Network and DNS Test Tools

ZoneCheck

bl.zonecheck.org



As this service is based in Australia, the Courts here have already ruled that blacklists are not liable for any losses or damages that may be experienced by those in DNSBL listings, we have the legal right to list miscreants, we do not force anyone to use any of our lists, so if you're listed for spam or abuse, deal with it, clean up your act. Most of our lists are created from various honeypots, so if you're listed, it's because you were up to no good. Once you have decided to be a nice netizen, you may request a delisting if you can show you are sending legitimate Emails.

We also accept the listing may relate to previous user of your IP, or a PC that has been hit with malware/viruses, in which case you need to have it cleaned up before asking for delisting.

Note: We cannot and will not remove any IP's from the countries lists, as these are static RIR country allocations, they are not claiming you were a bad actor.


Our lists...


  • bl.zonecheck.org - Combined list of spam, misc, web, and spamtraps
    This is a reasonably safe combined list.
    To keep this a safe list, it does not include the netblocks list.

  • spam.bl.zonecheck.org - IP's that have sent us spam are listed here
    This is a very safe list, with only manually added entries of clear spam sent to our admins.
    Listing Duration: long
    Code: 127.0.0.3 (general spam)

  • netblocks.bl.zonecheck.org - Spammer friendly networks
    Use of this list is considered to be of slight risk, with only manually added entries, they do cover larger address spaces, /24 or greater.
    It is suggested if using postfix to use warn_if_reject and monitor before using outright.
    Listing Duration: long
    Code: 127.0.0.5 (spammer friendly networks)

  • misc.bl.zonecheck.org - IPs listed here for various reasons as per code.
    Usage of this list is considered to be of a very low risk, with only manually added entries.
    Listing Duration: long
    Code 127.0.0.6 (offensive, abusive, malicious miscreants)
    Code 127.0.0.7 (open relay,backscatter sources)

  • spamtrap.bl.zonecheck.org - Our spamtrap honeypot. This will list IP's of those who send to our honeypot trap addresses, these are special addresses that have never been, nor ever will be, used anywhere, they are discreet hidden addresses designed to "trap" address harvesters.
    Usage of this list is considered to be safe
    Listing Duration: long.
    Code: 127.0.0.10

  • web.bl.zonecheck.org - IP's listed here are for being part of a botnet, or malware client.
    Usage of this list is considered to be of a very low risk.
    Listing Duration: very long
    Code 127.0.0.11

  • voipbl.bl.zonecheck.org - IP's listed here are for attempts against our honeypot SIP servers.
    Usage of this list is considered to be very safe low risk.
    Listing Duration: medium
    Code 127.0.0.12

  • rhsbl.bl.zonecheck.org - Domains that spam, are immoral, or dangerous, may be listed here.
    This list is rarely updated as it is not as efficient with spammers forging/spoofing domains.
    It is a somewhat safe list, with only manually added entries.
    Listing Duration: very long.
    Code 127.0.0.252 (domain names, from RPZ)

  • uri.bl.zonecheck.org - URIBL for SpamAssassin or the like.
    Domains that are known for harmful content.
    It is advised to use this for scoring purposes, exercise great caution before using on MTA to outright reject.
    Listing Duration: very long
    Code: 127.0.0.201 malwaredomains
    Code: 127.0.0.202 phishing
    Code: 127.0.0.203 malware reported

  • <TLD>.countries.bl.zonecheck.org - Geographical IP Assignments.
    This is a separate use list allowing you to block or whitelist IPv4 connections from different countries.
    Listing Duration: permanent
    Code: 127.0.0.2

Worth remembering that once an entry is added it can remain until a delisting request is made. We do expire entries from most lists periodically, this is usually the following durations from the last report.
short - 28 days
medium - 90-180 days
long - min of a year
very long - 2 years or longer

Some configuration examples are:



POSTFIX

smtpd_recipient_restrictions = 
	...(other options)...
    reject_rbl_client bl.zonecheck.org
    reject_rhsbl_client rhsbl.bl.zonecheck.org
    warn_if_reject reject_rbl_client netblocks.bl.zonecheck.org
	...(other options)...


SENDMAIL

FEATURE(`enhdnsbl', `bl.zonecheck.org', `553 rejected  Blocked by bl.zonecheck.org', `')dnl


EXIM
In acl_check_rcpt:
	deny message = Access denied - $sender_host_address listed at $dnslist_domain\n$dnslist_text
	dnslists = bl.zonecheck.org:netblocks.bl.zonecheck.org


QMAIL
Add rblsmtpd -r bl.zonecheck.org to the startup arguments for tcpserver.


MS EXCHANGE

Enable Message Filtering (from MS KB 261087):
Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager

1/ If the Administrative Groups container exists in the left pane, expand it, expand the appropriate administrative 
group container, expand Servers container, expand appropriate server container, then expand the Protocols container.
2/ If the Administrative Groups container does not exist, expand the Servers container in the left pane, expand the 
appropriate server container, and then expand the Protocols container. 

To expand a container, double-click the container to the left of the container.
In the left pane, click the SMTP container, right-click the appropriate SMTP virtual server in the right pane, and 
then click Properties, then Advanced and select the IP address that you want to enable message filtering for, and 
then click Edit and select the Apply Filter checkbox, then click OK, three times.

 Goto System Manager -> Global Settings -> right-click Message Delivery, then select Properties. 
 To expand a container, double-click the container or click the plus sign to the left of the container.
 Click the Connection Filtering tab and set
                                             Display Name: zonecheck.org
                                             DNS Suffix: bl.zonecheck.org




SPAMASSASSIN

urirhsbl        ALT_URI uri.bl.zonecheck.org. A
body            ALT_URI eval:check_uridnsbl('ALT_URI')
describe        ALT_URI Contains a URI listed in uri.bl.zonecheck.org
tflags          ALT_URI net
score           ALT_URI 2.1


uridnsbl        ALT_URI2 netblocks.bl.zonecheck.org. A
body            ALT_URI2 eval:check_uridnsbl('ALT_URI2')
describe        ALT_URI2 URL's domain A record listed in netblocks.bl.zonecheck.org
score           ALT_URI2 4.0
tflags          ALT_URI2 net a

uridnssub       ALT_URI3 bl.zonecheck.org. A 127.0.0.3-127.0.0.122
body            ALT_URI3 eval:check_uridnsbl('ALT_URI3')
describe        ALT_URI3 URL's domain A record listed in bl.zonecheck.org
score           ALT_URI3 3.0
tflags          ALT_URI3 net a




** NOTE: SpamAssassin has internal skip lists, this is a list of predefined domains that should never be checked.
Many of the domains are old, and some, like mail.ru are for sometime used for malicious purposes.
To disable this, at the end of local.cf place the line:  clear_uridnsbl_skip_domain

We accept no responsibility for anything and we give no warranties, we try to minimise false listings, but like everything in the fight to rid spam, false positives are always posible, to help eliminate this, only trusted admins can enter spam IP's, apart from our honeypots with by their very nature, will never see legitimate messages, there is never such a thing as a perfect solution in the fight against spam, and anyone who tells you this,or tries to sell you a solution with those claims, are full of shit!

Our lists have been running in one shape or form since 2003, if you're curious, read our history


Copyright © Noel Butler 2021. All Rights Reserved.