FraudBL - Explained

www.fraudbl.org

FraudBL is an open source DNS Blacklist server, a part of the more common dnsbl.tornevall.org DNS Blacklist. FraudBL stands for Fraud Blacklist. This site itself is a landing page for Tornevall Networks blacklisting services and the real site, where most of our information resides can be reached via Tornevall Networks portal (which is currently under construction). FraudBL is, what tornevall.org is: While dnsbl.tornevall.org blocks regular spam, proxies and webabuse, FraudBL explicitly blocks servers known of sending spam based on phishing or anything else that would cause any economic loss for the receiver.

The purpose of FraudBL is about stopping fraudalent/phishinglike e-mail sent from different servers, that looks like they are sent from banks and others. FraudBL uses a separate spamresolver with the suffix bl.fraudbl.org. However, we are also using dnsbl.tornevall.org and hosts that is considered phishy/fraudalent are marked up with an extra TXT-entry.

To report fraudalent e-mail to us, send the mail content (important: with full header) to spam@fraudbl.org. To extract a message header, you may see a few examples at http://docs.tornevall.net/x/ZoBq how to do this (covers gmail, outlook/hotmail/thunderbird/etc). The goal with this, is to block the server sources of the sent mail, not the sender itself, so it's actually the "Receved"-headers we are looking for primarilly.

Examples on where spoofed e-mail may come from:

  • Paypal
  • Skatteverket (Sweden)
  • Swedbank (Sweden)
  • Apple/itunes
  • Telia Sonera
  • Nordea (Sweden)
  • Bank of America
  • And many many more...

The site FraudBL is located in Sweden.