List Description

RATS-Auth is a collection of IP Addresses that have been detected as engaged in, or a part of a Business Email Compromise (BEC) attack.

List Specifications

Rats-Auth contains IPs from static sources or networks operated by those engaged in criminal behavior (this includes servers that have been compromised). This list typically does not contain dynamic IPs or CGNAT IPs. IP addresses are added only after detecting abusive activity such as password guessing attacks. Therefore, this list is very safe to be used for protecting any resources that require authentication, whether it be SMTP, IMAP, POP, or even other services such as SSH or XMPP.

Download / Install / Usage

If you are interested in querying RATS-Auth, you can query it just like any other RBL using the hostname "". If you need more information or assistance, please feel free to contact us. We also recommend that you refer to our Terms of Service to check if you qualify for free usage.


For removal of IPs listed on Rats-Auth, please reach out to us via the contact form. You must prove that you are the owner/operator of the server, as shown in the rWhois or SWIP for that IP address. Additionally, you must be prepared to explain the activity and the steps that have been made to ensure this type of activity does not occur again in the future.

Many thanks to our Sponsors, Subscription Holders, Users and Contributors.