Blocklists and Reputation
Most networks on the internet are reachable from most other networks on the internet. This has led to some networks using that reachability to send spam, host malicious downloads, or actively attack other networks.
- Every IPv4 address has a reputation, which is tracked by multiple reputation list maintainers.
- Network operators can subscribe to the blocklists that work for them and use the information to help them decide whether to block an address from sending email, or even being contacted by its own network.
- These blocklists can be supported by special allowlists maintained by the network operators. Allowlists often contain IP addresses of key partners and suppliers. Being on an allowlist generally overrides an entry on an external blocklist.
Blocklists, also known as disallow lists, are a tool that helps networks protect themselves against these threats by choosing which IPv4 addresses or IP networks to reject traffic from.
Publishers create lists of IP addresses, IP networks, and domain names. Some IP addresses are listed by their operators to let other operators know they are used by subscribers and not servers. But most IP addresses on blocklists are there because they’ve been used to send spam or host malicious content. These are addresses and domain names with a poor reputation.
But poor reputations can be improved. Most blocklists automatically remove IP addresses shortly after the last abuse event is detected. But addresses that get listed a lot can be permanently listed. The list operators will remove them after being contacted by the IP addresses operators.
Blocklists don’t actively block IP addresses or networks. Instead, blocklist users use them to inform their own filtering decisions.
Many network operators choose to put some networks on a permanent allowlist, the opposite of a blocklist, because communication with that network is too valuable to interrupt. Other operators subscribe to multiple lists with different listing criteria, only blocking addresses that appear on multiple lists.
While some blocklists are published without charge, most blocklists are paid for by their subscribers. It is considered bad form for a blocklist operator to charge a fee to remove entries.