Do not send e-mail to me!

DNSBL

RBL based on SPFBL

 

The reputation database is collected from our customers and contributors, where complaints are made by their own recipients and processed by our DNSBL server, which returns:

 

  • rcode FORMERR: invalid query format;
  • rcode NXDOMAIN: no abuse of this address has been reported;
  • rcode REFUSED: exceeded the limit of queries;
  • 127.0.0.2: blacklisted due to bad reputation and confirmed by anonymous complaints;
  • 127.0.0.3: flagged due difficulty to identify the responsible for abuses or MTA not in compliance with RFC 5321 and
  • 127.0.0.4: could not identify an email service running at this address, it’s a NAT router, or because it’s residential connection.
  • 127.0.0.5: unreliable abuse treatment team for the same IP range.

 

Service’s zone: dnsbl.spfbl.net

 

This service cannot be used for rejection purposes during the SMTP transaction. It can be used in scoring systems such as Spamassassin or Rpamd to have the message delivered to the recipient’s Junk folder. For those using the spfquery utility, consider replacing it with our advanced SPF query utility. The responsible for the receiving system, who is consuming this service, shall be responsible for non-compliance with this rule. The SPFBL.net will not be responsible for the misuse of this service.

 

It is noteworthy that, in the case of returning 127.0.0.4, we flag all IPs which we consider unsuitable for hosting mail transfer agents. In that case, the DNSBL does not only list systems that send spam, so it’s up to each administrator to decide how to use it. Making an analogy with the RFC Ignorant list (now RFC Clueless), we also require a number of important settings, so we could be called the “SPF ignorant” or “FCrDNS ignorant” system. In addition, any machine with no purpose of email service is a potential vector of a hacker attack, so this flagging also prevents any possible attack rather than waiting for the first damage to blacklist the IP after the injury caused. More about our rules, in the our delist page. Contact us to know how to report SPAM in our platform and then force the sender stop it.

 

In the case of return 127.0.0.5, it means that the IP is in a range with a high volume of abuse and the abuse team of this range does not act in order to stop these abuses, for being inactive, for being conniving or for ignoring the abuse reports that the SPFBL provider network sends to that team. To resolve this issue, it is necessary to change the FBL record of the same e-mail server to another address that is not the same address as the current one. This record can be changed in our DNSAL.

 

 

IMPORTANT: We do not provide any guarantees, despite the best efforts to maintain a stable and coherent system. Use at your own risk and take into consideration that our systems works based on reputation, without privileges to any system, including Internet providers and email marketing systems, if they have a poor reputation. For this reason, our DNSBL can not be used for message rejection, but only to forward the message to the recipient’s Junk folder. Check your MTA documentation for details or, if it is not feasible, consider use SpamAssassin or Rpamd.

 

IMPORTANT: Current limit is 10 queries per second and the response will have rcode 5 (REFUSED) when reached. Higher frequencies require contribution. Please contact us informing your IP or range, for further details. Even within the query threshold, consider making a donation so we can maintain and expand our free services. If your Unbound resolver are having query limit issues, try to set its parameter qname-­minimisation to value “yes”.

 

IMPORTANT: This service does not protect your email users from attacks originating from hijacked user accounts, because the reputation of IPs originating from legitimate accounts is usually good. To resolve the issue, we recommend installing clamav-unofficial-sigs on the incoming MX and also that end users be oriented to install efficient antivirus on workstations. To learn more about the effectiveness of all antiviruses on the market, follow the rank provided by Porcupine in real time.