DNS RBL Zone: Query Our Community Blocklist From Your Mail Server
The ReportedIP community blacklist is now a DNS blocklist. Mail servers and firewalls can query 11,134 listed IPs (as of 29 May 2026) in real time as a private DNS RBL zone at bl.reportedip.de — no file downloads, no cron imports, no stale lists.
The DNS / RBL Zone is a recurring add-on, bookable from the Professional plan upward. Subscribe from your dashboard and you get a token-authenticated zone string to drop into Postfix, Rspamd, BIND RPZ, or any RBL-capable software.
What is a DNS RBL zone?
A DNSBL (DNS-based blocklist, also called an RBL) answers a simple question over DNS: is this IP address known to be malicious? Instead of pulling a file and reloading it, your mail server reverses the connecting IP, appends the zone, and does a normal DNS lookup. The answer is an A record in the 127.0.0.0/8 range — or NXDOMAIN if the IP is clean.
Until now our blacklist shipped only as a file (TXT/JSON export and a daily Git push). That is fine for firewalls that import lists, but mail servers and edge filters expect a live DNSBL. The DNS / RBL Zone closes that gap: the same community blacklist you already know, served authoritatively over DNS and refreshed every few minutes.
How the zone works
Your private zone string
Every subscription provisions one token. Your zone string is <your-token>.bl.reportedip.de. To check an IP, your server prepends the reversed address — checking 1.2.3.4 issues a lookup for 4.3.2.1.<your-token>.bl.reportedip.de and reads the answer. The token scopes usage to your account so the zone stays abuse-resistant.
Return codes map to confidence
The confidence score is pre-computed by ReportedIP and encoded directly in the return code, so your mail server needs no extra mapping:
| A record | Meaning | Suggested action |
|---|---|---|
127.0.0.2 | Listed — high confidence (≥ 90) | Reject |
127.0.0.3 | Listed — medium confidence (75–89) | Reject or score |
NXDOMAIN | Clean, or not in the requested category | Accept |
127.255.255.251 | Daily query quota reached | Add another token |
127.255.255.252 | Token invalid or subscription inactive | Check token & billing |
Want to verify your setup without a real listed address? A lookup of the test IP 127.0.0.2 — queried reversed as 2.0.0.127.<your-token>.bl.reportedip.de — always returns 127.0.0.2.
Filter by threat category with sub-zones
Insert a category slug before the zone to match only one threat type: <reversed-ip>.<your-token>.<slug>.bl.reportedip.de. Nine sub-zones are available: spam, brute-force, cms-login, web-attacks, malware, ddos, fraud, infrastructure and apt. A hit is returned only if the IP is listed in that category.
Add it to your mail server
Postfix
# main.cf
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_rbl_client <your-token>.bl.reportedip.de=127.0.0.[2..3],
...Rspamd
# local.d/rbl.conf
rbls {
reportedip {
rbl = "<your-token>.bl.reportedip.de";
ipv4 = true;
returncodes {
REPORTEDIP_HIGH = "127.0.0.2";
REPORTEDIP_MEDIUM = "127.0.0.3";
}
}
}BIND RPZ and any other RBL-capable software work the same way — point them at your zone string. The full setup reference, including category sub-zones, lives in the DNS / RBL Zone documentation. For the format and scoring behind the list itself, see the blacklist docs.
Limits, privacy and pricing
- 100,000 DNS queries per day per token (resets 00:00 UTC). That covers a busy single mail server or a small cluster. Reaching the limit returns
127.255.255.251until the reset — subscribe to a second token for more capacity. - Privacy by design. Queried IP addresses are not stored beyond aggregate abuse metrics. The zone runs on EU infrastructure under GDPR.
- 7,90 € / month or 79 € / year, incl. 19 % VAT. Bookable from Professional, Business and Enterprise. It is a separate subscription that runs alongside your plan, and you can cancel anytime through the billing portal.
Why query a blocklist over DNS
DNS is the right transport for this job. Lookups are cached by your resolver, so repeat checks are answered locally in microseconds. There is nothing to import and nothing to keep in sync — the zone is refreshed continuously from the same data that powers our community threat intelligence. The IPs you block are the same ones hammering thousands of WordPress sites, as documented in our weekend attack report.
The mechanics follow the long-standing DNSBL convention described in RFC 5782, so existing mail-server integrations work without custom code.
Frequently asked questions
Which plans include the DNS / RBL Zone?
It is a recurring add-on, not part of any tier. You can book it from the Professional plan and above for 7,90 € per month or 79 € per year.
How is this different from the file blacklist?
Same data, different transport. The file export is a static download you import on a schedule; the DNS / RBL Zone answers live queries over DNS and stays fresh without any import step.
Does it work outside WordPress?
Yes. The zone is plain DNS, so any RBL-capable mail server or firewall — Postfix, Rspamd, BIND RPZ, and others — can use it regardless of platform.
Built to the DNSBL standard
The zone follows RFC 5782 — reversed-octet IPv4 and reversed-nibble IPv6 queries, the standard 127.0.0.2 test point, and the reserved 127.255.255.0/24 error range. The token-in-query format matches the keyed-DNSBL convention used by established services such as Spamhaus’ Data Query Service, so it drops into Postfix, Rspamd or a BIND RPZ with no custom code — and unlike most free blocklists, which are IPv4-only, it covers IPv4 and IPv6 equally.