Long-standing (though not very accurate) blacklist APEWS seems to be down for the count. Their website at www.apews.org has been down for more than a week now, according to reader Steven, who contacted me a few days ago. I last visited the APEWS website a few weeks ago, just curious if it was still out there, and it was up back then.
The APEWS zone files are hosted by third-parties, and my tests show them as still responding. However, their information is likely to grow out of date, as they're probably unable to update the data, provided by APEWS, that fills those blacklist zones.
My recommendation to mail administrators is to stop using APEWS. But then again, was anybody using APEWS recently, anyway?
If you find yourself blacklisted by APEWS, here's what to do.
Status of APEWS: Down
Posted by
Al Iverson
on Tuesday, August 10, 2010
Labels:
apews,
dead dnsbls,
dnsbl
/
Status of ybl.megacity.org: DEAD
Posted by
Al Iverson
on Wednesday, March 31, 2010
Labels:
dead dnsbls,
ybl.megacity.org
/
There once was a DNSBL called ybl.megacity.org. Exactly when it was created is lost to the mists of time, but I'm guessing it was somewhere around the end of 2001 or beginning of 2002, after its maintainer, Derek Balling, parted ways with Yahoo. I recall that the point of the blacklist was to be able to reject mail from Yahoo.
Today, reader John Carver kindly wrote in to let me know that this blacklist is indeed defunct and has "listed the world," installing a wildcard DNS record with the result that if you use ybl.megacity.org in your mail server configuration, you're going to reject 100% of your mail. Query of any domain or IP address under ybl.megacity.org will result in a "127.0.0.2" positive response, that will make a mail server think it should reject the email message in question.
If you use ybl.megacity.org as a blacklist in your mail server configuration, I strongly recommend you remove it immediately. The list is long dead, and use of the list will result in you accidentally rejecting 100% of inbound mail.
As recently as 2006, the DNSBL also responded with text warning that it was defunct: "521 The IP is Blacklisted by ybl.megacity.org. This zone has been deprecated for about two years. Maybe if it starts blocking your mail you'll notice and stop using it." This is no longer the case; the text record does not seem to be present.
See also the Ipswitch ImailServer knowledge base article on this topic.
Today, reader John Carver kindly wrote in to let me know that this blacklist is indeed defunct and has "listed the world," installing a wildcard DNS record with the result that if you use ybl.megacity.org in your mail server configuration, you're going to reject 100% of your mail. Query of any domain or IP address under ybl.megacity.org will result in a "127.0.0.2" positive response, that will make a mail server think it should reject the email message in question.
If you use ybl.megacity.org as a blacklist in your mail server configuration, I strongly recommend you remove it immediately. The list is long dead, and use of the list will result in you accidentally rejecting 100% of inbound mail.
As recently as 2006, the DNSBL also responded with text warning that it was defunct: "521 The IP
Beware: "Fake" Blacklist at nszones.com
Posted by
Al Iverson
Labels:
dnsbl,
fake dnsbl,
nszones.com,
spamhaus
/
Spamhaus reports that they have "uncovered a fake spam filter company which was pirating and selling DNSBL data stolen from major anti-spam systems including Spamhaus, CBL and SURBL, republishing the stolen data under the name 'nszones.com.'"
Ouch. I guess if you publish a free or easily accessed spam filtering tool, it is inevitable that at some point somebody would try to take the data and repackage it against copyright and against the data owner's wishes.
If you find yourself listed on this blacklist; don't fret. If what Spamhaus says is true (and I have little reason to doubt them), then this list is not really being used to block email. (And should not be used to block email.) Ignore it, stay listed, and eventually they'll move on to easier targets.
If you're a system administrator, DO NOT use any of the blacklists at nszones.com for spam filtering purposes. As its intent may not be above-board, I would have strong concerns about the possibility of listing things only to engender a payment for delisting -- for reasons having nothing to do with spam fighting.
Ouch. I guess if you publish a free or easily accessed spam filtering tool, it is inevitable that at some point somebody would try to take the data and repackage it against copyright and against the data owner's wishes.
If you find yourself listed on this blacklist; don't fret. If what Spamhaus says is true (and I have little reason to doubt them), then this list is not really being used to block email. (And should not be used to block email.) Ignore it, stay listed, and eventually they'll move on to easier targets.
If you're a system administrator, DO NOT use any of the blacklists at nszones.com for spam filtering purposes. As its intent may not be above-board, I would have strong concerns about the possibility of listing things only to engender a payment for delisting -- for reasons having nothing to do with spam fighting.
SURBL Announces New Experimental Blacklist
Posted by
Al Iverson
on Thursday, December 10, 2009
Labels:
domain blacklists,
snowshoe spam,
surbl
/
Today, the team behind the SURBL domain blaclists announced a new, experimental blacklist: xs.surbl.org.
As announced on the SURBL-Announce list: "An experimental source of some snowshoe and pill domains is now being published in xs.surbl.org. SURBL considers this feed to be experimental and would very much welcome feedback about it, particularly about any false positives. Does anyone know anyone who actually wants to receive snowshoe messages?"
You can read the entire announcement here.
As announced on the SURBL-Announce list: "An experimental source of some snowshoe and pill domains is now being published in xs.surbl.org. SURBL considers this feed to be experimental and would very much welcome feedback about it, particularly about any false positives. Does anyone know anyone who actually wants to receive snowshoe messages?"
You can read the entire announcement here.
Status of dnsbl.karmasphere.com: SHUTTING DOWN
Posted by
Al Iverson
on Monday, November 02, 2009
Labels:
dead dnsbls,
karmasphere
/
As messaged to the Karmasphere-Users and Karmasphere-Announce mailing lists, the Karmasphere Reputation Services data feeds are being retired. This means that the associated blacklist(s), including the karmasphere.email-sender.dnsbl.karmasphere.com DNSBL zone, and any other DNSBL/DNSWL zones under karmasphere.com. It is unclear to the author if karmasphere.org is similarly affected.
Karmasphere has indicated that the feed service will be discontinued on November 16, 2009. It's very important that all Karmasphere-using mail administrators remove any Karmasphere-hosted DNSBLs from their configuration before that date, else inbound receipt of legitimate email messages could be delayed or otherwise impacted.
For more information, click on over to Spam Resource to read a copy of the Karmasphere notice.
Karmasphere has indicated that the feed service will be discontinued on November 16, 2009. It's very important that all Karmasphere-using mail administrators remove any Karmasphere-hosted DNSBLs from their configuration before that date, else inbound receipt of legitimate email messages could be delayed or otherwise impacted.
For more information, click on over to Spam Resource to read a copy of the Karmasphere notice.
Status of rbl.cluecentral.net: DEAD
Posted by
Al Iverson
on Tuesday, October 13, 2009
Labels:
dead dnsbls,
rbl.cluecentral.net
/
The rbl.cluecentral.net DNSBLs were created in 2001 or 2002 by Sabri Berisha. The goal: To list "all known assigned IPv4 address space, by originating AS and by country. [This is based on] a full routing view is extracted daily from a router in the default free zone. The AS->country mapping is done via the statistics which are being provided by the four RIR's, ARIN, APNIC, LACNIC and RIPE."
Status of blackholes.us: DEAD
Posted by
Al Iverson
on Sunday, October 11, 2009
Labels:
blackholes.us,
dead dnsbls
/
Created by Matthew Evans in 2002, the goal of the blackholes.us site was "to create (yet more) DNS blocklists of spammers, spam supporting ISPs, spamware hosts, dialup networks, and other notorious email abusers originating in the United States." Matthew published many different DNSBL zones, listing various countries, ISPs, netblocks, etc.
Status of vox.schpider.com: DEAD
Posted by
Al Iverson
on Wednesday, October 07, 2009
Labels:
dead dnsbls,
vox.schpider.com
/
Scott Glassbrook writes: "I ran a dnsbl, vox.schpider.com many many years ago. I stopped the DNSBL back in June of 2006, and shut down the server it was running on.
Status of bl.open-whois.org: DEAD
Posted by
Al Iverson
on Tuesday, August 18, 2009
Labels:
dead dnsbls,
open-whois,
spamassassin
/
As of July, it looks like a popular blacklist used in default SpamAssassin installations is no more. Users were reporting false positive issues, where every message checked by SpamAssassin would receive a score of 2.43, supposedly due to the sender being listed in the blacklist bl.open-whois.org.
