Heimkoma Service DNS Blacklist Service

What is HSDNSBL?

This is Heimkoma Service's DNS Blacklist Service, a resource provided to the public Internet, modeled after Digibase's BLS.

I represent another system or network. What is its status?

IP Address:
 

Frequently Asked Questions about HSDNSBL

Q. Why am I listed? Are you calling me a spammer?

Systems and networks are added to our blacklists in response to operating in a manner that negatively impacts other parties. Given any system can be compromised or misconfigured to partake in abuse and behave like a spammer-run system, our blacklists cannot make distinctions on who abuse originates from.

In some extraordinary cases, chronic ongoing abuse originating from specific networks requires blacklisting the entire network. This can mean listing an entire ISP, datacenter provider, university, college or other institution or other organization.

Q: How do I get removed?

A: Check the Contact page for details on how to get removed.

Q: Why is my 10.x.x.x, 192.168.x.x, or 172.16-32.x.x address blacklisted? It's internal!

A: Short answer: They're private addresses and are not allowed to be de-listed.

Longer answer: We have 10.0.0.0/8, 192.168.0.0/16 and 172.16.0.0/12, collectively referred to as "RFC1918" or Private internal network addresses permanently blacklisted by virtue that they are internal addresses and therefore non-routable on the public Internet. In summary: Nobody outside of your network knows what goes on inside your private internal network.

If such an address or network is a trusted internal source, such hosts should not be referring externally for internal infrastructure. This is similar to referring to the DNS roots for internal hostnames and PTRs. Such referrals in some organizations could constitute a security leak of internal information about the internal network layout. For performance and operational security, the public blacklist check should simply be skipped for such infrastructure.

Further in our research, we have noticed that when testing their blacklist status, many administrators and users alike test their local LAN address, which often provides them a false negative when their public address is in fact listed.

If you absolutely need to check your IP against our blacklist, we recommend checking
http://ip4.me to get your public IP and use it to check against our blacklist.

Q: How do I use these blacklists?

A: Our blacklists do not require any kind of subscription or login to use. They are compatible with any solution that performs standard DNSBL lookups.

If you are performing manual lookups or writing your own software, take your IP address or the IP you wish to test (e.g. 127.0.0.1) and reverse the order of the octets (e.g. 1.0.0.127) and then append the zone you wish to check to the end (e.g. 1.0.0.127.SPAMBOT.bl.heimkoma.com). One such example is to use this query:

dig a 1.0.0.127.SPAMBOT.bl.heimkoma.com @bl.heimkoma.com

The following subdomains are available for querying:

spambot.bl.heimkoma.com
openabuse.bl.heimkoma.com
proxyabuse.bl.heimkoma.com
ircabuse.bl.heimkoma.com

Unlisted (clear) addresses result in an "NXDOMAIN" or no response depending on your implementation. Listed addresses return a "127.0.0.2", "127.0.0.3" or "127.0.0.4" response.

Q: Can I get your raw blacklist files?

A: Possibly. We screen requests for our blacklist files to ensure they will be used correctly. You can request access via the Contact page.

Q: Can I submit IP addresses for addition?

A: Certainly. However we ask that you submit unredacted logs, messages, and other supporting materials to us as supporting evidence of abuse. This is so we're on the same page and know what to tell those who are to be listed. We do not disclose the identity of submitters. These submissions can be done through the Contact page. Please ensure you are clear as to what blacklist you are submitting to.