bl.zonecheck.org


This service is based in Australia where the Federal Court has ruled blacklists are not liable for any losses or damages that may be experienced by those in DNSBL listings, and that we have the right to list problematic netizens, spammers, miscreants, or whoever is not playing nice, especially since nobody is forced to use, nor pays for access to, this service, nor do we have access lists to access the lists, those who use the lists should be aware of our policies, and use them because they find one or more of them effective.

This service was originally created in early 2000's whilst at my employers at the time so we could have multiple mail servers access a single blacklist database, since it was time consuming constantly updating all mail servers individual access lists, and grew from there, originally utilising a subdomain of that employer, and later becoming alt-backspace.org.

Most of our lists are created from direct spam sent to our admins, and by various honeypots, if you're listed, it's because you or a PC on your LAN were up to no good, deal with it, and clean up your act. Once you have decided to be a nice netizen, you may request a delisting if you can show you are sending legitimate Emails.

We do understand that a listing may relate to a previous user of your IP, there may have been a breach of your WiFi security, or a PC that has been hit with malware/viruses, in which case you need to locate and clean the device responsible very quickly, we're small, so if you get listed by us, chances are the big players like Spamhaus, Spamcop, SORBS, and co, may also have you listed, or close to it.

Note: We can not and will not remove any IP's from the countries lists! These lists are static RIR country allocations, they are not suggesting you were a bad actor, such lists are used to restrict access to entire geographical zones.

Our lists...


  • bl.zonecheck.org - Combined list of spam, misc, web, spamtraps and voipbl
    This is a safe combined list.
    To keep this a safe list, it does not include the netblocks list.

  • spam.bl.zonecheck.org - IP's that have sent us spam are listed here
    This is a very safe list, with only manually added entries of spam sent to our admins.
    Listing Duration: long
    Code: 127.0.0.3 (general spam)

  • netblocks.bl.zonecheck.org - Spammer friendly networks
    Use of this list is considered to be of slight risk, with only manually added entries, they do cover larger address spaces, /24 or greater.
    It is suggested if using postfix to use warn_if_reject and monitor before using outright.
    Listing Duration: long
    Code: 127.0.0.5 (spammer friendly networks)

  • misc.bl.zonecheck.org - IPs listed here for various reasons as per code.
    Usage of this list is considered to be of a very low risk, with only manually added entries.
    Listing Duration: long
    Code 127.0.0.6 (offensive, abusive, malicious, miscreants)
    Code 127.0.0.7 (open relay,backscatter sources)

  • spamtrap.bl.zonecheck.org - Our spamtrap honeypot. This will list IP's who send to our honeypot trap addresses, these are special addresses that have never been, nor ever will be, used anywhere, they are discreet hidden addresses designed to "trap" address harvesters.
    Usage of this list is considered to be safe, very low risk
    Listing Duration: long.
    Code: 127.0.0.10

  • web.bl.zonecheck.org - IP's listed here are for being part of a botnet, or malware client.
    Usage of this list is considered to be low risk.
    Listing Duration: very long
    Code 127.0.0.11

  • voipbl.bl.zonecheck.org - Our SIP honeypots. This lists IP's for connection attempts against our honeypot servers that have never, and will never, have a SIP service on them.
    Usage of this list is considered to be safe, very low risk.
    Listing Duration: medium
    Code 127.0.0.12

  • rhsbl.bl.zonecheck.org - Domains that spam, are immoral, or dangerous, may be listed here.
    This list is rarely updated as it is not as efficient with spammers forging/spoofing domains.
    It is a somewhat safe list, with only manually added entries.
    Listing Duration: very long.
    Code 127.0.0.252 (domain names, from RPZ)

  • uri.bl.zonecheck.org - URIBL for SpamAssassin or the like.
    Domains that are known for harmful content.
    It is advised to use this for scoring purposes, exercise great caution before using on MTA to outright reject.
    Listing Duration: very long
    Code: 127.0.0.201 malwaredomains
    Code: 127.0.0.202 phishing
    Code: 127.0.0.203 malware reported

  • <TLD>.countries.bl.zonecheck.org - Geographical IP Assignments.
    This is a separate use list allowing you to block or whitelist IPv4 connections from different countries.
    Listing Duration: permanent
    Code: 127.0.0.2


Worth Remembering

Once an entry is added it can remain until a delisting request is made.
We do expire entries from most lists periodically, this is usually the following durations from the last report, or you can show you are a new user of that IP, and that IP is static.

short - 28 days
medium - 29-180 days
long - 181-365 days
very long - years! ok, usually until requested after last hit for a year


Some Usage Configuration Examples


POSTFIX

smtpd_recipient_restrictions = 
	...(other options)...
    reject_rbl_client bl.zonecheck.org
    reject_rhsbl_client rhsbl.bl.zonecheck.org
    warn_if_reject reject_rbl_client netblocks.bl.zonecheck.org
	...(other options)...

* We recommend using warn_if_reject on lists that are not marked as safe for a few weeks
to make sure there is no negative impacts, this is typcially for lists like netblocks


SENDMAIL

FEATURE(`enhdnsbl', `bl.zonecheck.org', `553 rejected  Blocked by bl.zonecheck.org', `')dnl


EXIM
In acl_check_rcpt:
	deny message = Access denied - $sender_host_address listed at $dnslist_domain\n$dnslist_text
	dnslists = bl.zonecheck.org:netblocks.bl.zonecheck.org


QMAIL
Add rblsmtpd -r bl.zonecheck.org to the startup arguments for tcpserver.


MS EXCHANGE

Enable Message Filtering (from MS KB 261087):
Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager

1/ If the Administrative Groups container exists in the left pane, expand it, expand the appropriate administrative 
group container, expand Servers container, expand appropriate server container, then expand the Protocols container.
2/ If the Administrative Groups container does not exist, expand the Servers container in the left pane, expand the 
appropriate server container, and then expand the Protocols container. 

To expand a container, double-click the container to the left of the container.
In the left pane, click the SMTP container, right-click the appropriate SMTP virtual server in the right pane, and 
then click Properties, then Advanced and select the IP address that you want to enable message filtering for, and 
then click Edit and select the Apply Filter checkbox, then click OK, three times.

 Goto System Manager -> Global Settings -> right-click Message Delivery, then select Properties. 
 To expand a container, double-click the container or click the plus sign to the left of the container.
 Click the Connection Filtering tab and set
                                             Display Name: zonecheck.org
                                             DNS Suffix: bl.zonecheck.org




SPAMASSASSIN

urirhsbl        ALT_URI uri.bl.zonecheck.org. A
body            ALT_URI eval:check_uridnsbl('ALT_URI')
describe        ALT_URI Contains a URI listed in uri.bl.zonecheck.org
tflags          ALT_URI net
score           ALT_URI 2.1


uridnsbl        ALT_URI2 netblocks.bl.zonecheck.org. A
body            ALT_URI2 eval:check_uridnsbl('ALT_URI2')
describe        ALT_URI2 URL's domain A record listed in netblocks.bl.zonecheck.org
score           ALT_URI2 4.0
tflags          ALT_URI2 net a

uridnssub       ALT_URI3 bl.zonecheck.org. A 127.0.0.3-127.0.0.122
body            ALT_URI3 eval:check_uridnsbl('ALT_URI3')
describe        ALT_URI3 URL's domain A record listed in bl.zonecheck.org
score           ALT_URI3 3.0
tflags          ALT_URI3 net a




** NOTE: SpamAssassin has internal skip lists, this is a list of predefined domains that should never be checked.
Many of the domains are old, and some, like mail.ru are for sometime used for malicious purposes.
To disable this, at the end of local.cf place the line:  clear_uridnsbl_skip_domain

We accept no responsibility for anything and we give no warranties, we try to minimise false listings, but like everything in the fight to rid spam, false positives are always posible, to help eliminate this, only trusted admins can enter spam IP's, apart from our honeypots that by their very nature, will never see legitimate messages, there is never such a thing as a perfect solution in the fight against spam, and anyone who tells you this, or tries to sell you such a solution with those claims - are full of shit!


10:18 PM - Thursday September 29, 2022 (UTC +10)