Visitor IP: 216.73.216.147 NOT LISTED
IPv6-aware policy.txt / policy.json

ScotNet DNSBL

Evidence-based listings • transparent return codes • dual-proof delisting for high-risk listings • dual-stack by default

What this DNSBL is

This DNSBL exists to protect mail systems from active abuse, not to punish mistakes. Listings are evidence-based, persistent until delisted or manually reviewed, and reversible with proof of control. If you’re listed, the fastest path out is to fix the issue and complete the signed delist flow below.

Transparency snapshot

Full transparency
Active listings
2,626
Live from BIND zone (A + AAAA)
Threat activity (7 days)
21
Unique suspicious public IPs • 999 matched events • 2,193 requests evaluated
Repeat offenders
118
Threatmail: 69 • Apache security: 49
Lifecycle
Active
Pending review: 0 • Expiring ≤7d: 31
Delisted (7 days)
1
Unique IPs with a recorded delist in the last 7 days
Mail feeds
Active
Threatmail: active
User reports: not enabled • last 06:35:02 BST
Zone updated
2026-06-24 05:55 BST
Zone updated 05:55:03 BST

Threat activity is based on classified Apache security telemetry. Ordinary successful visitors and private/internal addresses are excluded; only high-confidence attack patterns can enter the DNSBL.
Source: BIND zone file (authoritative) • last updated 2026-06-24 05:55:03 BST • IPv4 A: 2,626 • IPv6 AAAA: 0 • SOA serial 2026062410 • counted from BIND zone file

Visitor

Automatic check for the IP you’re connecting from.

Not listed

Lookup

Check any IPv4 or IPv6 address against this DNSBL.

Progressive query protection: 2 lookups, then a 5-minute pause; after that, 5 more lookups before a 10-minute pause. Continued or excessive requests are paused for 1 hour. Transparency and public history are never hidden by this action limit.

Public test records

Permanent

These loopback test names verify DNSBL integration without querying a real listed address. They are excluded from active-listing totals and history.

2.0.0.127.bl.scott.ovh127.0.0.2User-reported spam
3.0.0.127.bl.scott.ovh127.0.0.3Open relay/proxy
4.0.0.127.bl.scott.ovh127.0.0.4Web/application attack
8.0.0.127.bl.scott.ovh127.0.0.8Repeat offender
dig +short 4.0.0.127.bl.scott.ovh A dig +short 4.0.0.127.bl.scott.ovh TXT

Policy

We block

  • Trusted user-reported spam and direct spam emission
  • Open relays / open proxies
  • Malware / botnet-driven SMTP activity
  • Persistent abusive behaviour and policy violations
  • High-confidence web/application exploit probes and repeated hostile scanning

We don’t block

  • Single transient misconfigurations (unless persistent)
  • Greylisting delays
  • Content-based heuristics (this is an IP reputation list)
  • One-off mistakes without repeat activity

Dual-stack behaviour

IPv4 listings apply to a single address. IPv6 abuse often rotates inside delegated ranges, so listings may be applied at /64 prefix scale where appropriate. This is documented on purpose. No surprises, no “mystery bans”.

Return codes

IPv4

CodeMeaning
127.0.0.2User-reported spam or direct spam emission
127.0.0.3Open relay or proxy
127.0.0.4Web/application attack or malware behaviour
127.0.0.8Repeat offender
127.0.0.10Legacy repeat/policy code (deprecated; use 127.0.0.8)

IPv6

CodeMeaning
::2User-reported spam or direct spam emission (IPv6)
::3Open relay or proxy (IPv6)
::4Web/application attack or malware behaviour (IPv6)
::8Repeat offender (IPv6)
::10Legacy repeat/policy code (deprecated; use ::8)

Machine-readable policy: policy.txtpolicy.json
Sanitised per-IP history: /api/history.php?ip=<address>&limit=all

Delist

Signed delisting

Delisting requires DNS proof of domain control. Higher-risk listings also require a web challenge file served from the listed IP, so a random third party cannot simply point a throwaway domain at someone else’s address.

Nothing to delist right now. Delisting appears when an IP is listed (visitor or manual lookup).