Tornevall Networks just released version 5.0 of the DNSBL where all FraudBL-data resides.
Documents on how to use SpamAssassin is located at the docs.
FraudBL is currently up and running and while we are typing this post, we are collecting spam from ”phishing sites”. As we are counting, approximately 1200 hosts are flagged ”phishing” in our database. In short, this database will get a zone update so we can start using it. What we are actually waiting for is dnsbl.tornevall.org and the last migration steps.
To be continued…
FraudBL is an open source DNS Blacklist server, a part of the more common dnsbl.tornevall.org DNS Blacklist. FraudBL stands for Fraud Blacklist. This site itself is a landing page for Tornevall Networks blacklisting services and the real site, where most of our information resides can be reached via Tornevall Networks portal (which is currently under construction). FraudBL is, what tornevall.org is: While dnsbl.tornevall.org blocks regular spam, proxies and webabuse, FraudBL explicitly blocks servers known of sending spam based on phishing or anything else that would cause any economic loss for the receiver.
The purpose of FraudBL is about stopping fraudalent/phishinglike e-mail sent from different servers, that looks like they are sent from banks and others. FraudBL uses a separate spamresolver with the suffix bl.fraudbl.org. However, we are also using dnsbl.tornevall.org and hosts that is considered phishy/fraudalent are marked up with an extra TXT-entry.
To report fraudalent e-mail to us, send the mail content (important: with full header) to firstname.lastname@example.org. To extract a message header, you may see a few examples at http://docs.tornevall.net/x/ZoBq how to do this (covers gmail, outlook/hotmail/thunderbird/etc). The goal with this, is to block the server sources of the sent mail, not the sender itself, so it’s actually the ”Receved”-headers we are looking for primarilly.
Examples on where spoofed e-mail may come from:
The site FraudBL is located in Sweden.