An entity called McFadden Associates had been publishing two different, spamtrap-driven DNSBL zones starting from October 2003. Almost ten years later, it appears that these blocklist zones are no more.
The McFadden CSMA blocking list encompassed two different DNSBL zones.
The primary zone, bl.csma.biz, contained only "aggressive" hosts that
have spammed repeatedly during a short (recent) timeframe. An additional
zone, sbl.csma.biz, had a broader listing criteria, noted by
the publisher as more suitable for scoring in a filtering system than
outright blocking.
As of January 2013, querying either zone will result in a false positive
response, showing that an IP address is blocked, due to a wildcard DNS
entry. This means that you should immediately stop using either DNSBL in
your spam blocking configuration, otherwise you will reject all inbound
mail, legitimate or not.
It's fairly common for a list, when dying, to intentionally or
un-intentionally "list the world," answering any DNS lookup request with
what amounts to a "yep, that's blocked" response. This regularly causes
problems for unsuspecting email system administrators who may still be
querying blocking lists that are now out of commission. That's why it's
important to periodically review your inbound mail server's
configuration to revisit what DNSBL lists you might be using and whether
or not it makes sense to continue to use them.
In this
case, these lists are no more, and should be removed from any mail
server configurations where they may still linger.
I've
reached out to the one-time publisher of these lists, and I will
follow up with more information if he's able to provide more details.
All about DNSBLs, aka blocklists/blacklists // Since 2001 // Published by Al Iverson
Thanks for visiting! Remember that nowadays, (most) blocklists don't really govern deliverability and inbox placement. Want to learn more about email marketing best practices, email technology, and deliverability troubleshooting? Then you'll want to check out my other site, Spam Resource. |
Status of rfc-ignorant.org: SHUTTING DOWN
One-time Yahoo administrator Derek Balling has announced that the RFC Ignorant blocking list is being shut down. This blocking list had existed since at least late 2001. Its listing criteria including things like not having an "abuse" or "postmaster"address that accepted mail. Listing criteria didn't necessarily overlap with the generally accepted criteria for fighting spam, so my guess is that this blocking list's lack of usefulness as a spam fighting tool had finally diminished past the point of no useful return. As Derek himself says, "the usefulness of a DNSBL is greatly diminished," and of the old hardware running the service, "the value proposition just isn't there."
I blogged about the RFC Ignorant blocking list back in 2006.
I blogged about the RFC Ignorant blocking list back in 2006.
Labels:
dead dnsbls,
derek balling; rfc-ignorant,
dnsbl
Status of blackholes.five-ten-sg.com: DEAD
The "Fiveten" Blocklist (blackholes.five-ten-sg.com) was a combination anti-spam blocking list run by Carl Byington, publishing under
the name of "510 Software Group." This blocking list has been available since at least February, 2001, and it appears to have been retired as of April 2012.
As of late April, 2012, any attempt to look up an entry on the list results in output indicating that "The blackholes.five-ten-sg.com list is retired. No ip address is listed here." Meaning, the list is no longer in operation.
I had previously written about this list back in October, 2007, and my 2007-2008 DNSBL statistics project data showed that the list may not be suitable for broad production use if one wishes to receive requested email messages. The list has been up and down at various other times, most recently being taken offline for a period in November 2010.
(Hat tip: Word to the Wise)
As of late April, 2012, any attempt to look up an entry on the list results in output indicating that "The blackholes.five-ten-sg.com list is retired. No ip address is listed here." Meaning, the list is no longer in operation.
I had previously written about this list back in October, 2007, and my 2007-2008 DNSBL statistics project data showed that the list may not be suitable for broad production use if one wishes to receive requested email messages. The list has been up and down at various other times, most recently being taken offline for a period in November 2010.
(Hat tip: Word to the Wise)
DNSWL.org Announces Changes
Whitelist provider DNSWL.org announced changes to its operating model. Who is DNSWL.org? "Dnswl.org is the leading whitelist provider for email filtering. It is being used by over 50'000 organisations worldwide, and contains close to 100'000 entries of 'good mailservers.' Your email filter should try to avoid tagging messages as spam, if they come from one of those good mailservers."
As announced on their website and on multiple mailing lists today: "As announced earlier, dnswl.org will change it's operating model. "Heavy users" (defined as those doing > 100'000 queries/24 hours on the public nameservers) and vendors of anti-spam products and services will need a paid subscription.
We are now ready to implement the model and will gradually start to enforce it. Since we do not know the current users (all we have are IPs and sometimes hostnames), we will also need to "cut off" users if our attempts at identifying and notifying them fail.
The "cut off" may have two of effects: 1) rsync suddenly stops working 2) queries on the public nameservers are refused. We may be able to reinstate access on a case by case basis.
As usual, we can be reached at admins/at/dnswl.org (or office/at/dnswl.org for direct access to the people handling the subscriptions). All details are available from http://www.dnswl.org/ "
As announced on their website and on multiple mailing lists today: "As announced earlier, dnswl.org will change it's operating model. "Heavy users" (defined as those doing > 100'000 queries/24 hours on the public nameservers) and vendors of anti-spam products and services will need a paid subscription.
We are now ready to implement the model and will gradually start to enforce it. Since we do not know the current users (all we have are IPs and sometimes hostnames), we will also need to "cut off" users if our attempts at identifying and notifying them fail.
The "cut off" may have two of effects: 1) rsync suddenly stops working 2) queries on the public nameservers are refused. We may be able to reinstate access on a case by case basis.
As usual, we can be reached at admins/at/dnswl.org (or office/at/dnswl.org for direct access to the people handling the subscriptions). All details are available from http://www.dnswl.org/ "
Spews.org Domain Expired
Thanks for Joe Sniderman for the tip that the domain spews.org has expired and was grabbed up by somebody that appears to be a domain speculator or parked domain monetizer. The SPEWS blocking list is long-dead, since August, 2006.
Subscribe to:
Posts (Atom)