You can always send email to blackhole20 at five-ten-sg.com even if your mail server is listed here, as long as your mail server is not also on the XBL. Note that this is NOT a list of open relays. Any such email must reference the ip address that is listed here, as determined by this form.

To determine exactly WHY your mail server is listed here, enter the IP address in the form and click on the Search button.

IP address:

If you tried to send email and it was returned to you with an error message that pointed to this page, then the ip address of your outgoing mail server is on our local blocklist composed of the following classes. Use the search form above for more detailed information. For those that are curious, the actual ip address returned from a lookup in this blackholes zone is 127.0.0.X where X is the class number below. For example, bulk mailer ip addresses return 127.0.0.4.

  1. unused

  2. spam - Individual spam sources. These are generally taken from spam samples that have arrived here, and from discussions on news.admin.net-abuse.email. If you have inherited such ip address space, please let me know. However, you are probably on LOTS of other individual blocklists, and will have a hard time getting removed from all of them. A special case is the misc.spam group, which includes entire blocks of addresses that have a) sent spam here, b) have consecutive or missing reverse dns, and c) have no customer sub-delegation via either the controlling RIR (ARIN, RIPE, LACNIC, APNIC, etc) or an rwhois server referenced in the main RIR records.

  3. dialup - Dialup equivalent ip addresses. This was an attempt at tracking dialup equivalent address space, but it was too labor intensive, and has been discontinued. The DCC is as effective at blocking dialup spam with a lower false positive rate.

  4. bulk - Bulk mailers that don't require closed loop confirmed opt-in from all their customers, or that have have allowed known spammers to become clients.

    "closed loop confirmed opt-in" is where you have some mechanism to signup for your mailing lists, possibly a web form with a "sign me up for mailings" entry, and someone puts in an email address. Your system then generates a random token, emails a single message to that address saying something like "someone, possibly not you, signed up for mailing list xxx at date/time/ip address. If that was really you, return this token yyy by (clicking on this link, reply to this message, possibly other mechanism)". After your system receives the confirmation including that random token, you can now have reasonable confidence that the actual owner of that email address does want to receive messages from you. You need to keep the details (date/time/ip address of the original signup, the random token that was used, the method of returning that token and any associated information (email headers in the case of an email response, date/time/ip from the web server logs in the case of an http click return method, etc) of that signup to protect yourself from future charges of spamming.

    In the case that you use some embedded http link as the method to return the random token, you need to include at least two links in the message. One to confirm the message, and a second (probably less visible) link to trap automated systems that simulate clicks on every link in an email message. There are cases where your original confirmation message will go to folks that did NOT signup, and some of those addresses will be automated spam traps that eventually cause the message to be posted to news.admin.net-abuse.sightings, and there are bots that scan nanas and click on every link in every message posted there.

  5. multistage - The output server from multi-stage open relay chains that have sent spam to users here.

  6. singlestage - Single stage open relays that are not listed on ORDB yet.

  7. spam-support - Networks that provide services to spammers, including connectivity, dns, email, sales, or any other service. This includes any business that provides email addresses to third parties, where those third parties then send email to those addresses, otherwise known as email appending services. In this case, you will need to find another provider, or you will need to convince your current provider to remove their support for spammers.

  8. webform - Web servers running vulnerable versions of formmail.pl or other abusable web-to-mail gateways. This may also include machines acting as smarthosts for such web servers.

  9. misc - Miscellaneous includes (but is NOT limited to) the following groups. Note that this does NOT include misc.spam which is listed under spam above.
    1) /24 blocks of addresses containing systems that are apparently sending bulk email (in volumes apparently comparable with the volume from AOL, Earthlink, Google), with any of the following attributes: missing or bogus reverse dns, reverse dns names in domains with no web server, or domains with boilerplate web content.
    2) Systems that are strongly suspected of being multistage open relays (where I have not been able to identify the input stage) or open proxies.
    3) Any system that delivers spam here, that appears to be running MS SMTPSVC, and that appears to have relayed the message from China, Korea, Brazil, or any known open proxy. These are generally systems that have enabled the guest account, and spammers are using them as open relays, even though they do require SMTP AUTH. Enabling the guest account allows anyone to relay thru them.

  10. klez - Systems that send virus notifications (klez, sobig, etc) to the supposed sender. Most modern virii forge the return address, so these automated notifications are worthless and are treated here as spam.

  11. tcpa - Systems that are owned by organizations that blatently violate the TCPA by leaving pre-recorded sales calls here, or by failing to maintain a do-not-call list. For example, the San Bernardino Sun was the original inspiration for this section. The details are here.

  12. free - Free mail providers.

  13. cr - Systems that have delivered challenge-response spam here.