Check out the following reports for more information
This is our traditional blacklist which contains the IP addresses of any hosts that have recently sent spam to our traps.
All of our trap domains have never been genuinely used for mail and never originate mail. It is also our policy that we never use typo domains (e.g. domain names similar to large services are blacklist traps).
Any host, therefore, sending mail to our traps are either infected, compromised, spam from purchased lists or spam from services that do not do confirmed opt-in (e.g. validating the email address of new sign-ups before allowing access or adding the address to CRM systems, etc.).
To avoid listing large mail providers such as Google, Microsoft Office 365 or any other multi-tenant mail services that might have compromised accounts or fraudulent sign-ups, we have extensive whitelists which prevent these hosts from being listed.
This blacklist lists all IP addresses that are unlikely to be used by a legitimate mail server. Legitimate mail servers should use a static IP address with a non-generic PTR record and that reflect the host and domain name of the mail server and ideally should match the forward lookup for the same name (FCrDNS).
It is designed to catch botnet traffic, compromised hosts, hijacked IP space and compute/VPS hosts.
This list is generated by running a reverse DNS lookup for every IPv4 IP address and lists IPs with:
Any host containing smtp, mail, mx, mta is automatically excluded.
Please do not request a delist from this zone unless you are running an email server on this address. Being listed in this zone will not affect your ability to send email unless there is a mail server running on it.
For this list, we observe the behavior of SMTP clients connecting to our traps and our partners' mail services. It lists any IP exhibiting irregular SMTP client behaviour in a way that indicates that it is either a compromised host or service (including IoT devices), open-proxy, VPN, TOR exit node, viruses/worms or botnet infected.
The Authentication Blocklist is intended to be used to identify and prevent account compromises or as a blocklist to prevent listed hosts from authenticating to your services running on HTTP, IMAP, SMTP, SSH etc. to prevent dictionary attacks, brute force or logging in with phished credentials etc.
It contains IP addresses of hosts that are infected, botnet members, proxies, VPNs, TOR exit nodes and hosts that have been attempting to authenticate to our honeypots.
To avoid any potential false-positives, this list has a very short listing time of 12 hours.
This contains IP addresses that should not appear on any of our IP blacklists, either because they don't send spam or because they have a lot of genuine users and blocking those could cause unacceptable collateral damage, so alternative listing methods should be used instead.