Just started seeing many email attachments with .html active javascript ransomware in base64 fully loaded anyway this is going to be the new normal, disabling javascript on email clients as filtering these will be challenging) so, if you are not using mutt or custom email (like moi) I would strongly suggest not opening any .html attachments without disabling Javascript I also operate http://ascams.com and currently public dnsbl's here: block.ascams.com and superblock.ascams.com - unfortunately these are quite strict as most of facebook and twitter is blocked (for abuse - both those do not react to spam/abuse/phish and other issues - whereas Google and Microsoft generally do... - go figure) - anyway, ymmv, but use for scoring and not for hard bounce (at my present employer we use for hard bounce, but we have multiple neural net abuse nodes, so without that you may have too many fp's) I also track bots, (anything from ZeUS, XOR, 0access etc as well as the controllers :) payload ip's etc (which go to superblock.ascams.com ) the bots I am listing here at the moment http://spamid.net (yes, I also operate spamid.net - but I am thinking about merging spamid.net with ascams.com - as my focus is becoming more and more cybercrime, data and tracking bad bots I am presently writing an edi for abuse nodes, as it is neural it is challenging to stick to the kiss principle, and I will publish this somewhere shortly.. Andre