Privacy Policy is conscious of the value of data privacy, and strictly limits the use of personally identifiable and other relevant data. Most data is public and/or not personally identifiable information by its nature and thus the potential for privacy violations is limited.

Published data is made available via DNS queries as described in the technical articles published on the website. The same data is also made available to subscribers for file download. The use of the data is subject to Terms and Conditions.

Having said that, it is important to show how the project uses data – how data is collected, processed, stored and distributed.

Description of data

Published data and history data means all the data we have for our whitelist of “known good” mail servers. We store the history of all elements in our database from the first time we add an element to our database. When we stop publishing an element, the history is kept for some period of time before it is fully deleted (usually 6 months).

As part of the history, we keep a record of what we call “trust signals”. This includes the sending volume (which we determine indirectly through log files of DNS requests), blacklist entries and spam trap hits. Due to the volume created by the collection of these trust signals, the detail data is stored for a limited period of time, typically 30 to 90 days. This data is only accessible to Editors.

In addition to the data published, the database contains non-published data elements. They have the same structure as the published data, but they may not yet be published, may not be fit for publishing (eg because they emit too much spam), or may have been deleted from the published data (and awaiting final deletion after a grace period).

We describe our justification of the use of data in the editorial policy.

Organisation of data data is organised around so-called “DNSWL Ids“. These are numbers which identify a group of records belonging together (eg related IP addresses or domain names). The DNSWL Id is a convenient help to refer to a group of data elements (IP addresses, domain names etc) that belong together.

For a given DNSWL Id, we store the following meta data in a structured way: country (or “ZZ” if no particular country is applicable), type of organisation (as described in the technical descriptions on our website), and flags whether to (not) publish a certain data element.

During evaluation of an entry, editors may chose to use additional publicly available data, eg to consult a website connected with a domain name or IP address, to consult public data providers, and to use search engines (eg using the domain name). In order to minimise the data collected, the data itself from such sources is not stored, but specific findings may be noted as comments.

Self Service

The Self Service is a function of our website which allows interested parties (administrators etc) to provide us with structured input regarding their own IP addresses and domain names. Access to the Self Service requires registration using an email address (the use of a non-personal account is suggested).

The password for the Self Service is generated by the server and can not be changed by the user to avoid the potential re-use of passwords. This email address is used for notifications about IP addresses and domain names; an email address is required for contact with the interested parties. The email address may be deleted, but this would also remove access to the Self Service function.

We store the relationship between these interested parties (the “owners” of the IP addresses and domain names) and our internal records, and we store an email address with these records.

DNS Logs

Through the public DNS servers, we collect log files of DNS queries. We log the source IP address of a query (ie, the IP address of the DNS server), and the content of the query (ie, typically the IP address or domain name which is queried).

In order to minimise data collection, the data is disassociated before being stored: IP address of DNS servers are separated from the content of the query. Further, the data is aggregated over the timespan of a query collection period (usually a few minutes).

After being sent to the backend servers every few minutes, the data is further aggregated on an hourly basis and transformed into daily and monthly magnitudes. This ensures that it is in practice highly unlikely that an actual DNS query could be reproduced or that an actual communication pattern could be detected.

Daily magnitude data is removed after one month, monthly magnitude is stored as long as associated base data elements (IP addresses and domains) remain in the databases.

Subscriber Data

Subscriber data is only collected from users who wish to subscribe for data access. This data access provides the same data as the regular public access in multiple formats for download (as opposed to one-by-one access via DNS). Subscribers are contractually barred from disseminating the file contents to users outside of the contractually agreed scope.

Data collected about subscribers include contact email address(es), organisation and contact name(s), VAT/company number and address. This data is required for payment and tax purposes, and for operational or administrative contacts. Further data may be exchanged between the subscriber and (eg contractual documents). This data is stored for 10 years as per legal regulations concerning storing business records.

For organisations or individuals who subscribe to data through a reseller, the project usually only has limited contact information for operational purposes. The reseller may have additional data to handle payments. This data is governed by the privacy policy of the reseller.

Protection of data

Confidentiality: All data and subscriber data is kept in databases which are accessible only on a need-to-know basis. These databases are stored on dedicated, secured servers, and have appropriate information security controls in place. All network access to these databases is secured over encryption (HTTPS for web-based access, SSL for shell-based access etc).

The applications used to manage the data and subscriber data use a role-based access management model to restrict access on a need-to-know basis.

Integrity: The editors are selected based on their technical expertise and after an assessment of their trustworthiness.

All changes made by editors (and by imports etc) to the data are logged and can be reconstructed. This log information is part of the history data explained above and subject to the same rules.

Updates to published data are signed with a PGP signature. Subscribers are encouraged to verify this PGP signature prior to using any data.

Availability: The public access to data is provided by a world-wide network of DNS mirrors. These mirrors only have a copy of the data  to be published (and collect DNS log files as described above). The mirrors are updated at least hourly from the main distribution database to ensure no stale, removed or corrected data is presented to users.

Rights to view, rectify and delete data

After proving ownership of the IP addresses and domain names, users of the Self Service function can view the currently stored data (without internal history data), and request changes (fix errors and omissions, delete data and so forth).

These change requests are subject to the editorial policy of If an owner does not agree with the editorial decision (or for any other reasons), he/she can request suppression of the data in the published data.

All rights to view, rectify and delete data are governed by the data privacy laws of the jurisdiction as defined in the Terms and Conditions.

Other data related to

In addition to the data as described above, we use a request tracking tool for all emails sent to and from our published addresses. If email correspondence is related to a specific element in the data, the email is linked to that data (using the DNSWL Id). As these e-mails may be regarded  as business records, we store them for 10 years.

For the website we use industry-standard measures to monitor the overall performance and operations, including collecting log files and using Google Analytics.

The webserver log files are regularly searched for patterns of undesired activity (especially scraping data through the search function). reserves the right to block access in case of such undesired activity.

The Google Analytics data is used to identify often-used pages and to optimise the access to and the display of such pages. This obviously uses Cookies, which we recommend to you to block with Adblock technologies such as uBlock Origin or some similar technology for your browser.

The website does not contain advertising (neither self-acquired nor through third parties).

Notifications to accepts notifications about privacy issues (and in general, about information security-related matters) by email to or by writing to

Katzenrütistrasse 68
CH-8153 Rümlang


This Privacy Policy is valid from January 1st 2018.