Me
To deny list - www.tt.tuat.ac.jp/mail4me/deny-to.txt
Mail4Me
User deny list - www.tt.tuat.ac.jp/mail4me/deny-user.txt
Hewbert.com
access list - www.hewbert.com/confs/archive/server/postfix/access
Invision
Graphics spam list - www.invision-graphics.com/referral_spam_spamemails.html
Content Filters use characteristics of the content of spam to filter it out.
Sendmail
ruleset checks - www.bpfh.net/computing/docs/anti-spam/
QMail
badheaders - www.flame.org/qmail/badheaders
Chinese/Korean
header filters - www.okean.com/antispam/headers.html
Treetop.to
header list - www.treetop.to/pub/pick-spam
Mail4Me
Message-ID deny list - www.tt.tuat.ac.jp/mail4me/deny-mid.txt
Mail4Me
Received deny list - www.tt.tuat.ac.jp/mail4me/deny-received.txt
Filterlists
subject lines - geocities.com/filterlists/subject.txt
Voytech.com
spammer subject lines - www.voytech.com/spam_filter.htm
Mail4Me
Subject deny list - www.tt.tuat.ac.jp/mail4me/deny-sublist.txt
Top
10 spam subject lines - www.mcafee.com/us/threat_center/anti_spam/spam_top10.html
By filtering on reverse DNS patterns used by dialups in email headers an email filter can filter based on previous SMTP session information.
Some older and more badly written spamware packages use a distinctive X-Mailer header to identify themselves, and so self-extinguish their mail. Take care when using X-Mailer blacklists, since several spamware packages pretend to be other mailers; Ritlabs' The Bat! is a well-known case of this.
Bad
X-Mailer list - www.reedmedia.net/misc/mail/bad-x-mailer
JCA-NET
X-Mailer blacklist - apply.jca.apc.org/mail/rejectmailer.phtml
Deny
list in X-Mailer - www.tt.tuat.ac.jp/mail4me/deny-mua.txt
Bogus
Virus Warnings - www.timj.co.uk/linux/sa.php
- SpamAssassin
Bogus
antivirus warning Header Checks - www.t29.dk/antiantivirus.txt
- Postfix
Messages that
report a virus incident - std.dkuug.dk/keld/virus/
- Postfix
Virus-bounce
ruleset - taint.org/xfer/2005/vbounce2.cf
- SpamAssassin
Compuweb
Phrases - compuweb.com/phrase-list.txt
Mail4Me
deny list in body - www.tt.tuat.ac.jp/mail4me/deny-body.txt
Nigerian
419 phrases - taz.net.au/Mail/body_checks.nigerian
Body
check phrases - taz.net.au/Mail/body_checks.phrases
Body
check porn phrases - taz.net.au/Mail/body_checks.porn.phrases
MSRBL-spam
- www.msrbl.com/msrbl-spam
- ClamAV
signatures
MSRBL-images
- www.msrbl.com/msrbl-images
- ClamAV
signatures
URL
Domain Black List - compuweb.com/url-domain-bl.txt
AbuseBulter
Spamvertised URLs - spamvertised.abusebutler.com/
Blog/Wiki Spammers
- spammers.chongqed.org/
Chongqed spam
blacklist - blacklist.chongqed.org/
Spam
List - hem.passagen.se/kmn_asrg/spamlist.txt
Domains found
within URI - www.passwall.com/uri.txt
- SpamAssassin
Body
Checks - www.trado.hu/downloads/body_checks
taz.net.au
body domains - taz.net.au/Mail/body_checks.domains
taz.net.au
body IPs - taz.net.au/Mail/body_checks.ip-addresses
SpamAssassin rules
for subdomain spam - nospam.mailpeers.net/
- SpamAssassin
URL Blacklist
- ub.edithere.com/
URLBlacklist
- urlblacklist.com/
FWI
Phishing URL Data Feed - www.fraudwatchinternational.com/business/phishing-url-database/
Realtime
Phishing Site Monitor - phishery.internetdefence.net/rtmonitor.cgi
Phish
Tracker - www.dslreports.com/phishtrack
Telephone
numbers found in spam and other junk mail - www.znet.com/filtered-phones.html
Phone numbers
found in message bodies - www.passwall.com/phone.txt
- SpamAssassin
Phone
number spam - www.joewein.de/sw/spam-phone-numbers.htm
Spammers'
Tollfree Numbers - fantomaster.com/_spam800list-01.fan
Schulte.org
checks - mx.schulte.org/cgi/header-body-checks.cgi
The
Weekly Spam Report - www.netwhatever.com/SpamReport/myfilters.html
Kernel.org
majordomo taboos - vger.kernel.org/majordomo-taboos.txt
Stearns.org
spam traits - www.stearns.org/razor-caching-proxy/spam-traits
MailWasher
Filters - www.w5hq.com/MailWasher/MailWasherFilters.txt
Kiriasse.fr
antispam rules - www.kiriasse.fr/antispam.txt
Regular
expressions to reject - web.abnormal.com/~thogard/sendmail/filters
K9 E-mail
Blacklist - www.edcottrell.com/k9.cfm
Monkeybrains.net
header regex filters - mail.monkeybrains.net/REGEX.txt
These filters can be used directly with SpamAssassin. Users of different packages might still find these useful.
SpamAssassin
Custom Rulesets - wiki.apache.org/SpamAssassin/CustomRulesets
A
Guide to Writing your own Rules for SpamAssassin - www.intuitive.com/spam-assassin-rule-help.html
Writing
your own SpamAssassin rules - home.comcast.net/~mkettler/sa/SA-rules-howto.txt
The
Life of a SpamAssassin Rule - taint.org/2005/08/06/024026a.html
SpamAssassin
Rules Emporium - www.rulesemporium.com/
Jennifer's
Sets - www.emtinc.net/spamhammers.htm
Japanese
SpamAssassin Rules - tlec.linux.or.jp/docs/user_prefs
SpamAssassin
cookbook - johnbokma.com/spam/SpamAssassin-cookbook.html
The
anti-drug “pill spam” ruleset - mysite.verizon.net/mkettler_sa/antidrug.cf
SpamAssassin
Blacklists - www.sa-blacklist.stearns.org/sa-blacklist/
Frenglish
SpamAssassin Rules - maxime.ritter.eu.org/Spam/
Passwall
Domains SpamAssassin blacklist - www.passwall.com/blacklist.txt
Jon
Tai's Custom Rules for SpamAssassin - jon.tgpsolutions.com/projects/sarules/
Grayonline Rules
- files.grayonline.id.au/
CCERT
Anti-spam Team Chinese rules - www.ccert.edu.cn/spam/sa/Chinese_rules.htm
MIME
validation - www.nospamtoday.com/download/mime_validate.cf
Hebrew
SpamAssassin Rules - www.deltaforce.net/hebrewspam/
Spam-Assassin
Regelsets - antispam.imp.ch/02-saregeln.html
Sober
CME-681 SpamAssassin Rules - ian.blenke.com/projects/spamassassin/cme-681
OpenProtect's
SpamAssassin sa-update channel - saupdates.openprotect.com/
These filters can be used directly with Postfix. Users of different packages might still find these useful.
Infinitejazz.net
header checks - www.infinitejazz.net/will/geek/header_checks.txt
Colino.net
header checks - www.colino.net/postfix/header_checks
Asuka
Networks header checks - mercury.asuka.ne.jp/filters/header_check_regex
Mecreant
header checks - www.mecreant.org/header_checks
Dredel.com
header checks - www.dredel.com/docs/header_checks
Aix
University header checks - reseau.univ-aix.fr/doctech/postfix/header_checks
Utrecht
University header checks - www.cs.uu.nl/technical/services/email/SPAMheaders.php
Asuka
Networks body checks - mercury.asuka.ne.jp/filters/body_check_regex
WSRCC Spam
Fighting - www.wsrcc.com/spam/
These filters can be used directly with Procmail. Users of different packages might still find these useful. For procmail recipes used in conjunction with other applications see Procmail Client Side Spam Filters. A primer for writing procmail rules is at Procmail Quick Start.
Rick's
Black Hole List - www.leirtech.com/rick/dot_procmailrc.html
Telebyte.com
stop spam - www.telebyte.com/stopspam/
Timo's
procmail tips and recipes - lipas.uwasa.fi/~ts/info/proctips.html#spam
City-fan.org
spam filter - www.city-fan.org/ftp/contrib/mail/spamfilter/
Linuxbrit
procmailrc - linuxbrit.co.uk/downloads/dot.procmailrc
Jamie
Wilkinson's .procmailrc - spacepants.org/conf/dot.procmailrc
spam/tag-contents
"procmailrc" - www.insanityunlimited.com/projects/procmail/chop-contents
Tril's
procmailrc - tril.tunes.org/dot-pmrc-spam
Dotfiles.com
procmailrc files - www.dotfiles.com/?app_id=12
pi's
.procmailrc - piology.org/.procmailrc.html
Ram
Samudrala's procmailrc - www.ram.org/ramblings/philosophy/spam/rams_dot_procmailrc
Seegras
procmailrc - seegras.discordia.ch/Programs/Resources/dot.procmailrc
Colas
Nahaboo Anti-Spam personal procmail rules - old.koalateam.com/ftp/pub/spam-filters/colas
Cynthia's
Anti-Spam Procmail Filter - www.iosphere.net/~cynthb/frames/spamfilter.html
Various clever (and 'alternative') ways to filter spam that
don't fit in elsewhere.
Distributed
Checksum Clearinghouse (DCC) - www.rhyolite.com/dcc/
Spamabwehr
- spamabwehr.sakrak.net/
SSPBL - sspbl.tripod.com/
- see the “XR Faq”: 1
2
Blacklist
of Internet Advertisers - www.non.com/news.answers/advertisers-blacklist.html
Spam
Friendly Carriers/ISPs - www.uoregon.edu/~joe/spam-friendly-carriers.html
SWINOG
URIBL whitelist - antispam.imp.ch/swinog-uribl-whitelist.txt
SWINOG
DNSRBL whitelist - antispam.imp.ch/swinog-dnsrbl-whitelist
Distributed
Checksum Clearinghouse email whitelist - www.rhyolite.com/anti-spam/dcc/dcc-tree/homedir/whitecommon
Greylisting.Org
Whitelisting - www.greylisting.org/whitelisting.shtml