Background

Blocking known sources of harm is a legitimate and essential safety practice in decentralised spaces.

Denylists are a critical tool for federated and independent community operators seeking to reduce risk to their users. IFTAS supports the responsible use of denylists as part of a broader trust and safety strategy.

This includes:

• Actively blocking known harmful actors or content to reduce exposure to online abuse, coordinated attacks, or illegal material.
• Understanding the source and scope of any denylist before importing it into your moderation systems.
• Regularly reviewing and auditing your use of denylists to ensure they remain accurate, proportionate, and effective.
• Ensuring transparency and appeal processes where feasible, particularly when moderation decisions affect individual users or communities.

Importing third-party denylists can lead to unintended harm such as overblocking, inconsistent enforcement, or discriminatory impacts on marginalised communities. Therefore, IFTAS advises that any implementation of denylists should include a clear understanding of the values and goals behind the list, along with processes for redress, appeal, or review if appropriate for your community model.

The resources listed below are provided to support community managers in making informed choices about the sources and tools they rely on. Inclusion of third-party lists does not imply IFTAS endorsement of any specific list.

Related Reading

• Navigating Defederation on Decentralized Social Media Platforms
• An Exploration of Decentralized Moderation on Mastodon

Domain Denylists

IFTAS Domain Denylist Resources

• IFTAS DNI – a curated list of the Do Not Interact domains, reviewed and labelled by IFTAS.
• IFTAS Abandoned and Unmanaged Domain List – a curated list of known spammers and abandoned servers, reviewed and labelled by IFTAS.
• IFTAS CARIAD – a domain observatory monitoring the domains blocked by selected Mastodon service providers. IFTAS reviews and approves these domains, but their inclusion is by observation of consensus. Monitor which domains are being blocked by the Fediverse or compare your blocked domains to the 51% list (Mastodon login required), or retrieve the lists in JSON format:
  • Domains blocked by 51% or more of observed sources (JSON)
  • Domains blocked by 66% or more of observed sources (JSON)
  • Domains blocked by 80% or more of observed sources (JSON)

Other Denylist Resources

The following denylist resources are for informational purposes only, and their listing here does not imply endorsement from IFTAS. IFTAS does not participate in any list creation or curation other than those listed under “IFTAS Resources”. Descriptions are sourced from the project web sites.

• Garden Fence: This list is intended as a simple starting point for Mastodon server admins who want to protect their users from the worst and most well known sources of: hate speech, racism, sexism, homophobia, transphobia Harassment, trolling, doxxing, stalking, alt-right, nazism, fascism, free-speech-as-in-bigotry, “just asking questions”, misinformation, anti-vax, conspiracy theories, sexualization of minors, potential for CSAM, spamming, denial-of-service, network disruption, abusive bots.
• FediSeer: This is a FOSS service to help Fediverse instances detect and avoid suspicious instances.
• Oliphant.Social Mastodon Blocklists: This is a place to find curated server blocklists for your own use. There are links to individual blocklist sources, as well as a custom “unified” file that takes blocklist files from other sources and merges them together into a single import file.
• Open Registration Fediverse Server Blocklist: Here you can download a CSV list of open-registration fediverse servers with more than 10,000 users. This list is automatically updated on a hourly basis.
• PeerTube Isolation List: Organizing to block Far right’s PeerTube instance from the Fediverse and isolate them
• Seirdy’s Fediverse Blocklists: Seirdy maintains four blocklists for the Fediverse.
• The Bad Space – The Bad Space arose from a need to identify instances that house bad actors, are poorly moderated, and/or contain inappropriate/offensive content (CSAM, hate speech, fascist ideology, etc.) that puts marginalized communities at risk.
• Threads Moderated Servers: Threads blocks communication with some other servers on the fediverse for a variety of reasons, including lack of Privacy Policy, violations of Community Standards or lack of compliance with deletion requests.

Domain Investigation

Use these tools to review federating domain services.

• FediDB: Fediverse network statistics
• Fediverse Observer: Fediverse Observer finds all servers in the fediverse

IP Address Denylists

• Bot IPs blocklists
• Do Not Route or Peer ASN List – IP addresses known for extremely abusive traffic.
• Herr Bischoff lists
• IPdeny country block downloads
• Spamhaus DROP list (The Spamhaus DROP lists consist of netblocks that are leased or stolen by professional spam or cyber-crime operations, and used for dissemination of malware, trojan downloaders, botnet controllers, or other kinds of malicious activity.)
• StopForumSpam – Toxic IP CIDR ranges
• Stratosphere Blocklist Generation Project

Email / MX Records

• List of disposable email domains
• List of political disinformation website campaign domains

Github Conversations about Domain Reputation / Promiscuous Federation

• Federation “Approval First” Mode
• Admin option to greylist newly discovered instances by default
• block new accounts from a given remote instance
• Sync blocking lists between instances
• AutoModerator for Mastodon Instances
• Blocklist-importing, but for retractions
• Block old software versions
• Subscriptions to blocks and mutes from other accounts
• Add moderation statistics endpoint
• Administrative block of posts including special hashtags