You are not logged in.

#1 2019-12-06 4:21 pm

MissM
Member
Registered: 2019-12-06
Posts: 2

Question about what blacklisted means

Hello,

I'm new here, and I'm sorry for what is probably a very basic question. 

I help moderate a forum that uses the stopforumspam plugin.  Sometimes, instead of telling us how many hits there are on an e-mail address, it just says blacklisted.  When I search for that e-mail here on the stopforumspam website, I don't get any hits. 

So what does blacklisted mean? 

Thank you!

Offline

#2 2019-12-06 5:54 pm

JamesC
Member
Registered: 2010-01-09
Posts: 93
Website

Re: Question about what blacklisted means

Blacklisted means that this site considers that particular service provider so toxic, that we would be best to never allow their customers onto our sites.

By service provider, I refer to the base domain of an email address (such as @zmail.com or @getcashnow.xyz) or the provider responsible for an IP address (such as AT&T in the US, BT in the UK, Telstra in AU).

Therefore, john_doe@zmail.com may not be specifically listed here, but if @zmail.com is toxic, then any name@zmail.com will also return a "blacklisted" result.

A list of toxic email domains is available on the Downloads page, as toxic_domains_whole.txt.

Offline

#3 2019-12-06 10:45 pm

Alex Kemp
Moderator
From: Nottingham, England
Registered: 2009-12-02
Posts: 2,420
Website

Re: Question about what blacklisted means

As JamesC states, for email addresses the blacklisting is at the host.tld level.

  • username @ host . tld

iirc for IP addresses the black-listing is at the Prefix level.

Organisation for IP addresses goes (lower-level to top-level):

  • IP Address: 104.25.137.22
    CIDR (Prefix): 104.16.0.0/12
    OriginAS (ASN): AS13335
    (Cloudflare, Inc.)

Offline

#4 2019-12-07 3:59 pm

MissM
Member
Registered: 2019-12-06
Posts: 2

Re: Question about what blacklisted means

Thank you!  This is helpful information! 

I'm curious: how does a domain come to be defined as toxic? 

Also, is it possible that a non-spammer could somehow have an e-mail address with a toxic domain?  While we want to protect ourselves from spammers, we're also worried about possibly excluding those who genuinely want to be a part of the forum.

Offline

#5 2019-12-07 6:17 pm

kpatz
Member
Registered: 2008-10-09
Posts: 1,437

Re: Question about what blacklisted means

Some providers are considered "spammer friendly", as in they take in spammers as customers and provide them with service for spamming.  Such providers are unlikely to be marketed toward legitimate users and it's not likely that much if any legitimate traffic comes from these providers.  And if they do, and those users are blocked, well, there's only one way the provider can get itself delisted, and that is to take care of the abuse on their end.

A provider that spews nothing but spam, and has little to no legitimate traffic will tend to be marked as toxic here.  Another example of a toxic provider would be one who caters to legitimate users but does nothing about the spam emanating from their domains/networks.  A legitimate ISP will respond to abuse reports and shut down spammers, but if a provider doesn't, and the spam traffic becomes too much of a problem, they may wind up blacklisted as well (on email lists as well as SFS).

Same for email domains.  Some are registered by spam friendly providers (would anyone legitimately sign up for an email address at getcashnow.xyz??) and aren't used legitimately, and those are marked as toxic.  Providers that have legitimate users, like gmail, yahoo etc. won't be marked as toxic even if lots of spam traffic come from them.

While this is out of the scope of SFS itself, on my forum I consider IPs in certain regions/countries to be "toxic".  Such as Pakistan, Phillipines, and Bangladesh.  India and China rank high on the suspicious list as well. Now there are certainly people who reside in these countries who aren't spammers and may legitimately want to sign up on forums to participate, but on MY forum, all I get is spam from these regions, so I tend to look at any registration from these countries as suspect.  There are a few IP blocks I have blocked entirely, and I haven't received any emails from these regions from people who legitimately wanted to sign up and participate on my forum.

Now SFS, being a service that caters to all forums and blogs that wish to participate, can't really blacklist entire countries, since there may be forums in China and India that use this service, but they will blacklist providers that have basically no business touching our forums as nothing they do is legitimate.

Last edited by kpatz (2019-12-07 6:23 pm)


Spam happens when greed meets stupidity.

Offline

#6 2019-12-07 8:22 pm

Alex Kemp
Moderator
From: Nottingham, England
Registered: 2009-12-02
Posts: 2,420
Website

Re: Question about what blacklisted means

MissM wrote:

how does a domain come to be defined as toxic?

In a word, experience.

Looking at toxic_domains_whole.txt on SFS Downloads you will see as just one example "zzzzzzzzzzzzz.com" (many of the domains will trigger the 'bad-word' block here on SFS, so I chose one that will not). Any email from that domain has proven through umpteen 1,000s of reports to be bad.

One more marker is lack of response. The abuse address is used for such IP & email addresses & if response is zero then that confirms their condition as toxic. I cannot give chapter & verse, since I do not deal at that end personally, but I recall that there have been instances in which Service Providers have made a positive effort to rid spammers from their network, and have engaged in a positive manner with us, which has ultimately led to their ejection from the toxic listing.

Offline

#7 2019-12-08 11:26 pm

pedigree
uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı
From: New Zealand
Registered: 2008-04-16
Posts: 7,054

Re: Question about what blacklisted means

rule of thumb, if google results show the domain results on stopforumspam before the actual domain, and its listed here to a level that shows persistent intention to avoid string matching then its a toxic listing, which is not taken lightly

Offline

#8 2020-03-05 2:39 am

Dr.Flay
Member
From: Kernow, UK
Registered: 2017-10-12
Posts: 22
Website

Re: Question about what blacklisted means

I often go and look at some of the stranger domains and poke around with shodan and other tools.
A lot of the time there is no site, and the domain was only registered so someone can host their email server.
That is a big giveaway it is just there for spam.
You can pretty much consider it a rule of thumb, if you try and visit a domain and no site loads or you see an Apache admin page, swing that ban-hammer.


"I am a genius trapped inside an idiot"

Offline

Board footer

Powered by FluxBB

Close
Close