Spamhaus blacklist.

[aikooo7]

Describe the bug, issue, or problem:
us.kg is in spamhaus's dbl blacklist, making hard to impossible to send emails.

URL (if applicable):
https://check.spamhaus.org/results?query=us.kg

Domain Name (if applicable):
*.us.kg

Expected Behavior:
I wouldn't expect it to not be blacklisted, but what at least you could try remove it from it.

Additional Context:
I tried to do a ticket myself but they want to talk with the owner of us.kg

[aikooo7]

I was able to get more information

~ $ dig us.kg

; <<>> DiG 9.16.41 <<>> us.kg
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9607
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;us.kg.                         IN      A

;; ANSWER SECTION:
us.kg.                  3600    IN      A       192.9.243.240

;; Query time: 256 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Aug 31 19:34:18 WEST 2024
;; MSG SIZE  rcvd: 50

Doing a dig in us.kg shows it points to a private it further that is likely the reason of the blacklist:

https://mxtoolbox.com/Problem/Blacklist/Spamhaus-DBL/?page=prob_blacklist&ip=us.kg&link=button&action=blacklist:us.kg&showLogin=1&hidetoc=1&reason=127.0.1.6,%20127.0.1.4,%20127.0.1.5

No IP queries for DBL, see https://www.spamhaus.org/faqs/domain-blocklist#can-the-dbl-be-used-to-look-up-ip-addresses

At the same, seeing the return codes and crossing with the spamhaus's table shows:

127.0.1.6 botnet C&C domain 127.0.1.4 phish domain 127.0.1.5 malware domain

This might be happening because someone is using us kg domains for nerferious activities and us.kg if begin flagged of bad activiity instead of the proper invidivual?

[EdwardLab]

We are aware that some domains are being used for fraudulent activities, phishing, and other illegal actions. While we are blocking accounts that are clearly involved in these activities, the large number of registered domains makes it likely that some involved in criminal activity still exist. If possible, please have them email us at contact@digitalplat.org or contact@nic.us.kg to discuss the matter. We are also working to remove US.KG from the DBL list. Thank you.

[aikooo7]

We are aware that some domains are being used for fraudulent activities, phishing, and other illegal actions. While we are blocking accounts that are clearly involved in these activities, the large number of registered domains makes it likely that some involved in criminal activity still exist. If possible, please have them email us at contact@digitalplat.org or contact@nic.us.kg to discuss the matter. We are also working to remove US.KG from the DBL list. Thank you.

I have done a second ticket but I am pretty sure it was deleted as when I access it it is blank. Please let me know of anything else I can help you with and thanks for doing what you can to fix it.

[EdwardLab]

They have not been removed from the list. I think we need to ban accounts that are used for criminal activities on a large scale. They said they will not remove them from the list until there are no more domains involved in criminal violations. :(

[aikooo7]

They have not been removed from the list. I think we need to ban accounts that are used for criminal activities on a large scale. They said they will not remove them from the list until there are no more domains involved in criminal violations. :(

Well if we need to go that route:

First I wonder, if the domains are up means that they weren't reported to you, right? Why would someone else report a domain other than the abuse contact, I wonder.

I really hate to say this because this way the unique way that I could get my domains but maybe GitHub kyc is too lax?

Making a tool to scan registered domains for abusive content is a maybe a good idea?

This was only a thing that went into my mind to fix the issue :)