Available RPZ Lists

The following section details the RPZ lists available in the system and the purpose of each one.

These lists allow blocking or controlling the resolution of domains associated with malware, phishing, spam, infrastructure abuse, or specific content categories.

Each list can be enabled or disabled according to the desired security policy.

blocklistproject

Extreme Privacy and No Tracking.

Privacy-oriented list that blocks domains used for tracking, aggressive advertising, telemetry, and data collection.

It should be used with caution, as it may affect the operation of some websites or applications that depend on tracking or analytics services.

newly_registered14

Newly Registered Domains (last 14 days).

This list is updated daily and contains domains registered within the last 14 days.

A large proportion of cybercrime attacks use recently registered domains for:

  • phishing campaigns

  • malware distribution

  • command-and-control infrastructure

For this reason, blocking recently registered domains significantly reduces the attack surface.

oisd

Extreme Privacy, No Banners/Ads.

Privacy-focused list that blocks domains associated with advertising, banners, tracking, and monitoring systems.

It should be used with caution, as it may affect the functionality of some websites.

planisys_adware

Planisys Adware.

List of domains associated with advertising software (adware) that generates unnecessary traffic or unwanted behavior on user devices.

Its use helps reduce bandwidth consumption and improve the browsing experience.

planisys_corp_threats

Specially for Companies.

List designed for corporate environments, focused on threats commonly found in enterprise networks.

Includes domains associated with malware, phishing, command-and-control infrastructure, and other indicators relevant to organizations.

planisys_crypto

Planisys Cryptojacking.

Contains domains associated with platforms or scripts used for unauthorized cryptocurrency mining on user devices.

Blocking these domains prevents the misuse of CPU and power resources on compromised devices.

planisys_dga

Planisys DGA.

List of domains generated through Domain Generation Algorithms (DGA).

These domains are commonly used by malware to dynamically locate command-and-control servers.

planisys_grayzone

Cheap, Abused or Insignificant gTLDs by ICANN.

Includes domains belonging to low-cost or frequently abused gTLDs, such as:

  • .top

  • .xyz

  • .click

  • .gq

These TLDs are frequently used in phishing, malware, and fraud campaigns due to their low cost and ease of registration.

planisys_islands

Abused or Insignificant ccTLDs – Islands.

This list contains country-code Top Level Domains (ccTLDs) belonging to small islands that do not have significant Internet infrastructure.

In many cases, these TLDs are commercially exploited by registries that sell subdomains on a large scale.

As a result, they have been abused in numerous cybercrime campaigns.

It is not mandatory to enable this list. It is recommended only when reports indicate attacks originating from domains using ccTLDs such as:

  • .ac

  • .me

  • or other similar ones.

planisys_isp_threats

Specially for ISPs.

List optimized for Internet Service Providers.

Includes domains associated with threats, while keeping certain categories whitelisted, such as:

  • adult content

  • trackers

  • telemetry

This allows the network to be protected without interfering with the legitimate traffic typically generated by residential customers.

planisys_malware

Planisys Malware.

Primary list of domains associated with confirmed malware.

Includes infrastructure used for:

  • malware delivery

  • command and control

  • payload distribution

planisys_phishing

Planisys Phishing.

Domains used in phishing campaigns designed to steal user credentials or sensitive information.

planisys_porn

Planisys Selected Porn Domains.

List of domains associated with adult content selected for content filtering.

It can be used in educational environments, corporate networks, or networks with parental controls.

planisys_spam

Planisys Spam (used for Mail Exchangers).

List of domains associated with spam and email abuse.

It is primarily used to protect mail servers and block domains involved in mass spam campaigns.

planisys_ti

Big Telcos with More Than 500k Users.

List optimized for telecommunications operators with large user bases.

Includes domains associated with threats relevant to large-scale networks.

rpz_br

Brazil Government.

Official list of domains blocked by the Government of Brazil.

rpz_co

MinTIC Colombia.

List of domains blocked by resolutions issued by the Ministry of Information and Communications Technologies of Colombia.

rpz_ec

ARCOTEL Ecuador.

List of domains blocked according to ARCOTEL resolutions in Ecuador.

rpz_enacom_ar

ENACOM Argentina.

List of domains blocked according to resolutions issued by the National Communications Entity (ENACOM) in Argentina, for compliance with local regulations.

rpz_local

Manual Blocklist.

Local list managed manually by the operator.

Allows the addition of specific domains that should be blocked through custom policies.