- Dec 9th, 2014: .LINK Spam
If you are using SpamAssassin, and are currently getting a bunch of spam with *.link TLDs, it is because those URLs are not being checked against URIBLs. In order to check .LINK URLs, you will need to upgrade your RegistrarBoundaries.pm.
If you are running a recent version of SpamAssassin such as 3.3.2 or 3.4, simply download the RegistrarBoundaries.pm from SpamAssassin SVN and replace the one you currently have installed. Restart spamd if you run it for the change to take effect.
Link to SVN:
- Oct 15th, 2014: Emergency Maintenance
We are currently performing emergency database maintenance. This will be completed by 1300 GMT today.
- June 10th, 2014: Site restrictions
Certain restrictions have been put in place while we deal with a recent DoS attack on our site. Please contact firstname.lastname@example.org if you need assistance. Thanks to Prolexic for bring us back up so quickly.
- May 29th, 2014: 9 years!
URIBL.COM recently celebrated its 9th year of service! Thanks to everyone for their support!!!
- February 25th, 2014: Planned Maintenance
We will be upgrading core infastructure on February 28th 2014, from 1430 until 1730 GMT. There will be short outage periods, but downtime during this window should be minimal.
- December 22nd, 2013: Stale zone data
We had hardware issues over night that prevented new zones from being distributed. This has been fixed and new zone data is now being published.
- June 5th, 2013: DNS Issues (cont)
UPDATE: Godaddy confirms DNS against icudp.net was blocked on Monday. Currently this block has been lifted. We are awaiting further detail.
We were told 24 hours ago that icudp.net was not reporting (whatever that means) in the Godaddy system and they were forcing reconciliation. At that time, they said it was a 30-45m process. Needless to say, 8 hours later nothing had changed. During this period, we were forcing name server migrations from icudp.net to icudp.com, because it was resolving correctly on Godaddy name servers. A phone call with Godaddy late in the day suggested that same 30-45m reconciliation process could take up to 24 hours. It is now 24 hours later, and icudp.net is still in the dark on Godaddy's DNS platform, while icudp.com and icudp.org (all setup identical) are functional, as are hundreds of other domains hosted on domaincontrol.com name servers that we have tested.
$ dig +short @ns07.domaincontrol.com. icudp.com NS
$ dig +short @ns07.domaincontrol.com. icudp.org NS
$ dig +short @ns07.domaincontrol.com. icudp.net NS
;; connection timed out; no servers could be reached
Interestingly enough, during this process yesterday, Godaddy IP's 220.127.116.11 and 18.104.22.168 were responsible for 40% of the DNS traffic at our bind servers. Coincidence maybe? Something in relation to ddos attacks at dnsimple attack or easydns, maybe? Did Godaddy pull the plug on our domain without any notification because of these related attacks? We really don't know, and we await a root cause analysis report from Godaddy.
We apologize for this issue. We hope to come to resolution soon, and will provide more details if and when we get them.
- June 4th, 2013: DNS Issues
Our top-level domain that handles DNS resolution for serveral of our services is currently in LA-LA-LAND with Godaddy. We dont know why, and they cant tell us why. We've switched over to new nameservers until Godaddy has resolved the issue. Any remaining issues at this point are just due to waiting on DNS cache expiry to occur.
- February 5th, 2013: Denial of Service
Our website is currently receiving a DoS attack, so you may or may not be able to even see this message. Prolexic is currently working to mitigate the attack.
UPDATE 15:40 GMT - Website is back to normal operation.
- December 27th, 2012: Datafeed over DNS Available
For those who want to take advantage of datafeed service, but cannot or do not want to setup their own rbl instance, URIBL now offers Datafeed over DNS. If you have been blocked for high query volume, Datafeed over DNS will allow you to resume sending those high volume queries against the public mirrors. For those low volume users who currently use public DNS, Datafeed over DNS provides additional zone information not available otherwise. See Requesting the Data Feed Service for more information.
- January 23rd, 2012: Blocked due to excessive queries?
If you are receiving a bounce message saying your email was blocked due to excessive queries, you should contact your email provider, as they have not correctly implemented URIBL lookups. In the event a high volume nameserver is blocked, a 127.0.0.1 response may be received to indicate the nameserver is sending high volume queries. Service providers who have implemented URIBL lookups outside of SpamAssassin should read http://www.uribl.com/about.shtml#implementation and correctly implement URIBL lookups. Those effected should also read http://www.uribl.com/about.shtml#abuse for more information. The limits in effect are by nameservers, not individual mailservers, as the DNS requests will be coming from your resolvers.
- December 13th, 2011: RSS Feed Update
We have removed the publication delays on the RSS feeds, and replaced it with limitations on the number of listings shown per Registrar, per Nameserver, per Abused Hoster, and now per Top-Level Domain, which was previously not publicly available.
- December 13th, 2011: Heavy Hitter block response change
We have changed the blocked response A record from 127.0.0.255 to 127.0.0.1 per the request of SpamAssassin (bug #6724). This will allow the spam engine to identify potential hosts that are blocked by firing on a new rule set to look for bit 1 set in the response, and not create false positives. Our Abuse page has been updated to reflect this change.
- December 1st, 2011: Negative TTL reduction
Today we have lowered our negative TTL cache times from 300 seconds to 60 seconds. For those using the public mirrors for resolution, this will result in a nice increase in spam accuracy on short spam runs, as it will reduce the amount of time your DNS server returns a cached NXDOMAIN response to you after the domain has been listed. For datafeed users, there will be no change, as your zone files do not include SOA entries, which allows full control to customize the SOA settings as needed. It is worth checking into what your ncache-ttl setting is currently set at, and adjusting it as necessary. A ncache-ttl setting of 0 would yeild best results, but higher DNS volumes will result from it.
- April 6th, 2011: Happy Birthday URIBL.COM
Today is the day URIBL.COM was created 6 years ago! Against all odds (and numerous DDoS attacks)... we're still here and kicking! Thanks to everyone who has helped get us to this point. Cheers!
- Oct 4th, 2010: Services Restored
We had a database issue overnight that has now been resolved. All services are back and operating as normal.
- Sept 2nd, 2010: Publication delay on RSS Feeds
Due to ongoing issues, all public RSS feeds are being produced with publication delays. This was done as an alternative to completely taking them offline again.
- July 21st, 2010: RSS Feeds available
All RSS feeds that were previously disabled are now available.
- June 19th, 2010: Registrar and Nameserver RSS feeds suspended ...
We have been forced to disable public access to the blacklisted domains by registrar and by nameserver on our RSS Feed Site. See http://rss.uribl.com for more information.
- March 12th, 2009: Website restored
We lost a webserver last night due to hardware failure. The site has been moved to another server in the interim until we have a replacement for it. If you notice anything broken, please contact the webmaster
- February 26th, 2009: Heavy Hitter ACL changes
URIBL.COM has recently introduced a Split-horizon DNS system at the root level to restrict queries from heavy hitters. All Positive ACLs (those which previously returned 127.0.0.255) have been disabled and moved into the split-horizon filtering system. People using nameservers that have been ACL'd can still contact URIBL.COM via the web or by email, but DNS resolution to the URIBL lists will timeout. See About->Abuse for more details on testing your nameserver if you suspect your nameserver has been blocked.
- January 26th, 2009: Decreased Replication Delay = Increased Accuracy
In an effort to help combat the short spam campaigns, we are in the process of making key changes that will decrease the replication delay for new listings. We have already made changes at the core that allow us to publish the public zone files 3x more often! We have decreased our negative cache time (ncache-ttl) on multi from 600 seconds to 300 seconds. Also, we have asked all public mirrors to increase their polling frequency by more than double. Between these changes, we have effectively reduced the average listing latency for new domains from 6.5 minutes down to just over 2 minutes. Possibly more on this to come! Stay tuned...
- October 13th, 2008: Down for Maintenance
URIBL will be unavailable for a while today as we try to bring new Database servers online. Maintenance should be complete by 1500 GMT.
- September 25th, 2008: New Servers going in tommorrow - 2008/09/26
[This maintenance is now complete] - We are going to be installing new database servers on Friday (~1600 GMT), and doing some upgrades the existing ones. Expect some downtime on the web site, but everything else should be operating as normal. At a later date we will be migrating the data from the old databases to the new which will result in a bit more downtime, but that wont happen tommorrow.
- August 5th, 2008: livefilestore.com listing
Due to the heavy and continued abuse of livefilestore.com (see http://rss.uribl.com/hosters), we have temporarily placed the domain in URIBL Black. Once Microsoft has the abuse under control, we will remove it from black. If you are using SpamAssassin, and want to avoid potential falses on livefilestore.com links, simply remove it from being checked by adding uridnsbl_skip_domain livefilestore.com to your local.cf.
- July 11th, 2008: Website DDoS
Sorry we were down a bit longer than expected.. Prolexic mitigated the DDoS quickly, but we are just now turning everything back on.
- March 3rd, 2008: Geocities and Blogspot listings (was Googlepages)
A month or so ago we posted news about how we are listing subdomains for googlepages, blogspot and similar abused hosting sites. Well, that news somehow disappeared. Anyways, if anyone was looking for it, you can find it here.
- December 21st, 2007: Google Map of URIBL Mirrors
We have a new page on our site which shows our mirror distribution over top a google map. Click Here to see it. The map is updated every 30 minutes with data we have polled from the mirrors over the last 4 hours. The markers are color coded to indicate mirror stats, with green being ok, yellow being warning, and red being failing. It looks like we could use some mirrors outside of the US and EU. If you are interested, please contact email@example.com.
- October 16th, 2007: ACLs placed on public DNS Infastructure
UPDATE - Refusing queries on high traffic IPs just caused even more traffic to be generated. Because of the lack of negative caching when sending a refusal, this caused our mirrors to take on every query from IPs that are blocked. We have changed all REFUSED IP addresses over to simply returning NXDOMAIN to all the queries. By doing this, we at least benefit some from caching nameservers serving up the nxdomain for us, which reduces the amount of queries we have to handle from these high traffic hosts.
URIBL has begun to block IPs hitting our public DNS mirrors with high volume. If you are sending anything close to 500k queries/day to our public dns, you queries may be refused already, or in the near future. If you would like to become a part of the public dns infastructure and give some queries back to the world, please contact firstname.lastname@example.org
- June 8th, 2007: Services Restored
The URIBL website came under a heavy DDoS attack starting on June 6th at 13:30 GMT. SURBL and Spamhaus were also effected by this attack. During the last couple days, we have been working with www.prolexic.com for DDoS mitagation. Thanks to Prolexic, URIBL webservices are back online tonite.
- May 8th, 2007: Mail Services restored
The uribl.com mail server and one of the rbldnsd mirrors hosted at GTI
died on May 4th, 2007 as a
through Greensburg, KS. A new mail server was brought up late on May 7th.
If you sent anything important between the 4th and 7th to an uribl.com email address,
you may want to followup to make sure it was received.
- June 7th, 2006: RSS Feeds Available
Certain sections of URIBL's RSS Site are now public. There you will find thing such as spam domain statistics by Registrar and by Nameserver. Each NIC or NS can be further drilled down on to obtain the most recent domains that have been black listed on that particular registrar or nameserver. Plus, the data is accessible via XML (RSS 2.0) feed for those who would like to know when domains on their registrar and/or nameservers become blacklisted (and hopefully take action).