Multi-RBL Lookup(스팸메일 블로킹 다중 확인)

원문 : http://www.completewhois.com/rbl_lookup.htm

CompleteWhois Multi-RBL Lookup Tool

---

This tool checks if ip or domain is listed in 25+ most popular RBLs (Reputation and Block Lists).For information on how to use this tool from any command-line whois client, please see here. Additionally we also have web utility (primarily designed for ISPs) to do RBL check for IP block ranges, access it here.

Lookup For:       Display Results In Web Page Table Format In Whois Data Format (see more options below) Options for Whois Format Include Names of All Tested Lists in The Results Even if There is No Match Also Provide Brief Whois Data for Abuse Contact Also Provide Full Domain or IP Whois Information Also Provide Domain DNS or IP Reverse DNS Information Additional Tools 200+ Real-Time RBL Lookup IP Range RBL Search CompleteWhois Whois Lookup Traceroute BGP Route Looking-Glass

For users with little experience or knowledge about RBLs we recommend displaying results using "Web Page Table" format. For tech-savvy users familiar with whois using "Whois Data" format should be sufficient and provides access to include additional information together with RBL lookup query. All but one or two lists checked are locally cached in our database which allows for fast and efficient lookups (average lookup time under 1 second). Our database is updated once per day based on raw rbl data from list provider. As our data is not real-time,  users should consider using our 200+ real-time rbl lookup tool (see further on this page) or directly check on each list page (see below table) as most of them provide real-time lookup tool for their database. Please note that YOU SHOULD NOT CONTACT US FOR DELISTING (unless it is because of listing in CompleteWhois invalidipwhois or hijacked lists). If you have problems with listing of your domain or ip YOU SHOULD make contact directly with whatever organization is running the list or database from which the data came from. For your convenience below is more information about each list we include in above lookup and links to each organization's website

Lists with Information on IP Addresses (DNSBL and similar) List Source and delisting procedures Official location of actual DNSBL list Description of the list CompleteWhois for delisting fix your whois data country-rirdata.dnsiplists.completewhois.com This is not a blocklist - it's a list of ip address allocations by country. Informational use only. local list invalidipwhois.dnsiplists.completewhois.com IP Blocks with invalid whois data or no working contacts. hijacked.dnsiplists.completewhois.com Hijacked IP Blocks (purposely stolen ip blocks) bogons.dnsiplists.completewhois.com Bogon (Unallocated) IP blocks (no ip whois data at all) Spamhaus for delisting see here  sbl.spamhaus.org "Spamhaus Block List" spam sources based on reports and research of spammers cached in db xbl.spamhaus.org "eXploits Block List" - proxies, infected computers, other exploitable sources of spam cached in db SpamCop automated delisting once spam reports stop bl.spamcop.net "SpamCop Blocking List" - list of ip sources recently reported to spamcop by various users dns lookup SPEWS for delisting post to NANABL newsgroup l1.spews.dnsbl.sorbs.net Level 1 - Spammer ip blocks (spews recommended blocklist) cached in db l2.spews.dnsbl.sorbs.net Level 2 - Spam Supporting Networks (monitored blocks) SORBS for delisting see here dnsbl.sorbs.net "Spam and Open Relay Blocking System" - Composed of many lists cached in db AHBL for delisting see here  dnsbl.ahbl.org Spammer used ip addresses from various sources cached in db ircbl.ahbl.org IP addresses used by those who are known to be abusers on IRC UCEProtect automated delisting when no messages come to spamtraps for 7 days, see here dnsbl-1.uceprotect.net Level 1 - Direct Spam Sources  based on spamtrap data cached in db dnsbl-2.uceprotect.net Level 2 - IP Blocks of where multiple spam emails originate dnsbl-3.uceprotect.net Level 3 - Smarthosts of ISPs that do not deal with viruses and spam in timely manner DSBL for delisting see here list.dsbl.org "Distributed Server Boycott List" - open smtp relays, open proxies cached in db multihop.dsbl.org multi-hop smtp relays unconfirmed.dsbl.org open relays, open proxies, servers with unaccountable users NJABL for delisting see here auto.dnsbl.njabl.org "Not Just Another Block List" open relays, open proxies, dialup ranges, spammer servers (data part of Spamhaus XBL) cached in db data.dnsbl.njabl.org CBL for delisting see here cbl.abuseseat.org "Composite Block List" proxies and infected systems (data part of Spamhaus XBL) cached in db WPBL automated delisting (score decreases to 0) if spam stops dnsbl.wpbl.pc9.org "Weighted Private Block List" scoring-based private blocklist  (score based on sum opinion of participating users) cached in db VIRBL automated delisting 24 hours after last virus virbl.dnsbl.bit.nl "Virus Block List" - lists ip addresses from which more then 2 viruses are received cached in db IMP spamrbl.imp.ch wormrbl.imp.ch In process of being setup N/A SpamSux automated delisting if no more attacks lists.spam.sux.com "Spam SUX Blackhole List" addresses of servers that are involved in dictionary attacks cached in db SpamBag for delisting see here blacklist.spambag.org Private list of  "SpamBag" spammers. A bit too aggressive but used in some http servers cached in db no-more-funn for delisting see here no-more-funn.moensted.dk dr.moensted's private blacklist. A bit too aggressive for Asia. list copy TQMCube for delisting see here clients (list only distributed as zone file) hosts that attempted to deliver message to spamtrap accounts cached in db dynamic (list only distributed as zone file) dynamic addresses relays (list only distributed as zone file) hosts that attempted to relay mail through spamtrap server asiaspam (list only distributed as zone file) any spamtrap hits from Korea, China, Taiwan   Lists with Information on Domain Names (RHSBL and similar) RFC-Ignorant for delisting do lookup query on their site (link above) and then go from there postmaster.rfc-ignorant.org Domains without a working postmaster email address dns * lookup abuse.rfc-ignorant.org Domains without a working abuse email address dsn.rfc-ignorant.org Domains refusing mail from "<>" whois.rfc-ignorant.org Domains with invalid whois data bogusmx.rfc-ignorant.org Domains with bad mx records SURBL for delisting see here multi.surbl.org ph.surbl.org URI domains used in phishing email (i.e. fake bank sites) cached in db sc.surbl.org URI domains based on SpamCop reported email ob.surbl.org URI domains from spam messages sent to outblaze ws.surbl.org URI domains based on spamasassin rulesets ab.surbl.org URI domains from abusebutler jp.surbl.org URI domains based on output of jwSpamSpy program URIBL for delisting see here muti.uribl.org black.uribl.com List of known spammers with a goal of zero false positives cached in db grey.uribl.com Lists people who spam and have legitimate uses, some. Some false positives depending on your definition of SPAM. red.uribl.com Experimental list for new domain registrations and mass moves between registries that are spam supporters or facilitators. AHBL for delisting see here  rhsbl.ahbl.org Domains owned and used by spammers cached in db SORBS for delisting see here rhsbl.sorbs.net badconf.rhsbl.sorbs.net A or MX records of domain point to bad ip address cached in db nomail.rhsbl.sorbs.net Listing per request of domain owners if no email is supposed to come comes from the domain MailPolice for delisting see here bulk.rhs.mailpolice.com Spam bulk-spammers, unsolicited advertising sites N/A - not setp yet fraud.rhs.mailpolice.com Domains hosting fraudulent content like "phishing" domains adv.rhs.mailpolice.com Domains of email marketers such as opt-in advertisers, newsletters redir.rhs.mailpolice.com Website redirectors porn.rhs.mailpolice.com Pornographic 18+ sites adult.rhs.mailpolice.com Adult-oriented sites DNSBL.ORG in.dnsbl.org (not a dns blacklist) Cooperatively created (by dns providers) list of sites for denial of service for spam activities N/A - not setup yet ex.dnsbl.org (not yet setup) Domains that spammed easydns SecuritySage for delisting see here blackhole.securitysage.com Domains used in emails found at spamtrap addresses with further manual verification. dns * lookup Deadbeef bl.deadbeef.org Domains of "irresponsible" ISPs dns * lookup * - although currently we test these lists by dns, in the future we hope to have setup with data cached locally. If that is not done by October 2005, we will most likely remove these lists from our testing system If you any links above do not work or information is not correct please send email to comments@completewhois.com. If you run DNSBL or RSHBL list and would like it included in our lookup system, please also contact us at above address and let us know where and how we can download your list data. More information about various block lists can be found at http://www.spamlinks.net/filter-dnsbl-lists.htm Appendix A -  Lists present in the composite dnsbl.sorbs.net and rhsbl.sorbs.net lists dnsbl.sorbs.net: Aggregate zone (contains all the following DNS zones): http.dnsbl.sorbs.net List of Open HTTP Proxy Servers. socks.dnsbl.sorbs.net List of Open SOCKS Proxy Servers. misc.dnsbl.sorbs.net List of open Proxy Servers not listed in the SOCKS or HTTP lists. smtp.dnsbl.sorbs.net List of Open SMTP relay servers. web.dnsbl.sorbs.net List of web (WWW) servers which have spammer abusable vulnerabilities (e.g. FormMail scripts) Note: This zone now includes non-webserver IP addresses that have abusable vulnerabilities. spam.dnsbl.sorbs.net List of hosts that have been noted as sending spam/UCE/UBE to the admins of SORBS. This zone also contains netblocks of spam supporting service providers, including those who provide websites, DNS or drop boxes for a spammer. Spam supporters are added on a 'third strike and you are out' basis, where the third spam will cause the supporter to be added to the list. block.dnsbl.sorbs.net List of hosts demanding that they never be tested by SORBS. zombie.dnsbl.sorbs.net  List of networks hijacked from their original owners, some of which have already used for spamming. dul.dnsbl.sorbs.net Dynamic IP Address ranges (NOT a Dial Up list!) hsbl.sorbs.net rhsbl.sorbs.net - Aggregate zone (contains all the following RHS zones): badconf.rhsbl.sorbs.net List of domain names where the A or MX records point to bad address space. nomail.rhsbl.sorbs.net List of domain names where the owners have indicated no email should ever originate from these domains.

Appendix B -  Instructions for doing Multi-RBL lookup from whois client software. In addition to webform above, the results of checking RBLs are also available using normal port-43 whois if query is done at "rbl.completewhois.com". For most unix machines the following command (with <ip address or domain> substituted by actual query) will produce the desired results: $ whois -h rbl.completewhois.com <ip address or domain> By default whois result would only include those lists that matched, for example: $ whois -h rbl.completewhois.com 211.154.255.1 [Querying rbl.completewhois.com] [rbl.completewhois.com] Completewhois.Com Whois Server, Version 0.91a24, compiled on Jun 22, 2005 Please see http://www.completewhois.com/help.htm for command-line options Use of this server and any information obtained here is allowed only if you follow our policies at http://www.completewhois.com/policies.htm [OTHER (rbl.completewhois.com) whois information for 211.154.255.1 ] 211.154.255.1 is listed in country-rirdata: CN - China 211.154.255.1 is listed in spews-level1: 211.154.192.0/18 --> [1] biz-help/eyou/biz-grow/como-verder/bizexplode, see http://spews.org/ask.cgi?S1059 211.154.255.1 is listed in spews-level2: 211.154.192.0/18 --> [1] biz-help/eyou/biz-grow/como-verder/bizexplode, see http://spews.org/ask.cgi?S1059 211.154.255.1 is listed in no-more-funn.moensted.dk: added 2001-04-19; china does not seem to care about spam 211.154.255.1 is listed in blacklist.spambag.org: 211.154.255.0/24 --> Blocked by spambag, see http://www.spambag.org/cgi-bin/spambag?mailfrom=012netil In some cases it is desirable to also see all the lists where ip address did not match and this can be enabled with RBL_INCLUDENOMATCH=ON option (options are added before the actual query) which will produce output such as: $ whois -h rbl.completewhois.com RBL_INCLUDENOMATCH=ON 211.154.255.1 [Querying rbl.completewhois.com] [rbl.completewhois.com] Completewhois.Com Whois Server, Version 0.91a24, compiled on Jun 22, 2005 Please see http://www.completewhois.com/help.htm for command-line options Use of this server and any information obtained here is allowed only if you follow our policies at http://www.completewhois.com/policies.htm [OTHER (rbl.completewhois.com) whois information for 211.154.255.1 ] 211.154.255.1 is listed in country-rirdata: CN - China 211.154.255.1 is not listed in bogons.dnsiplists.completewhois.com 211.154.255.1 is not listed in hijacked.dnsiplists.completewhois.com 211.154.255.1 is not listed in invalidipwhois.dnsiplists.completewhois.com 211.154.255.1 is not listed in sbl.spamhaus.org 211.154.255.1 is not listed in bl.spamcop.net 211.154.255.1 is listed in spews-level1: 211.154.192.0/18 --> [1] biz-help/eyou/biz-grow/como-verder/bizexplode, see http://spews.org/ask.cgi?S1059 211.154.255.1 is listed in spews-level2: 211.154.192.0/18 --> [1] biz-help/eyou/biz-grow/como-verder/bizexplode, see http://spews.org/ask.cgi?S1059 211.154.255.1 is not listed in dnsbl-1.uceprotect.net 211.154.255.1 is not listed in dnsbl-2.uceprotect.net 211.154.255.1 is not listed in dnsbl-3.uceprotect.net 211.154.255.1 is not listed in list.dsbl.org 211.154.255.1 is not listed in multihop.dsbl.org 211.154.255.1 is not listed in unconfirmed.dsbl.org 211.154.255.1 is not listed in data.dnsbl.njabl.org 211.154.255.1 is not listed in cbl.abuseseat.org 211.154.255.1 is not listed in opm.blitzed.org 211.154.255.1 is not listed in dnsbl.wpbl.pc9.org 211.154.255.1 is not listed in virbl.dnsbl.bit.nl 211.154.255.1 is not listed in lists.spam.sux.com 211.154.255.1 is listed in no-more-funn.moensted.dk: added 2001-04-19; china does not seem to care about spam 211.154.255.1 is listed in blacklist.spambag.org: 211.154.255.0/24 --> Blocked by spambag, see http://www.spambag.org/cgi-bin/spambag?mailfrom=012netil While rbl.completewhois.com address is setup primarily for RBL-only data queries, the software running on that address and producing results is in fact exactly the same as what is running on other completewhois whois server (the only difference is that by default whois queries are not enabled on that address and RBL queries instead are). To get RBL lookup results from other whois servers as part of more complex whois query you can use "RBL" macro option as in: $ whois -h whois.completewhois.com RBL <ip address or domain> Note also that querying for abuse-related information from completewhois server will by default now also include RBL lookup results and this can be done with the following command: $ whois -h whois.completewhois.com ABUSEDATA <ip address or domain> For more information about using completewhois whois server and how its optional parameters and macros are used, please see completewhois engine help page Appendix C -  Instructions for referencing Multi-RBL lookup from web sites You can also directly refer to our RBL lookup CGI from your own websites and applications. If you expect this to be used by users who do not have much experience with RBL and would prefer to see table display format with description and links for every RBL checked, then do it as follows:   http://www.completewhois.com/cgi2/rbl_lookup.cgi?query=<query> Where <query> is actual query ip address or domain. For experienced users where quick whois format with is acceptable, please reference as follows:   http://www.completewhois.com/cgi-bin/rbl_lookup.cgi?display=matchesonly&query=<query> With above you can also directly include IP or DOMAIN whois information with lookup as follows:   http://www.completewhois.com/cgi2/rbl_lookup.cgi?display=matchesonly&whoisdata=ON&query= If you have more questions on how to use our system please email comments@completewhois.com

This tool is used to check if ip address or domain is listed in 200+ RBLs in real time by dns. (Warning! The query may run for up to 1 minute or longer even when you use asynchronous dns option) Lookup For:         DNS Library ADNS (asynchronyous, parallel lookups) FireDNS (fast single queries) BIND Options Only display those lists that matched Only do TXT lookups without fist doing 'A' lookups Use extended description when reporting rbl name Provide information on how long query ran Additional Tools 25+ RBL Lookup IP Range RBL Search CompleteWhois Whois Lookup Traceroute BGP Route Looking-Glass The list of all dns lists used for lookups can be found here and is mostly imported from moensted's drbsites.txt. For more information about these lists please see http://www.spamlinks.net/filter-dnsbl-lists.htm and http://moensted.dk/spam/ (which is another good site to do multi-rbl real-time lookups).

ACERBLCHECK The actual utility used for above real-time multi-rbl lookup is acerblcheck. This new program is an improvement of the arblcheck (which itself was based on the original rblcheck by Edward Marshall). Acerblcheck has a number of new features such as ability to do TXT lookups (arblcheck only supported A lookups), loading of sites to be checked from file (and separate lists for ip zones and domain rhsbl zones) as well as support for several dns resolver libraries which provide better performance then default dns library included on unix systems This program is released under GNU License and carries code from the following contributors: Edward Marshall, Yiorgos Adamopoulos, Steve Friedl and William Leibzon. The source code and README file can currently be found here -> acerblcheck.c and README. A statically compiled (with both firedns and adns libraries) binary for Fedora and Redhat Linux versions is also available for download: acerblcheck-static-redhat.bin Acerblcheck is part of AceDNS package to be released later in 2006 at http://sourceforge.net/projects/acedns/. For instructions on using this please use "-h" option when running acerblchek and look at documentation in the code of above distributions. In the future you will find documentation at http://acedns.sourceforge.net and you may also find documentation for rblcheck at http://rblcheck.sourceforge.net/docs/ useful (note that acerblcheck has twice as many options as original rblcheck but does support all original options as well).