BTCBlack - Blocklist Threat Clearinghouse — Real-time DNS Blacklists

ESP Accounts RBL

esp.btcblack.it

Email Service Providers (ESPs) such as Mailchimp, Brevo, Sendgrid, and Amazon SES are frequently abused by spammers who register accounts specifically to send bulk unsolicited email. Because these campaigns originate from the ESP's own infrastructure, they often bypass traditional IP-based blacklists that would otherwise catch direct-to-MX spam.

This DNSBL lists hashed identifiers of ESP accounts confirmed to have been used for spam or abusive bulk email. It enables mail filters to flag or reject messages delivered via known-abusive ESP accounts, regardless of the sending IP address.

Key Features

• Account-level blocking: Targets the abusive account, not just the sending IP, preventing evasion through IP rotation within the ESP.
• SpamAssassin integration: Queryable via the HashBL plugin using the Received, Feedback-ID or other headers that ESPs inject into outbound messages. Updated rules can be downloaded from Github.

Supported Providers

Abusive accounts at the following providers are currently tracked: Mailchimp, Brevo (formerly Sendinblue), Sendgrid, and Amazon SES. Provider coverage is maintained in the open-source spamassassin-esp ruleset; see that repository for the complete list of supported providers and corresponding SpamAssassin rules.

Listing Policy

Accounts are listed on the basis of confirmed spam trap hits or validated abuse reports. Hashed identifiers are retained as long as the associated account remains active and abusive. To report a newly identified abusive account or to dispute a listing, contact info@btcblack.it.

DNS Query Example

$ host <hash-of-account>.provider.esp.btcblack.it
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:

<hash-of-account>.provider.esp.btcblack.it has address 127.0.0.2

For more info send an email to info@btcblack.it.
The service is sponsored by SNB.