BTCBlack logo

BTCBlack - Blocklist Threat Clearinghouse — Real-time DNS Blacklists

Fuzzy Hash RBL

fuzzy.btcblack.it

Spammers routinely mutate their messages - changing whitespace, inserting random words, swapping synonyms, or re-encoding images - to evade exact-match content filters. Fuzzy hashing counters this by producing a compact fingerprint that remains stable across minor variations of the same content, making it possible to detect new spam variants even when they differ from any previously seen sample.

This DNSBL stores fuzzy hashes of confirmed spam and malicious messages computed with the ZOrder algorithm. ZOrder produces locality-sensitive hashes: messages with similar content map to nearby hash values, so few blacklist entries can cover an entire family of variants without requiring one entry per mutation.

How ZOrder Hashing Works

ZOrder (also known as Z-order curve or Morton code) maps multi-dimensional data onto a single dimension while preserving spatial locality. Applied to message content, it produces a compact numeric fingerprint such that messages with similar text remain close in hash space. A single blacklist entry can therefore match an entire family of mutations without requiring one entry per variant. The hash is computed over a normalised representation of the message body - stripped of variable tokens such as tracking URLs, random padding, and quoted reply text - before being submitted to the DNS zone.

Key Features
DNS Query Example
$ host <zorder-hash-of-body>.fuzzy.btcblack.it
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:

<zorder-hash-of-body>.fuzzy.btcblack.it has address 127.0.0.2

This blacklist is currently under active development. The DNS zone is operational but the dataset is not yet publicly populated. Follow progress or contribute by contacting info@btcblack.it.

For enquiries or abuse reports, contact info@btcblack.it.
The service is sponsored by SNB.