Blacklists/Blocklists

Blacklists or blocklists are lists of IP addresses, domain names, email addresses or content of the headers or the body, or some combination of these different types, that can be used to help identify spam. A special subset of IP address and domain name lists exist which can be queried using DNS, which are called DNS Blackhole Lists or DNSBLs. Blacklists can be unverified and cause “collateral damage”; their criteria for listing may not be clear.

Those blacklists listed here are just a tiny subset of all of the private access lists and ACLs that exist to block spam from private networks; that larger set is the source of the death of a thousand cuts that any spam friendly provider should eventually experience. They may not have the clout of SPEWS, but they may last even longer.

About Blacklists and Whitelists
Blacklist Tools
IP Address Blacklists
ASN Blacklists
Domain Blacklists
IP and Domain Blacklists
IP, Domain, Email Blacklists
Email and Domain Blacklists
Content Filters
Other Blacklists
Whitelists

About Blacklists and Whitelists

Blacklist Tools

DNSBL and Blacklist Tools

IP Address Blacklists

These list by IP address alone. They vary hugely in format, from sendmail access.db to plain text lists.

DNS Blackhole Lists
Bogon, Hijacked & Zombie Networks
Country IP Blacklists
Focused IP Blacklists
Open Relay IP Blacklists
Dynamic IP Blacklists
Spamtrap IP Blacklists
Other IP Address Blacklists

DNS Blackhole Lists

DNS Blackhole Lists (DNSBLs) are a special case of IP address lists which can be queried using DNS.

DNS Blackhole Lists

Bogon, Hijacked & Zombie Networks

Bogons are IP address ranges (prefixes) that shouldn't be routable. See ASN blacklists for more.

Spamhaus Don't Route Or Peer (DROP) List - www.spamhaus.org/DROP/
Bogon Prefixes - www.team-cymru.org/Services/Bogons/
Internet Alert Registry - cs.unm.edu/~karlinjf/IAR/

Bogon, Hijacked & Zombie Network DNSBLs

ASN Blacklists

Autonomous Systems are groups of machines and routers that can be considered by the rest of the Internet to be one unit, as far as routing goes. By blocking an Autonomous System Number (ASN) you may block large numbers of machines in a network without having to track any new IP addresses routed by that ASN.

Bogus AS Advertisements - www.cidr-report.org/as2.0/bogus-as-advertisements.html
Bogus ASN Report - www.cymru.com/BGP/asnbogusrep.html
Spam by ASN - utcc.utoronto.ca/~cks/space/blog/spam/SpamByASN
Add X-ASN header - linuxmafia.com/~karsten/Download/procmail-asn-header
Where does your spam come from? - matthias.leisi.net/archives/176-Where-does-your-spam-come-from.html
ASGEO - asgeo.netlantis.org/

Routing Tools

Domain Blacklists

Generally these consist of a single-line record list of blacklisted domains seen in the MAIL FROM or envelope-sender of incoming spam. Some give reasons, some don't. Domain blacklists will usually be effective against persistent spammers who have delusions that they are legitimate. Spammers who are fully aware that what they are doing is not legitimate will routinely change the sender address, so domain based blacklists will be less effective; steps to make domain blacklists effective again include session verification (such as SPF) and message verification (such as DomainKeys). Domain lists can also be used to filter messages based on the domains seen in URLs.

RHS Blackhole Lists
Other Domain Blacklists

URL Blacklists

RHS Blackhole Lists

Right-Hand Side (RHS) Blackhole Lists are a special case of domain lists which can be queried using DNS.

RHS Blackhole Lists

Reverse DNS Blacklists

By looking up the reverse DNS of connecting smtp clients, and matching the result against lists of dynamic DNS zones, it is possible to block access by dialups.

Generic regular expressions for popular naming conventions - www.ddf.net/spam/bad_relays.txt
Dialup zones - www.sdsc.edu/~jeff/spam/dialup_zones.txt
Dialup lines zones - www.mousetrap.net/access/access.dialup
Dialup rDNS - home.comcast.net/~mcwebber/blocking.txt
DSL_stoplist - www.opennet.ru/dev/spam_check/dsl_stoplist.txt
Dynamic IP addresses - www.joewein.de/sw/spam-dynip.htm
smtpd patterns - ftp://ftp.rodents.montreal.qc.ca/mouse/misc/mail/smtpd.patterns
End user spam sources - www.ecr6.ohio-state.edu/htbin/list_pmdf_mapping/end_users,spam_sources
Reynolds DDN List - dnsbl.net.au/rddn/reynolds.ddn.list.txt
Dynamic Regular Expression Anti-Spam Tools - www.linuxmagic.com/opensource/anti_spam/dynamic_regex
Dialup nets - users.aber.ac.uk/auj/spam/dialupnets.txt
DialIP hostname Perl filter - users.aber.ac.uk/auj/spam/DialIP.pm.txt

This suggestion from DNSBL.NET.AU would simplify blocking by rDNS:

Reverse DNS RFC - dnsbl.net.au/rdts/r-dns.rfc.php

Dynamic DNSBLs

Other Domain Blacklists

Free email provider domains - www.joewein.de/sw/spam-freemailer.htm
Wikimedia spam blacklist - meta.wikimedia.org/wiki/Spam_blacklist
Domains for senders of "Nadine" email - www.honet.com/Nadine/Envelope-Senders.htm
Easystreet.com banned domains - support.easystreet.com/abuse/banned_domains.html
Texas.net Spam Filter List - lonestar.texas.net/helpdesk/spamfilter.html
Free and Nearly Free Mail Providers - www.rhyolite.com/anti-spam/freemail.html
Unwelcome Mail Domains - www.rhyolite.com/anti-spam/unwelcome.html
Peace Region Internet Society spammers list - www.pris.bc.ca/pris/prisinfo/aboutsys/spam.html
Current Spam List - www.benjammin.net/www/pages/home/cgi-bin/spam-list
Hostasaurus companies currently being blocked completely - www.hostasaurus.com/spamblock.php
Carl.net Access List - www.carl.net/spam/access.txt
Roestock email filter domains - www.roestock.demon.co.uk/emailfilter/domain.txt
sol4.net spam blocks - sol4.net/spam_blocks.shtml
Stearns.org domains blacklist - www.sa-blacklist.stearns.org/sa-blacklist/sa-blacklist.current.domains
Ddf.net spam rhsbl - www.ddf.net/spam/rhsbl.txt
Filterlists domain names - geocities.com/filterlists/domainnames.txt
Free providers slow to remove drop-boxes - www.river.com/ops/spam/slum-domains.txt
River.com bad domains - www.river.com/ops/spam/bad-domains.txt
Spam domain blacklist (filtered by jwSpamSpy) - www.joewein.de/sw/blacklist.htm
Jeffs_Black_List - www.smallevolution.com/sendmail.access
Pocomail junk mail filtering banned senders - www.duntemann.com/junksender.txt
Mail4me domain deny list - www.tt.tuat.ac.jp/mail4me/deny-domlist.txt
Chinese domains - www.mousetrap.net/access/access.cn/
John Bokma's blacklist - johnbokma.com/spam/blacklist.txt
Liste der geblockten Domains - www.iwadis.de/support/e_mail_filter/198.asp
Sput.nl domain blacklist - www.sput.nl/spam/blacklist.html
Sol4.net spam domains - sol4.net/downloads/spam_domains
PCTelecom.us known spam list - www.pctelecom.us/BANLIST.htm
Taz.net.au spam domains - taz.net.au/Mail/SpamDomains
Linetap.com unwanted addresses - linetap.com/linetaphelp/Ourspamlist.htm
Wpa.net repeat spammers - www.wpa.net/spamtest.html
Wikimedia spam blacklist - meta.wikimedia.org/wiki/Spam_blacklist
Backscatterers - www.backscatterers.com/
Spamtrackers spam domains - spamtrackers.eu/feeds/domains/spamdomains.rss
FiveandDime access list - www.fiveanddime.net/ss/etc-mail-access.html

IP and Domain Blacklists

A mix of both IP and domain name blacklists. These are often Sendmail access lists (/etc/mail/access).

Vortex Technology E-Mail block list - www.vortex.com/mailblock.html
Hermes Group DNSBL - hermes-grp.com/spammers/
IA State access list - www.mesoscale.iastate.edu/spam/access
Channel1.com reject list - www.channel1.com/support/spammers
Electric Eye Ultimate Banned List - electriceye.net/banned/
Bob's Block List - www.unixhub.com/block.html
Rangenet.com access list - mesabi.rangenet.com/accesslist.txt
Mousetrap.net access list - www.mousetrap.net/access/access.companies
Jan Moesen access list - jan.moesen.nu/code/server/sendmail/sendmail-anti-spam-access-db
Utoronto.ca hosts deny list - utcc.utoronto.ca/abuse/antispam-stuff/hosts.deny-smtp
Birl's blacklist for sendmail - concept.temple.edu/sysadmin/sendmail_blacklist.shtml

IP, Domain and Email Address Blacklists

Useful if you're doing a full-text filter of your spam headers.

Uwaterloo.ca spammers - ist.uwaterloo.ca/~reggers/spammers/spammers
Nitwit.com spammers - nitwit.com/spam/spammers.txt
Toasted Spam deny list - www.toastedspam.com/denylist
Med TechNet blocked list - www.medtechnet.com/smtpd.txt
West-point.org access list - www.west-point.org/publications/access.txt
Rain.com access list - www.scn.rain.com/pub/network/anti-spam/SPAM
Mousetrap.net access lists - www.mousetrap.net/access/
chux0r's sendmail access list - chux0r.org/code/access.deny
Kom.com access list - www.kom.com/spam/access.txt

Email Address or Domain (Mailfrom) Blacklists

It is possible to block email based on the envelope sender in an SMTP session. Using this method can be very unreliable if you are too specific, since it is trivial for a spammer to forge a new envelope sender address in his next spam; you should only use email lists to block spam if you know that the address is repeatedly used for deliveries.

Krusty-motorsports.com sender reject list - www.krusty-motorsports.com/sender_reject - see: Blocked Sites
Spammers list - www.nyx.net/~shrao/spammers.shtml
Taz.net.au spammers - taz.net.au/Mail/Spammers
Dale Forsyth spam list - members.tripod.com/dale_forsyth/spam.zip
Asuka Networks reject sender - mercury.asuka.ne.jp/filters/reject_sender
Ohio State envelope sender spam - www.ecr6.ohio-state.edu/htbin/list_pmdf_mapping/env_from_spam
I5NET known spammers - www.i5net.net/stop_spam.htm
Tech2U Banned Email List - www.tech2u.com.au/member/banned_list.html
MailWasher blacklisted emails - www.w5hq.com/MailWasher/Blacklist.txt
Roestock email rejects - www.roestock.demon.co.uk/emailfilter/emails.txt
Linuxbrit.co.uk spammers list - linuxbrit.co.uk/downloads/spammers
Hu-berlin blocked addresses - www2.informatik.hu-berlin.de/rbg/no_access.html
163.com blacklist - corpmail.163.com/blacklist.htm
Unixsol bad mail from - georgi.unixsol.org/programs/spam-filters/badmailfrom
mail4me deny from list - www.tt.tuat.ac.jp/mail4me/deny-from.txt
UAF spammers - www.sfos.uaf.edu/tech/spammers.php
Canadaemails.com blocked emails - www.canadaemails.com/blocked.txt
Mlc.net kill list - home.mlc.net/kill.txt
Monkeybrains.net access list - mail.monkeybrains.net/SPAM_DOMAIN.txt
Mail4Me From deny list - www.tt.tuat.ac.jp/mail4me/deny-from.txt
Mail4Me Reply-To deny list - www.tt.tuat.ac.jp/mail4me/deny-reply-to.txt
Mail4Me To deny list - www.tt.tuat.ac.jp/mail4me/deny-to.txt
Mail4Me User deny list - www.tt.tuat.ac.jp/mail4me/deny-user.txt
Hewbert.com access list - www.hewbert.com/confs/archive/server/postfix/access
Invision Graphics spam list - www.invision-graphics.com/referral_spam_spamemails.html

Content Filter Blacklists

Content Filters use characteristics of the content of spam to filter it out.

Header Filters
Body Filters
Headers and Body
SpamAssassin Filters
Postfix Filters
Procmail Filters

General Header Filters

Sendmail ruleset checks - www.bpfh.net/computing/docs/anti-spam/
QMail badheaders - www.flame.org/qmail/badheaders
Chinese/Korean header filters - www.okean.com/antispam/headers.html
Treetop.to header list - www.treetop.to/pub/pick-spam
Mail4Me Message-ID deny list - www.tt.tuat.ac.jp/mail4me/deny-mid.txt
Mail4Me Received deny list - www.tt.tuat.ac.jp/mail4me/deny-received.txt

Subject Line Blacklists

Filterlists subject lines - geocities.com/filterlists/subject.txt
Voytech.com spammer subject lines - www.voytech.com/spam_filter.htm
Mail4Me Subject deny list - www.tt.tuat.ac.jp/mail4me/deny-sublist.txt
Top 10 spam subject lines - www.mcafee.com/us/threat_center/anti_spam/spam_top10.html

Reverse DNS Blacklists

By filtering on reverse DNS patterns used by dialups in email headers an email filter can filter based on previous SMTP session information.

Reverse DNS Blacklists

X-Mailer Blacklists

Some older and more badly written spamware packages use a distinctive X-Mailer header to identify themselves, and so self-extinguish their mail. Take care when using X-Mailer blacklists, since several spamware packages pretend to be other mailers; Ritlabs' The Bat! is a well-known case of this.

Bad X-Mailer list - www.reedmedia.net/misc/mail/bad-x-mailer
JCA-NET X-Mailer blacklist - apply.jca.apc.org/mail/rejectmailer.phtml
Deny list in X-Mailer - www.tt.tuat.ac.jp/mail4me/deny-mua.txt

Bogus Virus Warning Content Filters

Bogus Virus Warnings - www.timj.co.uk/linux/sa.php - SpamAssassin
Bogus antivirus warning Header Checks - www.t29.dk/antiantivirus.txt - Postfix
Messages that report a virus incident - std.dkuug.dk/keld/virus/ - Postfix
Virus-bounce ruleset - taint.org/xfer/2005/vbounce2.cf - SpamAssassin

Bounces generated by Anti-Virus Software

Body Filters

General Body Filters
URL/URI Blacklists
Phishing Blacklists
Telephone Number Blacklists

URIBLs and Content Based DNSBLs

General Body Filters

Compuweb Phrases - compuweb.com/phrase-list.txt
Mail4Me deny list in body - www.tt.tuat.ac.jp/mail4me/deny-body.txt
Nigerian 419 phrases - taz.net.au/Mail/body_checks.nigerian
Body check phrases - taz.net.au/Mail/body_checks.phrases
Body check porn phrases - taz.net.au/Mail/body_checks.porn.phrases
MSRBL-spam - www.msrbl.com/msrbl-spam - ClamAV signatures
MSRBL-images - www.msrbl.com/msrbl-images - ClamAV signatures

URI/URL Blacklists

URL Domain Black List - compuweb.com/url-domain-bl.txt
AbuseBulter Spamvertised URLs - spamvertised.abusebutler.com/
Blog/Wiki Spammers - spammers.chongqed.org/
Chongqed spam blacklist - blacklist.chongqed.org/
Spam List - hem.passagen.se/kmn_asrg/spamlist.txt
Domains found within URI - www.passwall.com/uri.txt - SpamAssassin
Body Checks - www.trado.hu/downloads/body_checks
taz.net.au body domains - taz.net.au/Mail/body_checks.domains
taz.net.au body IPs - taz.net.au/Mail/body_checks.ip-addresses
SpamAssassin rules for subdomain spam - nospam.mailpeers.net/ - SpamAssassin
URL Blacklist - ub.edithere.com/
URLBlacklist - urlblacklist.com/

URIBLs and Content Based DNSBLs

Phishing Content Blacklists

FWI Phishing URL Data Feed - www.fraudwatchinternational.com/business/phishing-url-database/
Realtime Phishing Site Monitor - phishery.internetdefence.net/rtmonitor.cgi
Phish Tracker - www.dslreports.com/phishtrack

Telephone Number Blacklists

Telephone numbers found in spam and other junk mail - www.znet.com/filtered-phones.html
Phone numbers found in message bodies - www.passwall.com/phone.txt - SpamAssassin
Phone number spam - www.joewein.de/sw/spam-phone-numbers.htm
Spammers' Tollfree Numbers - fantomaster.com/_spam800list-01.fan

Header and Body Filters

Schulte.org checks - mx.schulte.org/cgi/header-body-checks.cgi
The Weekly Spam Report - www.netwhatever.com/SpamReport/myfilters.html
Kernel.org majordomo taboos - vger.kernel.org/majordomo-taboos.txt
Stearns.org spam traits - www.stearns.org/razor-caching-proxy/spam-traits
MailWasher Filters - www.w5hq.com/MailWasher/MailWasherFilters.txt
Kiriasse.fr antispam rules - www.kiriasse.fr/antispam.txt
Regular expressions to reject - web.abnormal.com/~thogard/sendmail/filters
K9 E-mail Blacklist - www.edcottrell.com/k9.cfm
Monkeybrains.net header regex filters - mail.monkeybrains.net/REGEX.txt

SpamAssassin Filters

These filters can be used directly with SpamAssassin. Users of different packages might still find these useful.

Writing SpamAssassin Filters
Custom SpamAssassin Filters

Writing SpamAssassin Filters

SpamAssassin Custom Rulesets - wiki.apache.org/SpamAssassin/CustomRulesets
A Guide to Writing your own Rules for SpamAssassin - www.intuitive.com/spam-assassin-rule-help.html
Writing your own SpamAssassin rules - home.comcast.net/~mkettler/sa/SA-rules-howto.txt
The Life of a SpamAssassin Rule - taint.org/2005/08/06/024026a.html

Custom SpamAssassin Filters

SpamAssassin Rules Emporium - www.rulesemporium.com/
Jennifer's Sets - www.emtinc.net/spamhammers.htm
Japanese SpamAssassin Rules - tlec.linux.or.jp/docs/user_prefs
SpamAssassin cookbook - johnbokma.com/spam/SpamAssassin-cookbook.html
The anti-drug “pill spam” ruleset - mysite.verizon.net/mkettler_sa/antidrug.cf
SpamAssassin Blacklists - www.sa-blacklist.stearns.org/sa-blacklist/
Frenglish SpamAssassin Rules - maxime.ritter.eu.org/Spam/
Passwall Domains SpamAssassin blacklist - www.passwall.com/blacklist.txt
Jon Tai's Custom Rules for SpamAssassin - jon.tgpsolutions.com/projects/sarules/
Grayonline Rules - files.grayonline.id.au/
CCERT Anti-spam Team Chinese rules - www.ccert.edu.cn/spam/sa/Chinese_rules.htm
MIME validation - www.nospamtoday.com/download/mime_validate.cf
Hebrew SpamAssassin Rules - www.deltaforce.net/hebrewspam/
Spam-Assassin Regelsets - antispam.imp.ch/02-saregeln.html
Sober CME-681 SpamAssassin Rules - ian.blenke.com/projects/spamassassin/cme-681
OpenProtect's SpamAssassin sa-update channel - saupdates.openprotect.com/

Postfix Filters

These filters can be used directly with Postfix. Users of different packages might still find these useful.

Postfix Header Checks
Postfix Body Checks
Postfix Header & Body Checks

Postfix Header Checks

Infinitejazz.net header checks - www.infinitejazz.net/will/geek/header_checks.txt
Colino.net header checks - www.colino.net/postfix/header_checks
Asuka Networks header checks - mercury.asuka.ne.jp/filters/header_check_regex
Mecreant header checks - www.mecreant.org/header_checks
Dredel.com header checks - www.dredel.com/docs/header_checks
Aix University header checks - reseau.univ-aix.fr/doctech/postfix/header_checks
Utrecht University header checks - www.cs.uu.nl/technical/services/email/SPAMheaders.php

Postfix Body Checks

Asuka Networks body checks - mercury.asuka.ne.jp/filters/body_check_regex

Postfix Header & Body Checks

WSRCC Spam Fighting - www.wsrcc.com/spam/

Procmail Filters

These filters can be used directly with Procmail. Users of different packages might still find these useful. For procmail recipes used in conjunction with other applications see Procmail Client Side Spam Filters. A primer for writing procmail rules is at Procmail Quick Start.

Rick's Black Hole List - www.leirtech.com/rick/dot_procmailrc.html
Telebyte.com stop spam - www.telebyte.com/stopspam/
Timo's procmail tips and recipes - lipas.uwasa.fi/~ts/info/proctips.html#spam
City-fan.org spam filter - www.city-fan.org/ftp/contrib/mail/spamfilter/
Linuxbrit procmailrc - linuxbrit.co.uk/downloads/dot.procmailrc
Jamie Wilkinson's .procmailrc - spacepants.org/conf/dot.procmailrc
spam/tag-contents "procmailrc" - www.insanityunlimited.com/projects/procmail/chop-contents
Tril's procmailrc - tril.tunes.org/dot-pmrc-spam
Dotfiles.com procmailrc files - www.dotfiles.com/?app_id=12
pi's .procmailrc - piology.org/.procmailrc.html
Ram Samudrala's procmailrc - www.ram.org/ramblings/philosophy/spam/rams_dot_procmailrc
Seegras procmailrc - seegras.discordia.ch/Programs/Resources/dot.procmailrc
Colas Nahaboo Anti-Spam personal procmail rules - old.koalateam.com/ftp/pub/spam-filters/colas
Cynthia's Anti-Spam Procmail Filter - www.iosphere.net/~cynthb/frames/spamfilter.html

Other Blacklists

Various clever (and 'alternative') ways to filter spam that don't fit in elsewhere.

Distributed Checksum Clearinghouse (DCC) - www.rhyolite.com/dcc/
Spamabwehr - spamabwehr.sakrak.net/
SSPBL - sspbl.tripod.com/ - see the “XR Faq”: 1 2
Blacklist of Internet Advertisers - www.non.com/news.answers/advertisers-blacklist.html
Spam Friendly Carriers/ISPs - www.uoregon.edu/~joe/spam-friendly-carriers.html

Whitelists

SWINOG URIBL whitelist - antispam.imp.ch/swinog-uribl-whitelist.txt
SWINOG DNSRBL whitelist - antispam.imp.ch/swinog-dnsrbl-whitelist
Distributed Checksum Clearinghouse email whitelist - www.rhyolite.com/anti-spam/dcc/dcc-tree/homedir/whitecommon
Greylisting.Org Whitelisting - www.greylisting.org/whitelisting.shtml

everything you didn't want to have to know about spam

Hosted by spam.abuse.net, with help from Neil Schwartzman. Domain registration by Gregg DesElms. Logo by Art101.

This work is licensed under a Creative Commons License. SPAM is a trademark of Hormel Foods.
Page last updated: 06-Feb-2010

Blacklists/Blocklists

About Blacklists and Whitelists

Blacklist Tools

IP Address Blacklists

DNS Blackhole Lists

Bogon, Hijacked & Zombie Networks

Country IP Blacklists

Focused IP Blacklists

Open Relay IP Blacklists

Dynamic IP Blacklists

Spamtrap IP Blacklists

HTTP Abuser IP Blacklists

Phishing Website IP Blacklists

Other IP Address Blacklists

ASN Blacklists

Domain Blacklists

RHS Blackhole Lists

Reverse DNS Blacklists

Other Domain Blacklists

IP and Domain Blacklists

IP, Domain and Email Address Blacklists

Email Address or Domain (Mailfrom) Blacklists

Content Filter Blacklists

Header Filters

General Header Filters

Subject Line Blacklists

Reverse DNS Blacklists

X-Mailer Blacklists

Bogus Virus Warning Content Filters

Body Filters

General Body Filters

URI/URL Blacklists

Phishing Content Blacklists

Telephone Number Blacklists

Header and Body Filters

SpamAssassin Filters

Writing SpamAssassin Filters

Custom SpamAssassin Filters

Postfix Filters

Postfix Header Checks

Postfix Body Checks

Postfix Header & Body Checks

Procmail Filters

Other Blacklists

Whitelists