Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

Join our projects

Check out our project pages here!

What is a DNSBL?

A DNS-based Blackhole List (DNSBL, Real-time Blackhole List or RBL), is a means by which an Internet site may publish a list of IP addresses, in a format which can be easily queried by computer programs on the Internet. As the name suggests, the technology is built on top of the Internet DNS or Domain Name System. DNSBLs are chiefly used to publish lists of addresses linked to spamming. Most mail transport agent (mail server) software can be configured to reject or flag messages which have been sent from a site listed on one or more such lists (Source)

We are regularly scanning new proxies that are reported to us and we're also trying to keep updated with the "Tor"-network proxies, a network that forgets that anonymousity can be a problem when we are speaking abuse.


RBL Bitmasking Data

1IP has been reported
Meaning: The ip has been reported from a third party application, honeypot, but may not necessarily be confirmed by our local sweepers (this is for proxies)
As there may be SMTP-servers amongst our hosts, this bit value may be unsafe to use and in the case of SMTP, there is no available confirmation.
2IP has been confirmed as working proxy

From June 2016: When FraudBL is used, this mask confirms the host as fraudible (Servers used for phishing, fraud, etc)

8IP was tested, but was never returning anything
Meaning: The ip may be fixed by the owner and therefore it's not working anymore
16-Coming soon-
This is the former field for failed connections, which has been taken over by bit value 8
32IP is tested and is fully functional but there is a second entry point (meaning this ip is not the same as the one that has been used by the user"), or the address is an exit node in TOR-network
64IP is marked as "abusive". Primary used to point out spam or attacks through webforms, forum, telnet, etc
128IP has a different anonymous-state (web-based proxies, like anonymouse, etc)
May be deprecated soon is the default zone ( removed 130630) to use on lookups. Future zones will also reported here.

Fraudalent e-mail

FraudBL has just been started as a separate project - for the moment you can reach the site at, but in future this service should get a proper integration also.

How about the expire time for FraudBL

Probably, it should be shorter than a regular host.


API References
The official repo at (
The repo at



The project is located at Tornevall Networks Project-Tracker

Key Summary T Created Updated Due Assignee Reporter P Status Resolution

  • No labels