FAQ

1. Why am I listed? Are you calling me a spammer?

Systems and networks are added to our blacklists in response to operating in a manner that negatively impacts other parties. Given any system can be compromised or misconfigured to partake in abuse and behave like a spammer-run system, our blacklists cannot make distinctions on who abuse originates from.

In some extraordinary cases, chronic ongoing abuse originating from specific networks requires blacklisting the entire network. This can mean listing an entire ISP, datacenter provider, university, college or other instution or other organization.

2. How do I get removed?

First of all, we need to determine why you are listed in the first place. Please fill out the form here.

If it's just your singular IP address that is found in our records, we will try working with you toward de-listing.

However, if it is your ISP/datacenter provider/university/instution/workplace's network as a whole that is listed in our records, we may need your help in obtaining their cooperation.

3. Why is my 10.x.x.x, 192.168.x.x, or 172.16-32.x.x address blacklisted?

Two reasons.

We have 10.0.0.0/8, 192.168.0.0/16 and 172.16.0.0/12, collectively referred to as "RFC1918" or Private internal network addresses permanently blacklisted by virtue that they are internal addresses and therefore non-routable on the public Internet. In summary: Nobody outside of your network knows what goes on inside your private internal network.

If such an address or network in fact a trusted internal source, hosts should not be referring externally for internal infrastructure. This is similar to referring to the DNS roots for internal hostnames and PTRs. Such referrals in some organizations could constitute a security leak of internal information about the internal network layout. For performance and opsec, the public blacklist check should simply be skipped for such infrastructure.

Further in our research, we have noticed that when testing their blacklist status, many administrators and users alike test their local LAN address, which often provides them a false negative when their public address is in fact listed.

4. How do I use these blacklists?

Our blacklists do not require any kind of subscription or login to use. They are compatible with any solution that performs standard DNSBL lookups.

If you are performing manual lookups or writing your own software, take your IP address or the IP you wish to test (e.g. 24.36.78.164) and reverse the order of the octets (e.g. 164.78.36.24) and then append the zone you wish to check to the end (e.g. 164.78.36.24.SPAMBOT.bls.digibase.ca)

Unlisted (clear) addresses result in an "NXDOMAIN" or no response depending on your implementation. Listed addresses return a "127.0.0.2" response.

5. Can I get your raw blacklist files?

Possibly. We screen requests for our blacklist files to ensure they will be used correctly. You can contact bl-submit[at]digibase.ca ([at] to @) to request access.

6. Can I submit IP addresses for addition?

Certainly. However we ask that you submit unredacted logs, messages, and other supporting materials to us as supporting evidence of abuse. This is so we're on the same page and know what to tell those who are to be listed. We do not disclose the identity of submitters. These submissions can be done through bl-submit[at]digibase.ca ([at] to @). Please ensure you are clear what blacklist you are submitting to.