In the course of protecting our client portfolios, we come across hostile domain names that pose a risk to the community at large.
Domainsure makes these feeds available to other security vendors, DNS resolvers, and service providers as a way to collaborate and share data about harmful and hostile domain names.
The following Realtime Blocklists (RBLs) are available:
(as of Feb 23, 2024)
Domainsure Crypto Defender RBL
Live phishes, clones, malware sites targeting known crypto and Bitcoin exchanges, wallets, DeFi platforms, token projects, DAOs and blockchains.
Query:
{domain}.crypto.rbl.domainsure.zone
Example:
{domain}.crypto.rbl.domainsure.zone
Domainsure Verified Phishing RBL
Live phishing attacks on external entities detected through our network of honeypots and sensors.
Query:
{domain}.verified.rbl.domainsure.zone
Example:
$ dig example.com.verified.rbl.domainsure.zone
Domainsure RiffRaff and IPV4.RiffRaff RBLs
Domains and IPs listed in RiffRaff are those which have been identified as actively spamming or sending hostile payloads across the easyBrand ecosystem: easyDNS, Zoneedit or Domainsure itself.
Third-parties are welcome to use both lists:
Block by RiffRaff Domains (RHS):
Query:
{domain}.riffraff.rbl.domainsure.zone
Example:
example.com.riffraff.rbl.domainsure.zone
Postfix Config:
smtpd_sender_restrictions = {other stuff},
reject_rhsbl_sender riffraff.rbl.domainsure.zone
Block by RiffRaff IPv4 Addresses:
Query:
{reverse_ip}.ipv4.riffraff.rbl.domainsure.zone
Example (for 192.168.3.4):
4.3.168.192.ipv4.riffraff.rbl.domainsure.zone
Postfix config:
smtpd_client_restrictions = { other stuff},
reject_rbl_client ipv4.riffraff.rbl.domainsure.zone