RBL Services

Direct RBL Data Access - NEW

Feed data can be used to configure firewalls, proxies, and to help share intelligence with security groups and departments. A limited number of signups for direct access to our feeds will be available for a limited time.

Register for API Access

To view information on our REST API, click here.


Reverse DNS Blacklists

Abuse reporting and incident tracking into several blacklists based on the performance of hosting and network providers. We provide DNSRBL service free of charge.

Attempts have been made to contact all parties responsible for the management of the listed ranges. Please note that only about 40% of the traffic blocked will reach a level where reporting is required.

Contacts - Abuse Contact Lookup 

This list allows you to query our managed abuse contact list. A "TXT" query will return a comma delimited list of addresses that can be used to reach responsible parties. This list is mostly gathered from the IP registries but many hosts without proper abuse contact information has been added as a best guess for some ranges.

When an address is not returned, it's an invalid network or the register hasn't provided valid contact information. A negative match (NXDOMAIN returned) can signal several factors.

  • A lazy network - Established networks with out of date registry information.
  • An abuse safe haven - Networks that allow customers to do illegal or black market activities often do not include contact information. 
  • A bogus network - Also called bogons, these networks sit outside of ranges legally allowed to route over the internet.
  • An invalid network - An IP that is used illegally.

The addresses returned can also be used with our abuse feed to show a networks reported abuse activity. Example: https://www.webiron.com/abuse_feed/abuse@ovh.ca

DNSRBL Host: contacts.rbl.webiron.net (example:
DNSRBL Test Range: (example:


BABL - Bad Abuse Backlist

This list has three parts

  • The first set contains IP ranges that reportedly do not want to receive abuse notices to their officially registered abuse address. Companies that refuse to publish an abuse address and refuse notices to alternative e-mails. Attempting to hide from abuse or having the boldness to ask not to receive abuse notices from your network will flag your traffic and will not be safe enough to accept. Delisting requires the listed parties to contact us directly to resolve.
  • The second set contains ranges belonging to registered abuse addresses that have been undeliverable for at least 3 of the last 7 days.
  • All IP space without an abuse e-mail listed on the IP registry information.

DNSRBL Host: babl.rbl.webiron.net (example:
DNSRBL Test Range: (example:


CABL – Chronic Abuse Blacklist

This blacklist contains ranges belonging to registered abuse departments that have issues reported but the issues have not been resolved within last 30 days. In an effort to help some departments under high load to resolve each issues, they are tracked separately so new attacks are not lumped in with the old ones.

DNSRBL Host: cabl.rbl.webiron.net (example:
DNSRBL Test Range: (example:


STABL – Short Time Abuse Blacklist

This blacklist contains only the IPs where abuse has occurred at least twice within the last 48 hours. Automatic removal is done 24 hours after abuse has stopped.

DNSRBL Host: stabl.rbl.webiron.net (example:
DNSRBL Test Range: (example:


All – Combination of BABL, CABL, and STABL blacklists.

Query results:

  • - STABL Match (Test range:
  • - CABL Match (Test range:
  • - BABL Match (Test range:

DNSRBL Host: all.rbl.webiron.net (example:
DNSRBL Test Range: (example:


Using the RBLs with any network or device - Beta Public DNS Server - NEW

We now offer a caching resolver that can help protect your customers and the ones you care about.

Why use an external attack RBLs to help protect clients? These networks have become cesspools and safe havens.

These cesspools are responsible for over 95% of the persistent issues yet they account for less than 5% of the internet by volume.

Get protection from the following:

  • Phishing sites - Designed to trick users into submitting personal information in order to steal personal information for direct theft or as sale or purchase to other thieves.
  • Cross site scripting attacks - These attacks allow attackers to directly compromise the computers on your network and they can take over your accounts. This can lead to the installation of malware on computers and phones.
  • Malware data collections and control - Most malware involves the theft of data that needs to "phone home" to drop off and collect commands on what to do next. This action is vital to most bot network type malware that will steal information on computers connected to the same network where an infected computer resides.
  • Malware distribution - Malware needs to be stored and served from somewhere. Hosting providers that completely let their services run amok make perfect partners.
  • Spam landing pages - These are websites that you are directed to visit from e-mail or forum spam.
  • Site and server breaches - Hosting on these networks is dangerous business. Now only do you have to worry about attacks from outside the network, an even higher risk of infection from other infected sites on the same server or the next server over. For this reason any site you enter your personal data into or purchase that awesome product from is at a substantially higher risk of being compromised in the future.

To use the resolver use the IP address as your DNS server in your router or device configuration.


How to use the RBLs to protect services

Website and Web Server Usage
FTP Service Usage
Mail Service Usage


-- Removal Requests -- 

In most cases all removals are done automatically, however to reverse previous removal requests, early CABL removals or errors in blocking, feel free to open a ticket at https://www.webiron.com/rbl-removal-requests.html

If you are interest in full copies of these blacklisted please contact us

© 2015 WebIron - All rights reserved

Member Login