DNS black holes at rjek.com
I run several DNS black holes that may be of use.
- excommunicado.co.uk, domains used by Communicado Ltd. that are dedicated to sending spam.
- d.c.b.a.XX.country.dnsbl.rjek.com, Returns 127.0.0.2 if the address a.b.c.d is in ISO country code XX.
- d.c.b.a.XX.continent.dnsbl.rjek.com, Returns 127.0.0.2 if the address a.b.c.d is in a specific continent, one of AF, AS, AN, EU, OC, SA or NA. Here's a SpamAssasin rule for this and the above:
header FROM_CHINA eval:check_rbl('china', 'cn.country.dnsbl.rjek.com')
describe FROM_CHINA A Received line involves an address from China
tflags FROM_CHINA net
score FROM_CHINA 1.2
- foo.domain.mailsl.dnsbl.rjek.com, Returns 127.0.0.2 if the remote part of an address (foo.domain) is in my shitlist. Exim ACL:
deny message = Sending domain listed in rjek.com's shitlist
dnslists = mailsl.dnsbl.rjek.com/$sender_address_domain
delay = 5s
- foo.domain.urlsl.dnsbl.rjek.com, Returns 127.0.0.2 if foo.domain is in my shitlist for URLs. Here's a spamassassin rule:
urirhsbl RJEK_URISL urlsl.dnsbl.rjek.com. A
body RJEK_URISL eval:check_uridnsbl('RJEK_URISL')
describe RJEK_URISL URI Listed on the rjek.com shitlist
tflags RJEK_URISL net
score RJEK_URISL 2.5
- sha1sum.phish.dnsbl.rjek.com, Returns 127.0.0.2 if the SHA1SUM of an email address (which has been normalised to lower case) is in my transient phishing list. Exim ACL:
deny message = address is listed in rjek's phish list
dnslists = phish.dnsbl.rjek.com/${sha1:${lc:${sender_address}}}
delay = 5s
I recommend a deferal rather than outright rejection; often these addresses belong to real people and are just being hijacked.
If you're going to be doing more than 10,000 queries a day, please contact me before using these.
The country/continent DNS BLs get updated weekly. If you spot any errors, drop me an email.