Popular topics: Spam blocklist Abuse Contact ValidationPolicy blocklistWelcome listPotentially compromised accountsExploit blocklistCombined blocklistDomain blocklistRspamdWhat is XARF?


BTC wallet blocklist (btc-wallets.mail-beta.abusix.zone)

Status: Beta
Type: SHA-1 hash
Cloud DNS namespace: <key>.btc-wallets.mail-beta.abusix.zone.
Rsync File: beta-lists/btc-wallets.zone
Return Codes:
Test Points:
Listing Duration: Approximately 5.2 days after last seen


We developed this list to list BTC Wallet addresses seen in the message body of spam sent to traps.

Because it is not possible to represent a BTC Wallet in a DNS query, the BTC Wallet is SHA-1 hashed and the hash value is used for lookup instead of the URL.

For example:

SHA-1(15GWKdT8e1o6GcDTZMQZRiZng2Q6dLX8Aw) -> 


As this is a completely new type of anti-spam check, it will require support for this to be added to your chosen mail platform.   See below for example code for rspamd.


The following code can be added to /etc/rspamd/rspamd.local.lua to enable rspamd to query this zone.   Note that you should replace "<APIKEY>" with your API key or set the "check_btc_dns" variable appropriately for your DNS namespace if you are using rsync.

local btc_wallet_re = rspamd_regexp.create_cached('/(?:^|\\s)([13][a-km-zA-HJ-NP-Z1-9]{25,34})(?:\\s|$)/')
local check_btc_dns = '.<APIKEY>.btc-wallets.mail-beta.abusix.zone.'

local check_btc_cb = function (task)
    local parts = task:get_text_parts()
    if not parts then return false end
    local r = task:get_resolver()
    for _, part in ipairs(parts) do
        local words = part:get_words('raw')
        for _, word in ipairs(words) do
            local match = btc_wallet_re:match(word)
            if match then
                local btc_hash = rhash.create_specific('sha1', word):hex()
        local lookup = btc_hash .. check_btc_dns
        local function dns_cb(_,_,results,err)
            if (not results) then return false end
            if (tostring(results[1]) == '') then
                        rlogger.errx('found BTC wallet %s (%s) in BTC Wallet blacklist', word, btc_hash)
                        return task:insert_result('RBL_AMI_BTC', 1.0, word);
                r:resolve_a({ task = task, name = lookup , callback = dns_cb, forced = true })

local check_btc = rspamd_config:register_symbol({
    name = "RBL_AMI_BTC",
    score = 3.0,
    description = "BTC Wallet found in Abusix BTC Wallet blacklist",
    group = "abusix",
    type = "callback",
    callback = check_btc_cb

Was this article helpful?

Can’t find what you’re looking for?

Our award-winning customer care team is here for you.

Contact Support