Offer filtered version? Abuse reports by NCSC-FI triggered due to botnet / malware servers included

[Hahlh]

Abuse reports by NCSC-FI are triggered as some servers in the list have been part of botnet infrastructure (e.g. command & control servers for Andromeda).

Blindly iterating over the list could get ones server included in blocklists as well (or potentially worse).

Would it be reasonable to filter these out of the normal list by using common public filter lists for these purposes? And potentially offer a second full "malware-included" list? Or maintain the status quo as the usage of the list should still be in the responsibility of the user?

[VictorLeP]

It somewhat makes sense that this can happen - by definition, a malicious domain can also be 'popular', especially in the botnet case (as many devices will contact the C&C domain).

Nevertheless, making a filtered list is definitely a reasonable idea. Indeed, if a user's use case requires them to exclude malicious domains, they should make sure to take care of this themselves, but it probably does not hurt to make it easier to discover such a 'clean'(er) list.

Any suggestions for additional (easily automatically retrievable) filter lists?