Shutdown of


Virbl was a project of which the idea was born during the RIPE-48 meeting in May 2004. The plan was to get reports of virusscanning mailservers and put the IP-addresses that were reported to send viruses on a blacklist. Since the start, a number of trusted notifiers participated and over the next 10 years Virbl was a great addition to fighting back virus mails on the internet.

However, the internet changed, the techniques used to filter virus mails changed, trusted notifiers stopped reporting about incoming virusses and Virbl became more and more obsolete. This prompted us to decide to ‘pull the plug’ on the project after 12 years of operation.

The Virbl-project site has been replaced by this static message to inform those that find their ways here. The Virbl DNSBL-zone was emptied and will be removed all together at a moment further on in the future. Please remove any DNSBL-lookups against ‘’ from your e-mail configurations. AS-operators will no longer receive the so called ‘Virbl AS-reports’ and it will no longer be possible to look up evidence. Mail sent to the ‘’ domain will be tossed in the endless vacuum called /dev/null.

Please remove any DNSBL-lookups against ‘’ from your e-mail configurations.

Accordingly, we have removed all entries for “” from DNSBL configurations.

2 replies on “Shutdown of”

So what is the modern replacement/improvement? Are standard tools like clam and amavis now as effective as a DNSBL built from mass collaboration among relay operators who may be employing clever virus identification on their systems?

Sprux’s mail services don’t see a _ton_ of traffic but I suppose between the handful of respected DNSBLs we do check and relatively aggressive virus/malware scanning we haven’t had any major issues (that we’re aware of).

What is Rollernet relying on at this time?

There were some customers using, but overall it was a minority.

We use some of the more common DNSBLs plus we recently set up a homebrew DNSBL that self-populates based on spamtraps. We have a couple random domains that have never been used but collect spam anyway. It currently has 30575 IP addresses on it. We also use URIBL and DNSWL.

We’re also using Cloudmark Authority which is a subscription service that we’re still working on fully integrating.

Comments are closed.