Reputation Block Lists: Difference between revisions

(4 intermediate revisions by 4 users not shown)

Line 1:

'''Reputation Block Lists''', or RBLs, are lists of [[Domain Name]]s, Universal Resource Locators ([[URL]]s), and/or Internet Protocol ([[IP]]) addresses that have been identified as posing security threats.<ref>[https://www.icann.org/en/blogs/details/reputation-block-lists-protecting-users-everywhere-1-11-2017-en Reputation Block Lists Protect Users, ICANN Blog]</ref> DNS reputation systems can detect [[Malicious Domain|malicious domains]] at the registration time (with PREDATOR) or domain activity phase (with EXPOSURE). They classify domains as either malicious or benign; however, they do not consider [[Compromised Domain|compromised domains]]. The blocklists represent activity such as spam, malware distribution, command-and-control, phishing, and/or intellectual property rights infringement. Intermediaries, such as ~~internet~~ service providers, use them to block malicious communications.

'''Reputation Block Lists''', or RBLs, are lists of [[Domain Name]]s, Universal Resource Locators ([[URL]]s), and/or Internet Protocol ([[IP]]) addresses that have been identified as posing security threats.<ref>[https://www.icann.org/en/blogs/details/reputation-block-lists-protecting-users-everywhere-1-11-2017-en Reputation Block Lists Protect Users, ICANN Blog]</ref> DNS reputation systems can detect [[Malicious Domain|malicious domains]] at the registration time (with PREDATOR) or domain activity phase (with EXPOSURE). They classify domains as either malicious or benign; however, they do not consider [[Compromised Domain|compromised domains]]. The blocklists represent activity such as spam, malware distribution, command-and-control, phishing, and/or intellectual property rights infringement. Intermediaries, such as Internet service providers, use them to block malicious communications.

==Overview==

Line 5:

* Cisco’s [https://talosintelligence.com/reputation_center Talos] has an email reputation system.

* [https://apwg.org/ the Anti-Phishing Working Group's RBL]'s contains phishing URLs submitted by accredited users through the [https://apwg.org/ecx/ eCrime Exchange platform]. The URLs are accompanied by metadata, including the confidence level and the target brand name; this RBL makes no distinction between [[Malicious Domain|malicious domains]] and [[Compromised Domain|compromised websites]].

* [https://safebrowsing.google.com/ Google Safe Browsing],

* [https://safebrowsing.google.com/ Google Safe Browsing]'s technology, launched in 2007, examines billions of URLs per day looking for unsafe websites and showing warnings on Google Search and in web browsers.

* [http://www.surbl.org/ SURBL]'s feed is composed of domain names in unsolicited email messages and external blacklists, which are categorized into lists of phishing, malware, or spam activity.<ref>[http://www.surbl.org/lists Lists, SURBL]</ref>

* [https://www.threatstop.com/ ThreatStop]

* [https://www.threatstop.com/ ThreatStop] is a commercial [[cybersecurity]] operation established in 2009 that includes [[Paul Mockapetris]] as its chief scientist.

* [[OpenPhish]]'s feed contains phishing URLs and targeted brands.

* [[OpenPhish]]'s feed contains phishing URLs and targeted brands.<ref>[https://openphish.com/ OpenPhish]</ref>

* [[PhishTank]] is a community-based phishing verification system. Phishing URLs are submitted and verified manually by its contributors and contain metadata like the target brand name but do not distinguish between malicious and compromised domains.

* [https://www.phishtank.com/ PhishTank] is a community-based phishing verification system. Phishing URLs are submitted and verified manually by its contributors and contain metadata like the target brand name but do not distinguish between malicious and compromised domains.

* [[Abuse.ch]] is an anti-malware non-profit organization working with ISPs and network operators that runs [[URLHaus]], which focuses on maliciously registered domains, and [[ThreatFox]], which focuses on compromised websites.

* [[Spamhaus]]'s blocklist provides malicious domains obtained from URLs enumerated in spam email payloads, spammers, phishing, malware-related websites, or suspicious domain names that share patterns with domains involved in technical or content abuse.<ref>[https://www.spamhaus.org/dbl/ Spamhaus DBL]</ref>

* [https://urlabuse.com URLAbuse] is a community-based URL blocklist. It operates as a blocklist, compiles URLs linked to various online threats, encompassing phishing, malware delivery attacks, and compromised websites. All the URLs undergo manual verification to minimize the likelihood of false positives. Additionally, the blocklist includes metadata such as screenshots and MISP structures.

==History==

Line 22:

Line 23:

As of April 2021, [[Intra2net]]'s Blacklist Monitor ranked [[Distributed Checksum Clearinghouses]] or (DCC) as showing the highest rate of accuracy in filtering spam.<ref>[https://www.intra2net.com/en/support/antispam/blacklist.php_dnsbl=dcc_check.html Intra2net Blacklist Monitor]</ref>

==References==

== References ==

[[Category:Cybersecurity]]

@@ Line 1: / Line 1: @@
-'''Reputation Block Lists''', or RBLs, are lists of [[Domain Name]]s, Universal Resource Locators ([[URL]]s), and/or Internet Protocol ([[IP]]) addresses that have been identified as posing security threats.<ref>[https://www.icann.org/en/blogs/details/reputation-block-lists-protecting-users-everywhere-1-11-2017-en Reputation Block Lists Protect Users, ICANN Blog]</ref> DNS reputation systems can detect [[Malicious Domain|malicious domains]] at the registration time (with PREDATOR) or domain activity phase (with EXPOSURE). They classify domains as either malicious or benign; however, they do not consider [[Compromised Domain|compromised domains]]. The blocklists represent activity such as spam, malware distribution, command-and-control, phishing, and/or intellectual property rights infringement. Intermediaries, such as internet service providers, use them to block malicious communications.
+'''Reputation Block Lists''', or RBLs, are lists of [[Domain Name]]s, Universal Resource Locators ([[URL]]s), and/or Internet Protocol ([[IP]]) addresses that have been identified as posing security threats.<ref>[https://www.icann.org/en/blogs/details/reputation-block-lists-protecting-users-everywhere-1-11-2017-en Reputation Block Lists Protect Users, ICANN Blog]</ref> DNS reputation systems can detect [[Malicious Domain|malicious domains]] at the registration time (with PREDATOR) or domain activity phase (with EXPOSURE). They classify domains as either malicious or benign; however, they do not consider [[Compromised Domain|compromised domains]]. The blocklists represent activity such as spam, malware distribution, command-and-control, phishing, and/or intellectual property rights infringement. Intermediaries, such as Internet service providers, use them to block malicious communications.
 ==Overview==
@@ Line 5: / Line 5: @@
 * Cisco’s [https://talosintelligence.com/reputation_center Talos] has an email reputation system.
 * [https://apwg.org/ the Anti-Phishing Working Group's RBL]'s contains phishing URLs submitted by accredited users through the [https://apwg.org/ecx/ eCrime Exchange platform]. The URLs are accompanied by metadata, including the confidence level and the target brand name; this RBL makes no distinction between [[Malicious Domain|malicious domains]] and [[Compromised Domain|compromised websites]].
-* [https://safebrowsing.google.com/ Google Safe Browsing],
+* [https://safebrowsing.google.com/ Google Safe Browsing]'s technology, launched in 2007, examines billions of URLs per day looking for unsafe websites and showing warnings on Google Search and in web browsers.
 * [http://www.surbl.org/ SURBL]'s feed is composed of domain names in unsolicited email messages and external blacklists, which are categorized into lists of phishing, malware, or spam activity.<ref>[http://www.surbl.org/lists Lists, SURBL]</ref>
-* [https://www.threatstop.com/ ThreatStop]
+* [https://www.threatstop.com/ ThreatStop] is a commercial [[cybersecurity]] operation established in 2009 that includes [[Paul Mockapetris]] as its chief scientist.
-* [[OpenPhish]]'s feed contains phishing URLs and targeted brands.
+* [[OpenPhish]]'s feed contains phishing URLs and targeted brands.<ref>[https://openphish.com/ OpenPhish]</ref>
-* [[PhishTank]] is a community-based phishing verification system. Phishing URLs are submitted and verified manually by its contributors and contain metadata like the target brand name but do not distinguish between malicious and compromised domains.
+* [https://www.phishtank.com/ PhishTank] is a community-based phishing verification system. Phishing URLs are submitted and verified manually by its contributors and contain metadata like the target brand name but do not distinguish between malicious and compromised domains.
 * [[Abuse.ch]] is an anti-malware non-profit organization working with ISPs and network operators that runs [[URLHaus]], which focuses on maliciously registered domains, and [[ThreatFox]], which focuses on compromised websites.
 * [[Spamhaus]]'s blocklist provides malicious domains obtained from URLs enumerated in spam email payloads, spammers, phishing, malware-related websites, or suspicious domain names that share patterns with domains involved in technical or content abuse.<ref>[https://www.spamhaus.org/dbl/ Spamhaus DBL]</ref>
+* [https://urlabuse.com URLAbuse] is a community-based URL blocklist. It operates as a blocklist, compiles URLs linked to various online threats, encompassing phishing, malware delivery attacks, and compromised websites. All the URLs undergo manual verification to minimize the likelihood of false positives. Additionally, the blocklist includes metadata such as screenshots and MISP structures.
 ==History==
@@ Line 22: / Line 23: @@
 As of April 2021, [[Intra2net]]'s Blacklist Monitor ranked [[Distributed Checksum Clearinghouses]] or (DCC) as showing the highest rate of accuracy in filtering spam.<ref>[https://www.intra2net.com/en/support/antispam/blacklist.php_dnsbl=dcc_check.html Intra2net Blacklist Monitor]</ref>
-==References==
+== References ==
+{{reflist}}
 [[Category:Cybersecurity]]