Status of exitnodes.tor.dnsbl.sectoor.de: DEAD

As reported by Word to the Wise, the DNSBL at exitnodes.tor.dnsbl.sectoor.de seems to have gone extinct. Like has happened with other lists in the past, the domain now contains a wildcard DNS entry which is bad news for DNSBLs. This means that those folks who use this DNSBL to filter mail are going to get a match on every possible IP address in the world. Every possible IP address will show up as listed, even though it's not actually listed by the blocklist.

As a result, I strongly suggest that mail administrators stop using the exitnodes.tor.dnsbl.sectoor.de DNSBL immediately.

DNSBL lookup sites should stop including exitnodes.tor.dnsbl.sectoor.de in blocklist results; the information they display would be incorrect and would scare people into thinking that they are listed, when they are not.

I don't know much about this DNSBL. Based on its name, it seems to exist to allow people to block mail from servers that host TOR Exit Nodes. If you're receiving anonymized harassing mail, that might be something you'd want to block.


The Internet Archive suggests that this list has been around since at least February 7, 2005.

June 6, 2018 Update: The DNS "wildcard" entry has been removed. This should stop any false positive issues, and means that the list is no longer "listing the world." However, the blocklist is still offline, seemingly for good, and I still strongly suggest that mail admins cease use of this list immediately.

Status of dnsbl.cyberlogic.net: BROKEN

As reported on the mailop mailing list on Friday May 25, 2018, the blocking list at dnsbl.cyberlogic.net now contains a "wildcard" DNS entry, effectively listing the entire internet. If you use this DNSBL in your mail server configuration, you should remove it immediately, as it will impede your ability to receive legitimate mail.

New blocklist: SPFBL

Leonardo from SPFBL shared the following information with me and I thought it would be useful to share it here with folks.

Status of bad.psky.me: QUESTIONABLE

Noted and respected spam filterer Spamhaus is indicating that they believe the the Protected Sky (bad.psky.me) blocklist is "fraudulent." They report that Protected Sky is "an anonymously-run DNSBL service which was pirating [Spamhaus] data and republishing it as its own work." Spamhaus further indicates that Protected Sky doesn't follow DNSBL best practices as indicated in RFC6471.

Status of anonwhois.org: DEAD

I first blogged about the ANONWHOIS blocking list back in 2010. It was very useful to identify domains were ownership information was cloaked from the public. Why? Because many of us in the anti-spam and security community think that for a domain being used for commercial purposes, it isn't right to hide who the owner is. And this obstruction to transparency is often exploited by bad guys who send spam and malware, to try to make it harder to identify them.