invaluement.com DNSBL
invaluement anti-spam DNSBL
Listed? Visit our lookup & removal utility
E-MAIL:
dnsbl@
invaluement.com


REMOVAL REQUESTS: here

RSYNC ACCESS: here

PHONE NUMBER:
+1 (478) 475-9032

Mailing Address:
PowerView Systems
PMB 305
248 Tom Hill Sr. Blvd.
Macon, GA  31210
  ivmSIP (sender’s ip dnsbl)   ivmSIP/24   ivmURI (uri dnsbl)  
  spam blocker blog   dnsbl guide   rsync access & instructions  
  reviews   about “invaluement”   lookup utility   contact  

Spam
Filtering
Services

for Macon &
W.R., Georgia,
USA

ivmURI
“a URI blacklist

ivmURI, is one of three invaluement DNSBLs. Please first read the discussion of goals and features shared by all 3 lists detailed on the invaluement Anti-Spam DNSBL page.

Mailadmin & SARE Ninja, Alex Broens said:

“ivmURI has become another valuable spam detection layer which I highly recommend to my customers. Rob McEwen has done a great job in this niche and complements the already available resources, with minimal admin requirements - setup & it works!”
founder of SURBL, Jeff Chan said:

“We've enjoyed working with Rob McEwen on SURBL and expect his new DNSBL to aid in the identification of unsolicited messages in new ways.”

ivmURI is the invaluement uri dnsbl. Aka a “uri bl”, this list includes those IPs and domain names which only appear in the body of unsolicited messages. ivmURI was developed by one of the long-time SURBL adminstrators, Rob McEwen, and is now considered to be one of the three top-tier URIBL blacklists, along side SURBL and URIBL. In fact, the drop-off in quality after the three major URI blacklists (SURBL, URIBL, and ivmURI) is considerable. Simply put, there is no close fourth.

How can we know this? Besides having data from industry leaders backing up this claim, we are in a position to know and to judge because the founder and developer of ivmURI, Rob McEwen, has been an adminstrator for SURBL since June 2005 and continues to serve in that role. Therefore, Rob has an insider’s knowledge of the inner workings of SURBL. (Rob was also a participant in the discussions which led to the formation of URIBL, and keeps close contact with some of the URIBL folks as well.) It was this hard won expertise that inspired the creation of ivmURI.

None of the three major URI blacklists (SURBL/URIBL/ivmURI) make any of the others obsolete because all three block some spams missed by the other two. Therefore, we consider all three to be indispensable. However, ivmURI could still be a huge help for some organizations who now suddenly find themselves unable to afford SURBL’s new pricing policies. (NOTE: Starting 11/6/2008, SURBL is no longer free for organizations “processing more than 250,000 inbound messages per day or having more than 1,000 users”. In the near future, such SURBL-users will be cut off unless/until they subscribe to SURBL.)

FOR EXAMPLE: Recently, a multi-national corporation with 60K employees gathered stats on all three URI blacklists. Their statistics showed that 72% of the spam blocked by SURBL was also blocked by ivmURI. Obviously, it is noteworthy that 28% of the spam blocked by SURBL was missed by ivmURI! However, (overall) in those statistics, ivmURI blocked more spam than both SURBL and URIBL, and had fewer false positives than both SURBL and URIBL. Additionally, for every 1 spam blocked by SURBL that ivmURI missed, there were 2 spams blocked by ivmURI that SURBL missed. Finally, ivmURI had the highest “unique” spams blocked (that being spams blocked by a URI blacklist which ALL other URI lists missed). In fact, ivmURI beat out the 2nd place URI blacklist in this “uniques” category (uribl.com) by a 2-to-1 margin. (details and raw data available upon request)

How does ivmURI fit into this mix of high quality URI DNSBLs?

“ivmURI alone now accounts for 85% of all the spam we block, while maintaining an extremely low false positive rate.”

Chris Owen,
hubris.net
  1. LOW FALSE POSITIVES: At least as low as SURBL and URIBL. Some have reported the FPs to be the lowest of all three major URI BLs!
  2. UNIQUES: As stated, there are some series of spam listed only by ivmURI, or listed by ivmURI first. In fact, periodically a URI will get listed only on ivmURI, and then SURBL and/or URIBL will pick up that URI months later. (Of course, the reverse is true as well! Which is why all three lists are very valuable and we use all three in our own spam filtering!)
  3. SMALL MEMORY FOOTPRINT: ivmURI has a memory footprint which is much smaller than URIBL and vastly smaller than SURBL.
    • This opens up possibilities for applications which require a smaller memory footprint URI BL!
    • Interestingly, ivmURI’s spam catch rate is at least as high as SURBL and URIBL. So, in this case, having less data does not translate to less spam caught!
  4. FAST UPDATING: In situations where all three URI blacklists have caught a new spammer’s domain at the same time (at the backend), ivmURI has the fastest turnaround time for getting that domain into circulation, for productive use, in comparison to URIBL and SURBL. (Actually, this is a “game of inches” when ivmURI is compared to URIBL, but the turnaround for ivmURI is substantially faster than SURBL’s turnaround time.) This helps catch new series of spam that haven’t had much time to get listed on all the various types of anti-spam clearinghouses and are, therefore, at high-risk for getting missed by many spam filters.

Examples of URIs caught by ivmURI,
but missed by SURBL and URIBL!

“ivmURI is a URI (domain) DNSBL like SURBL or URIBL, with high effectiveness (comparable with URIBL/SURBL), extremely low false positives, and quick to list.”

From CBL, the largest component of Spamhaus’ Zen & XBL lists -- see full quote on the cbl.abuseat.org web site!

The following is a tiny sampling of such messages. In this case, we took the last 500 message caught by ivmURI, waited 24 hours (to give SURBL and URIBL extra time to catch these). Extracted from that batch, below are the domains caught by ivmURI but missed (at that time) by surbl and uribl, even after giving them an extra 24 hours to catch up.

  • Some of these web sites have been terminated by hosting providers by now. Also, some of these are listed on surbl and uribl by now!.
  • This batch was collected on May 31, 2008. Fresher samples will be posted here from time to time.
  • For each domain listed below, we have unsolicited messages on file with those domain names used in the message’s links.
  • Had we spotted URIBL and SURBL an extra 1 hour instead of 24 hours, this list would be much larger. And, as mentioned earlier, surbl and uribl also catch much spam missed by the other two URI BLs, including listing URIs missed by ivmURI... so this point cuts all three ways!
  • Visit these web sites at your own risk since we haven't checked them for malicious exploits.

Uri Uniques Uri Uniques Uri Uniques

How to access the invaluement DNSBL?

Sign up here for an evaluation.

 

 


ivmURI
“a uri dnsbl”

What is a
URI DNSBL
??????

If you are not a professional in the mail hosting and spam filtering industry, you may be wondering, “What is a URI DNSBL? And what does URI stand for?” ...keep reading...

A uri dnsbl is simply an anti-spam “black list” delivered via DNS which consists of domain names and IP addresses which are found in the body of the message. Specifically, there are the domains and IP addresses which spammers use to host their web sites. They are a part of the clickable links that the spammer has placed inside the messages so that, when someone clicks on that link, it goes to the spammer’s web site.

Why not call it a domain name black list?

Since the spammers sometimes use IP addresses instead of domain names, the term domain name blacklist is insufficient. That is where the term URI comes into play. URI stands for Uniform Resource Identifier, and this term covers both domain names and IP addresses.

How is a URI list different from a “regular” DNSBL?

A traditional DNSBL (aka “rbl”) is a list of the IP addresses from which spam is sent. In contrast, a URI blacklist is blocking spam based on the domain names and IP addresses (referred to as URIs) that are contained within the body of the message.

Is this the same thing as a Right Hand Side Blacklist (RHSBL)?

No! Many confuse RHSBLs with URI BLs. A RHSBL lists domains used in the “from” address of spams. A URI blacklist goes after the clickable links in the body of the message. A very high percentage of spams are sent from forged addresses. In those cases where the return address actually belongs to the spammer and the spammer is trying to get the recipient to reply, the spammer is probably going to use a freemail address (gmail, yahoo, hotmail, etc.) as their from or reply to address.

Therefore, RHSBLs are practically worthless and should not be confused with URI blacklists, which are far more effective than RHSBLs.

  ivmSIP (sender’s ip dnsbl)   ivmSIP/24   ivmURI (uri dnsbl)  
  spam blocker blog   dnsbl guide   rsync access & instructions  
  reviews   about “invaluement”   lookup utility   contact  

Spam
Filtering
Services

for Macon &
W.R., Georgia,
USA