Changes

'''Reputation Block Lists''', or RBLs, are lists of [[Domain Name]]s, Universal Resource Locators ([[URL]]s), and/or Internet Protocol ([[IP]]) addresses that have been identified as posing security threats.<ref>[https://www.icann.org/en/blogs/details/reputation-block-lists-protecting-users-everywhere-1-11-2017-en Reputation Block Lists Protect Users, ICANN Blog]</ref>

'''Reputation Block Lists''', or RBLs, are lists of [[Domain Name]]s, Universal Resource Locators ([[URL]]s), and/or Internet Protocol ([[IP]]) addresses that have been identified as posing security threats.<ref>[https://www.icann.org/en/blogs/details/reputation-block-lists-protecting-users-everywhere-1-11-2017-en Reputation Block Lists Protect Users, ICANN Blog]</ref> DNS reputation systems can detect [[Malicious Domain|malicious domains]] at the registration time (with PREDATOR) or domain activity phase (with EXPOSURE). They classify domains as either malicious or benign; however, they do not consider [[Compromised Domain|compromised domains]]. The blocklists represent activity such as spam, malware distribution, command-and-control, phishing, and/or intellectual property rights infringement. Intermediaries, such as internet service providers, use them to block malicious communications.

==Overview==

==Overview==

Commercial service providers, researchers, and non-profit organizations operate the most prominent RBLs that detect or receive notifications of security threats. Examples include:

Commercial service providers, researchers, and non-profit organizations operate the most prominent RBLs that detect or receive notifications of security threats.

* Cisco’s [https://talosintelligence.com/reputation_center Talos] email reputation system,

* Cisco’s [https://talosintelligence.com/reputation_center Talos] has an email reputation system.

* [https://apwg.org/ the Anti-Phishing Working Group's RBL],

* [https://apwg.org/ the Anti-Phishing Working Group's RBL]'s contains phishing URLs submitted by accredited users through the [https://apwg.org/ecx/ eCrime Exchange platform]. The URLs are accompanied by metadata, including the confidence level and the target brand name; this RBL makes no distinction between [[Malicious Domain|malicious domains]] and [[Compromised Domain|compromised websites]].

* [https://safebrowsing.google.com/ Google Safe Browsing],

* [https://safebrowsing.google.com/ Google Safe Browsing]'s technology, launched in 2007, examines billions of URLs per day looking for unsafe websites and showing warnings on Google Search and in web browsers.

* [http://www.surbl.org/ SURBL], and

* [http://www.surbl.org/ SURBL]'s feed is composed of domain names in unsolicited email messages and external blacklists, which are categorized into lists of phishing, malware, or spam activity.<ref>[http://www.surbl.org/lists Lists, SURBL]</ref>

* [https://www.threatstop.com/ ThreatStop].

* [https://www.threatstop.com/ ThreatStop] is a commercial [[cybersecurity]] operation established in 2009 that includes [[Paul Mockapetris]] as its chief scientist.

* [[OpenPhish]]'s feed contains phishing URLs and targeted brands.<ref>[https://openphish.com/ OpenPhish]</ref>

==History==

==History==

==References==

==References==