Skip to content

Not Just Another Bogus List Details


Status: Offline as of 3/1/2013
Terms: Free with no charge mailing list membership.
Zones: 4
Website: [Offline]
Lookup: [Offline]
Removal: [Offline]
Contact: [Offline]


NJABL, or Not Just Another Bogus List is a DNS based blacklist. started out of frustration with the amount of spam coming into the networks maintained by NJABL now, and the general dissatisfaction with the quality and ethics of other DNS blacklist providers. maintains DNS zones of known and potential spam sources such as open relays, open proxies, insecure form to mail gateways, dynamic IP pools, and direct spammers. The goal of is to provide a stable and effective DNS blacklist with clearly stated and strictly adhered to listing criteria. also gathers listing information from 3rd party sources, and has instructions and tools for using DNS and mail server logs to allow end users to contribute. If you would like to contribute to the project, their FAQ has information on how to configure your system to act as a spam data node in which it can collect IP addresses for inclusion in one of the DNS blacklists.

Listing criteria

There are thee ways that your host could be listed in one of the DNS blacklist zones. The first is by being an open relay or proxy. This means the listed server allows the sending of email without authentication of any form. Essentially, anyone can use this server for sending any amount or type of email without ever communicating with the owner of the sending server.

The second way in which a host can be listed in one of the DNS blacklists does not even require for any email to have been sent at all. maintains large lists of IP address ranges that are either dialup modem pools, or dynamic IP address space. Dialup and dynamic IP space, in general, does not have a legitimate reason to be used for sending email. Legitimate users will make contact with a remote SMTP server, and send their email from that remote server. Most ISP’s expressly forbid the direct sending of email data over port 25 if you are on dynamic of dialup IP address space.

The methods that uses to determine if an address range is dynamic or dialup are extensive. First, it should be noted that often is the case a large ISP will establish communication with and intentionally request a listing. These cases help to immediately block off some of the largest ranges of IP address space that could potentially be used for spamming. If a host is listed that did not come from an ISP’s listing request, then it has been determined to be a dynamic or dialup address by investigation. This usually means that the reverse DNS was inspected, and a decision was made based on the name of the host. While this is not 100% accurate, it is accurate enough for the majority of most cases. Because has a simple removal process, and the rarity for incorrect listings, there is little reason to be concerned about false positives. ISP’s have learned over time that DNS blacklists all use similar techniques, and as a result, have named their reverse DNS listing appropriately. In many cases, this simply means using the word “static” in the reverse records, or that the reverse hostname is of a purely custom name, perhaps matching the MX record itself. Matching of the reverse DNS record to an MX record is in no way required, though it may aid in preventing a false positive listing as it makes your intentions more obvious.

The third and final way in which you can be listed in the DNS blacklist is by simply being a host that allows or supports spamming in some way. This means that throughout DNS blocking, SpamCop reports, and complaints and warnings sent to your [email protected] and [email protected] email addresses, you still choose to ignore those reports and allow unsolicited commercial or bulk email to be sent through your system(s). This class of spam sender has little hope of ever being delisted from However, if they did clean up their act, they would be delisted, does not hold long term records for grudge keeping; the goal is to stop spam, but also to educate and help those that do not understand the huge problems they are contributing to.

It is also worth noting, that in the third listing method, there can be chance for a false positive listing. When spam is seen coming from a source address, WHOIS lookups, DNS lookups, and other general research is done. If it can not be determined who the owner of the IP address is that is causing spam, then a range surrounding the source IP address will be listed. The smallest range that will be listed is a /24, or 255 total IP addresses. This means those that are on shared hosting plans, could potentially be listed only because they happen to buy service from a provider that does not correctly list their IP address assignments. As a user of these services, you can ask your ISP to keep clean SWIP records, and terminate those accounts that are sending spam on the same network block as your services reside.


The original NJABL zone (combination of the below 127.0.0.x types except for

This sub-zone has been shut down. All zone data continues to be contributed to The SpamHaus Project. You can use their zones which are much larger and accurate than the previous zone.

This zone used to be a combination of and in a single zone. As has been shut down, combined. currently acts as copy of (Bad Host, No Cookie)

These hosts have done things properly configured SMTP servers are not intended to do. contains misconfigured servers, spam proxies, and other hosts deemed to have no interest of stopping the pollution of the internet with spam, malware, viruses, or other nefarious activity.

Return Codes

A few DNS blacklists offer granular return codes to allow you, as an administrator to fine tune exactly how much, or how little impact you want the system to have on your flow of email. While most DNS blacklist and whitelist systems returns only one commonly used IP address, returns IP addresses each with a specific meaning, as listed below. The below DNS return records are for queries against

  • – Open relays
  • – Previous dial-up/dynamic IP ranges. This return type is no longer supported. For high quality dynamic and dialup IP address ranges, recommends that you use The Spamhaus PBL.
  • – Spam Sources – Both commercial spammers as well as dial-up spammers and open proxies. Because it is not always possible to differentiate between these sources, all three are combined under this return code. This can also contain an entire /24 if accurate listing data could not be determined.
  • – Multi-stage open relays – No longer supported, this return code should not be used.
  • – Passively detected “bad hosts” – Any host that is listed in
  • – HTTP gateways – Insecure http servers deploying form to email gateways and cgi scripts.
  • – Open proxy servers – Any server that acts as a proxy for spam, including innocent 3rd party servers that have been hijacked unbeknownst to the owner.

In addition to the IP address returned above being able to be used as a means to define with greater control what sources you will block, each listing has a companion DNS TXT record, with short descriptive text that indicates the reason for a listing. Some administrators configure their SMTP server to include this message in the Non Delivery Report (NDR). Before deploying any DNS blacklist, it is advisable to consult their website for any changes in policy, hostnames, and zone return codes. It is also a good idea to subscribe to the DNS blacklist providers mailing list to keep abreast of changes that may require immediate action on your end.

Removal Process

An IP address will that has been listed with for violation of any of the three above criteria can be delisted by fixing the problem. If you were inadvertently running an open SMTP relay, by closing your security issues, and requesting a retest, you should be delisted within a few hours at most. In the same regard, if you are somehow part of a multi-stage http to smtp relay, clean the source of the spam, and request a delisting. For whatever reasons you are listed, as long as you follow the instructions for contacting, or use their delisting tools, no payment is needed, and expedient delisting will happen. Even a mixup of your IP address being within a spammers IP address range can be delisted as easily as providing proof to that it is not a source of pollution. also maintains a “current queue” so you can see the progress of de-listings.

Effective 3/1/2013 NJABL is offline.

Related Articles

Related Articles

  • All
  • Easy Prey Podcast
  • General Topics
  • Home Computing
  • IP Addresses
  • Networking
  • Online Privacy
  • Online Safety
2020 Privacy, Safety, Cybersecurity Podcasts

Top 20 Cybersecurity Podcasts You Should Listen to in 2020

We’ve seen Twittersphere explode with bite-sized information security (InfoSec) news over the past few years and we’ve…

[Read More]
Managing Credit Cards

Alert! Managing Credit Cards Should be Your Focus.

Managing credit cards is the key to good credit. It's more important than low rates and credit...

[Read More]
Data Breach

Data Breaches: Why You Need to Use a Data Breach Check Tool

Using a data breach check tool is the best way to find out if you have accounts...

[Read More]

Psychopaths and Self-Protection with Mike Mandel

Most of us would not consider ourselves to be an easy target for a predator. But we…

[Read More]

Privacy by Design with Nishant Bhajaria

Data privacy has often been an after-thought in software and platform development. Data breaches have increased consumer…

[Read More]

Surviving a Romance Scam with Debby Montgomery Johnson

Many are resigned to stay silent about the pain of being scammed, but today’s guest helps empower…

[Read More]