This list/zone contains mainly single ip's that have been blacklisted because of one of these reasons: IP is source of attacks against infrastructure or mail server - or - long term spam sending source - or - snow-shoe spammers without opt-in. It also contains some single ip's that are actually spam distributing - if these ip's are not whitelisted in one of the two largest whitelists. For these ip's the expiration time is extremely short (auto delists 24 hours after the last spam received). And at least this blacklist contains some static ip-ranges that have to be blocked because of long-term (sometimes over years) spam distributing - these are then called 'policy' or 'bad reputation' blocks. If ever possible this blacklist does not contain real mailservers. This list does not contain any dynamically assigned IP ranges because those are within the extra dyn blacklist. This list is constructed in a conservative matter to have a minimum of so called false positives within in. This Blacklist ist not intended to block as much as possible, but to block as correct as possible. Administrators of mailservers may use this list to block incoming EMail at SMTP Level:

• Zone-Name bl.shlink.org
• IP-based Blacklist
• Return-Code 127.0.0.2 = spam-sender
• Return-Code 127.0.0.4 = spam-originator
• Return-Code 127.0.0.5 = policy-block
• Return-Code 127.0.0.6 = attacker
• A-Records + TXT-Records

The TXT-Entry contains the reason for blacklisting and the reverse dns name of the blacklisted ip-address.

It should be standard for all professional mailserver administrators not to accept direct external SMTP connections from IP ranges that are dynamically assigned. For whatever reasons there do not exist really useful lists of that kind any more. There are some so called dynamic IP blacklists, but they only contain very few data and cannot be trusted. There is the 'dul' list from sorbs - but that misses a lot of dynamic ranges too and on the other side contains too much wrong ranges. This may be the reason why this list is not scored within spamassasin any more. On the other side there is only the spamhaus pbl - but this does not concentrate on dynamic ips but is a big mixture of anything. So we started some years ago to maintain our own list of such IP ranges. Our own SMTP policy always was not to accept mail from dynamic IP ranges. This list is the most useful one if the policy is (and should) not to accept SMTP connections from dynamic IP ranges.

This list contains mainly three types of entries: Dynamic IP ranges (mostly dsl, cable-tv, dialin pools, etc.). Dynamic IP ranges for mobile phones (gprs, 2g, 3g, lte). And IP ranges where the the isp has declared that unauthenticated SMTP connections should not be accepted from. This blacklist naturally will never be complete, but it should give good results if the policy is not to accept connections especially from dynamic IPs.

• Zone-Name dyn.shlink.org
• IP-based Blacklist
• Return-Code 127.0.0.3
• A-Records + TXT-Records

DMM means direct marketing mailer - these are companies that (mostly) are sending masses of newsletters. The reputation of these companies is extremely different. Most of them only send mail after the recipients have made any kind of so called double opt-in before. Some are known to not honour this, and some are anywhere in between. Because most of these companies also rent their mailserver pools to other companies/peoples it does not make really sense both to blacklist or whitelist ip addresses within this ranges. IPs listed here should always excluded from any whitelist as from any blacklist. This list/zone is for informational use only, do not use this list to block smtp connections on a public mx-server. If ever, one may use this to create private lists or for scoring within for example spamassassin.

• Zone-Name dmm.shlink.org
• IP-based Blacklist
• Return-Code 127.0.[0-9].4
• A-Records + TXT-Records

This list/zone contains ip addresses that never should be blocked at smtp level. It contains both entries for government and some company mailservers (such that can be really trusted) and ip-addresses of some isp outgoing mailservers one should accept mail from always.This list/zone make sense in combined usage to reduce possible false positives of any kind of blacklist.

• Zone-Name wl.shlink.org
• IP-based Whitelist
• Return-Code 127.0.0.2 (trusted local entries)
• Return-Code 127.0.0.3 (trusted companies + government institutions)
• Return-Code 127.0.0.4 (isp mailserver)
• Return-Code 127.0.0.5 (other)
• A-Records + TXT-Records

While traditional remote ip blacklists (rbl) and whitelists (rwl) are well known, there is another type of black- and whitelist that is not ip-based but name-based. These lists/zones are called Right-Hand-Side black- or whitelists (RHSBL or RHSWL). It's called right-hand because it matches the right hand side of a senders mail address. For example, if in smtp dialog the sending server says MAIL FROM: spammer@spamdomain.xx the part right of the @-sign can be checked against a rhsbl (or rhswl). There is another useful usage - some software like spamdyke can do requests to a rhsbl even for matching the rdns name of the sender. This makes such rhsbl usefull as an addition to traditional ip-based blacklists (for example of senders with dynamic ip addresses).

This right-hand-side blacklist is name-based and contains mostly sender addresses and also rDNS hostnames mostly from hosts with a dynamically allocated ip-address. This list is for blocking connections at smtp-level.

• Zone-Name rhsbl.shlink.org
• Domain-based Blacklist (rDNS)
• Return-Code 127.0.0.2
• A-Records + TXT-Records

This list is effective to block smtp connections from dynamic ip-ranges that never should connect mx-servers directly and may be used together with the dyn.shlink.org list - see description there.

This right-hand-side name-based whitelist contains entries similar to the ip-based whitelist. This list/zone make sense in combined usage to reduce possible false positives of any kind of blacklist.

• Zone-Name rhswl.shlink.org
• Domain-based Whitelist (rDNS)
• Return-Code 127.0.0.2
• A-Records + TXT-Records