Type: IPv4, IPv6
Cloud DNS: <key>.black.mail.abusix.zone.
Rsync File: lists/black.zone
Return Codes: 127.0.0.2, 127.0.0.3
Test Points: 127.0.0.2, 127.0.0.3, ::FFFF:7F00:2, ::FFFF:7F00:3
Listing duration: Approximately 5.2 days from when traffic was last seen
This list contains the IP addresses of hosts that have sent email to our “pristine” traps (only our trap domains that have never been used for genuine mail) along with some network entries that we manually maintain.
Common causes for being listed here include compromised accounts, infected hosts, botnets, spam gangs, purchased email address lists, poor sign-up processes, bad webforms, open proxies, TOR exit nodes and VPNs
Any matching IP address found by this data will return 127.0.0.2.
Additionally, there is also some automated heuristics which use all of our trap network and partner transaction feeds to look for IP addresses with very low reputation and IPs found in this data will return 127.0.0.3.
This list can also be safely used to check each "Received" header hop found within a message.
$ host 126.96.36.199.<key>.black.mail.abusix.zone.
188.8.131.52.<key>.black.mail.abusix.zone has address 127.0.0.2
184.108.40.206.<key>.black.mail.abusix.zone has address 127.0.0.3