Skip to content

Not Just Another Bogus List Details


Status: Offline as of 3/1/2013
Terms: Free with no charge mailing list membership.
Zones: 4
Website: [Offline]
Lookup: [Offline]
Removal: [Offline]
Contact: [Offline]


NJABL, or Not Just Another Bogus List is a DNS based blacklist. started out of frustration with the amount of spam coming into the networks maintained by NJABL now, and the general dissatisfaction with the quality and ethics of other DNS blacklist providers. maintains DNS zones of known and potential spam sources such as open relays, open proxies, insecure form to mail gateways, dynamic IP pools, and direct spammers. The goal of is to provide a stable and effective DNS blacklist with clearly stated and strictly adhered to listing criteria. also gathers listing information from 3rd party sources, and has instructions and tools for using DNS and mail server logs to allow end users to contribute. If you would like to contribute to the project, their FAQ has information on how to configure your system to act as a spam data node in which it can collect IP addresses for inclusion in one of the DNS blacklists.

Listing criteria

There are thee ways that your host could be listed in one of the DNS blacklist zones. The first is by being an open relay or proxy. This means the listed server allows the sending of email without authentication of any form. Essentially, anyone can use this server for sending any amount or type of email without ever communicating with the owner of the sending server.

The second way in which a host can be listed in one of the DNS blacklists does not even require for any email to have been sent at all. maintains large lists of IP address ranges that are either dialup modem pools, or dynamic IP address space. Dialup and dynamic IP space, in general, does not have a legitimate reason to be used for sending email. Legitimate users will make contact with a remote SMTP server, and send their email from that remote server. Most ISP’s expressly forbid the direct sending of email data over port 25 if you are on dynamic of dialup IP address space.

The methods that uses to determine if an address range is dynamic or dialup are extensive. First, it should be noted that often is the case a large ISP will establish communication with and intentionally request a listing. These cases help to immediately block off some of the largest ranges of IP address space that could potentially be used for spamming. If a host is listed that did not come from an ISP’s listing request, then it has been determined to be a dynamic or dialup address by investigation. This usually means that the reverse DNS was inspected, and a decision was made based on the name of the host. While this is not 100% accurate, it is accurate enough for the majority of most cases. Because has a simple removal process, and the rarity for incorrect listings, there is little reason to be concerned about false positives. ISP’s have learned over time that DNS blacklists all use similar techniques, and as a result, have named their reverse DNS listing appropriately. In many cases, this simply means using the word “static” in the reverse records, or that the reverse hostname is of a purely custom name, perhaps matching the MX record itself. Matching of the reverse DNS record to an MX record is in no way required, though it may aid in preventing a false positive listing as it makes your intentions more obvious.

The third and final way in which you can be listed in the DNS blacklist is by simply being a host that allows or supports spamming in some way. This means that throughout DNS blocking, SpamCop reports, and complaints and warnings sent to your [email protected] and [email protected] email addresses, you still choose to ignore those reports and allow unsolicited commercial or bulk email to be sent through your system(s). This class of spam sender has little hope of ever being delisted from However, if they did clean up their act, they would be delisted, does not hold long term records for grudge keeping; the goal is to stop spam, but also to educate and help those that do not understand the huge problems they are contributing to.

It is also worth noting, that in the third listing method, there can be chance for a false positive listing. When spam is seen coming from a source address, WHOIS lookups, DNS lookups, and other general research is done. If it can not be determined who the owner of the IP address is that is causing spam, then a range surrounding the source IP address will be listed. The smallest range that will be listed is a /24, or 255 total IP addresses. This means those that are on shared hosting plans, could potentially be listed only because they happen to buy service from a provider that does not correctly list their IP address assignments. As a user of these services, you can ask your ISP to keep clean SWIP records, and terminate those accounts that are sending spam on the same network block as your services reside.


The original NJABL zone (combination of the below 127.0.0.x types except for

This sub-zone has been shut down. All zone data continues to be contributed to The SpamHaus Project. You can use their zones which are much larger and accurate than the previous zone.

This zone used to be a combination of and in a single zone. As has been shut down, combined. currently acts as copy of (Bad Host, No Cookie)

These hosts have done things properly configured SMTP servers are not intended to do. contains misconfigured servers, spam proxies, and other hosts deemed to have no interest of stopping the pollution of the internet with spam, malware, viruses, or other nefarious activity.

Return Codes

A few DNS blacklists offer granular return codes to allow you, as an administrator to fine tune exactly how much, or how little impact you want the system to have on your flow of email. While most DNS blacklist and whitelist systems returns only one commonly used IP address, returns IP addresses each with a specific meaning, as listed below. The below DNS return records are for queries against

  • – Open relays
  • – Previous dial-up/dynamic IP ranges. This return type is no longer supported. For high quality dynamic and dialup IP address ranges, recommends that you use The Spamhaus PBL.
  • – Spam Sources – Both commercial spammers as well as dial-up spammers and open proxies. Because it is not always possible to differentiate between these sources, all three are combined under this return code. This can also contain an entire /24 if accurate listing data could not be determined.
  • – Multi-stage open relays – No longer supported, this return code should not be used.
  • – Passively detected “bad hosts” – Any host that is listed in
  • – HTTP gateways – Insecure http servers deploying form to email gateways and cgi scripts.
  • – Open proxy servers – Any server that acts as a proxy for spam, including innocent 3rd party servers that have been hijacked unbeknownst to the owner.

In addition to the IP address returned above being able to be used as a means to define with greater control what sources you will block, each listing has a companion DNS TXT record, with short descriptive text that indicates the reason for a listing. Some administrators configure their SMTP server to include this message in the Non Delivery Report (NDR). Before deploying any DNS blacklist, it is advisable to consult their website for any changes in policy, hostnames, and zone return codes. It is also a good idea to subscribe to the DNS blacklist providers mailing list to keep abreast of changes that may require immediate action on your end.

Removal Process

An IP address will that has been listed with for violation of any of the three above criteria can be delisted by fixing the problem. If you were inadvertently running an open SMTP relay, by closing your security issues, and requesting a retest, you should be delisted within a few hours at most. In the same regard, if you are somehow part of a multi-stage http to smtp relay, clean the source of the spam, and request a delisting. For whatever reasons you are listed, as long as you follow the instructions for contacting, or use their delisting tools, no payment is needed, and expedient delisting will happen. Even a mixup of your IP address being within a spammers IP address range can be delisted as easily as providing proof to that it is not a source of pollution. also maintains a “current queue” so you can see the progress of de-listings.

Effective 3/1/2013 NJABL is offline.

Related Articles

Related Articles

  • All
  • Easy Prey Podcast
  • General Topics
  • Home Computing
  • IP Addresses
  • Networking
  • Online Privacy
  • Online Safety
Social Media Marketing Influencer

Thinking About Influencer Marketing? Just Know What You’re Getting Into.

“Influencers are the future of marketing!” You’ll see a lot of headlines like that and articles (with…

[Read More]
Hide Your IP Address 9 Ways

Hide Your IP Address 9 Different Ways…or Just the Best Way.

If you don't want a website or your internet provide to know what websites you visit, you...

[Read More]

IoT: How to Deal with the Internet of Threats

The Internet of Things, or IoT, has become one of the most convenient—and dangerous—ways for consumers to…

[Read More]

What to Do if You’re Being Catfished

You meet someone online, but something doesn’t seem quite right. They seem to lead an abnormal lavish…

[Read More]

Everything You Need to Know About VoIP Phishing and How to Prevent These Attacks

VoIP (Voice over Internet Protocol) exists to help people with their voice-based communication using the Internet –…

[Read More]
The Amazing VPN

The Amazing VPN Is the Swiss Army Knife of Apps

If everyone knew how incredibly versatile a VPN is at protecting us online, nobody would go online...

[Read More]