How do I find a list of all email, dropbox and similar providers?


    I need to create a blacklist of locations.  Is there a listing of sites like dropbox and email web sites where I need to be concerned about gets and posts?  Can you point me in the right direction?  A flat file would be perfect.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hi awakenings
I don't understand your question, create a blacklist? From ?
With regards to Dropbox I have an account there and sharing files is determined by the list of people you share with,  you can either share a folder or send a url.
no emails addresses exchanged only a link to your files if you so choose
Dropbox shared folders let you collaborate on a set of files. When someone joins a shared folder, the folder appears inside their Dropbox, and syncs to their computers automatically.
Could you elaborate a bit more about your concerns.
awakeningsAuthor Commented:

    Obviously I cannot go into details.  All I am looking for is a list of web sites that have email or dropbox-like functionality.  I need this for a project that I am working on.  I know there are probably tens of thousands of corporate email servers and I cannot block them all, but if I can block a good chunk of the "public" email and upload services such as dropbox, aol, gmail, google, yahoo, etc. it would be a good start.  I'd like to find a list on the web rather than compiling a list myself.

David Johnson, CD, MVPOwnerCommented:
If you are interested in keeping company confidential documents confidential use Active Directory Rights Management Services
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

awakeningsAuthor Commented:

    Thanks, but I am looking for that list still.

There is no single list like what you are looking for.

Since you can't go into details I would assume that you are trying to create/provide a service that you feel does not exist.  If you think about it, if such a list existed, that would imply somebody was already providing that service.  Of course I could be way off base as to why you want this list.

You might be able to piece together one from various other lists.   Example you could look at these:

And then look up all the IP addresses for all the companies listed and create your own.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btanExec ConsultantCommented:
in fact if it falls into the malwaredomainlist regards email or file hosting site, I will consider them fro blacklisting
likwise from urlblacklist for various disallowed categories includes webmail, filehosting, ecommerce, mail, proxy, onlinegames etc
You can't go into details?
In my humble opinion there is no such thing as one black list.  
Also it may not have public access.
Every few secs of everyday a new threat is created that is why we have definition updates for our security.
It depends on the threat and threat level.
Google would have to have the largest source for blacklists 
Symantec is also another place
Fake email threats
Sharing sites.
The all in one sites like Facebook / twitter.
For your information..
Understanding XSS – input sanitisation semantics and output encoding contexts
white paper PDF
The Ongoing Malware Threat: How Malware Infects Websites and Harms Businesses —
and What You Can Do to Stop It
White paper pdf
Blacklists & Dynamic Reputation -Understanding Why the Evolving Threat Eludes Blacklists

Rather than chance it with security  always stop security risks at the core, keep your av up to date, windows up to date and have installed the best defences.
restricted users access to the internet.
Whichever browser say for example  IE you set the security to max high
With my emails using windows live I have set my security to high and unless the email owner is in my safe list they immediately go to Junk mail and then I sift them with safe or delete.
Education is a start but never enough.
You get an email from your sister or brother, your best friend using the same email address and they want to borrow some cash for Christmas what do you do. Use rule of thumb don't give money over the net.
Check the sources.
btanExec ConsultantCommented:
blacklist is reactive and whitelist is prohibitive,and most network or host security technology will have some sort of service to get real time intelligence feeds and together with reputational metric can identify the undesired site. you may want to explore that rather than the manual importing where possible. Time is of essence to block threat and reduce windows of exposure. Likely the manual means can be automated unless the environment is constraint due to isolated segment and not internet reachable. You can check out some intelligence provider such as Norse, and PhishLab
awakeningsAuthor Commented:
giltjr and btan,

    These are a great start.  The project I am working on is a little off as I am not looking for malware sites.  giltjr, your was a little closer.  I did check the Wikipedia, which is great, but I am looking for something more substantial in terms of listing email sites.

awakeningsAuthor Commented:
Merete / btan,

    I did not see your additions.  These are great, but I am still looking.

btanExec ConsultantCommented:
the urlblacklist may be worth checking out
Rich RumbleSecurity SamuraiCommented:
You want to use a Proxy server, probably something like BlueCoat, Sophos, McAfee or WebSense. They can effectively block the users from going to GoogleDrive (aka GDrive), SkyDrive(aka OneDrive), Office365, GoogleDocs, ADrive, DropBox, YouSendIt, PasteBin, GitHub, etc... however you do have to force the users to use it, by blocking port 80/443 etc at the firewall, and or perhaps using WCCP to recognize http traffic and force it through the proxy.
But what if the user is clever. You block all possible sites in the sharing category... what if they save an attachment to their gmail, hotmail, hushmail,, comcast, yahoo... They might not be able to share a file with a direct link, but they can send a 25Mb attachment with most of the free email providers... Or make a fake email address, and upload an attachment that is bigger, and then share the U/P with the person who wants the file, they can then login to that account and just DL the attachment.
The best way to begin this battle, is to inform the users that ONE: File sharing, like GDrive, GoogleDocs, Office365, OneDrive, etc... is against company policy. (You should draft such a policy btw). TWO: Anyone using one should stop doing so, and report the files to IT so that they can assist in the proper removal of those files. THREE: After all the files are removed, if someone uses those sites without permission or consent, they may have receive disciplinary action.
You have to grant amnesty first, because you know someone in the network is doing it. Then you have to help them remove the files, do not tell them to do it themselves, make it clear no one gets in trouble when coming forward, they may however get in trouble if they hide their actions or try to remove the files themselves.
FOUR: Implement the proxy solution. Proxy vendors have extensive lists, and do very well at blocking based on those, but you too have to make sure they don't try to FTP it to their local go-daddy server, everything should go through the proxy if you need absolute control over the data.
DRM and rights-managment don't work, otherwise we'd all use it. Security and convenience are at odds with one another most times, and DRM/RM software certainly takes the convenience out of the picture.
btanExec ConsultantCommented:
endpoint may use auto-proxy config or pac to govern the traffic through single pot and if user can bypass that the policy should kick in, the first place is that user has no admin right. if that is not enforceable, blacklist or proxy or any other security will be bypass (you can have logging enabled but it is after effect detection). Here is another on netcraft on its Phishing Site Feed
awakeningsAuthor Commented:

   I'll just give you all points.  I'll open up another ticket with my original question, but remove the blacklist context.  I know controls like the back of my hand.  I know technology well.  I completely understand the gaps and I'm not looking for an academic explanation.  Thank you all for your input.  Some of this was helpful.  Thank you.
Awe thanks awakening you did well splitting them lol doesn't matter with points for me but I do hope you got some good insights to write your list
Merry Christmas to you and yours :)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.