In-Depth

Using DNSBLs

How Black Lists work for blocking spam.

Just about every server-side anti-spam product offers DNS Black Lists (DNSBLs, sometimes called Real-time Black Lists or RBLs) as an option for blocking spam. You may be able to use this as an effective anti-spam tool, but you’ll need to have some basic understanding of the field first.

A DNSBL uses the DNS protocol to signal whether a particular mail server is a source of unwanted e-mail. Some such lists are free, and others are supported by subscription. Your anti-spam software makes a DNS inquiry to the DNSBL server, but the returned IP address doesn’t point to a server. Rather, it’s a code that tells you what the DNSBL server thinks of the domain in question. For example, a return code of 127.0.0.2 usually indicates a server that the DNSBL thinks you should block.

The original DNSBLs concentrated on identifying open relays. An open relay is an SMTP server that will accept mail from anyone, for anyone, regardless of domain. Open relays are often targeted by spammers, because they will happily accept mail from bogus return addresses and deliver it anywhere. If you’re running an open relay, you should almost certainly stop doing so; starting with Exchange 2000, Microsoft Exchange is not open by default.

Many of the best-known DNSBLs still concentrate on open relays. ORDB, MAPS, and OsiruSoft are probably the leaders in this class. More recently, other organizations (notably SpamHaus) have started using the DNSBL protocol to indicate servers that host known spammers, whether they’re open relays or not. By running your e-mail through such a known spammer’s relay, you can effectively block much spam e-mail before it gets to your users.

Additional Information on Spam

Outrun the Avalanche
http://mcpmag.com/features/article.asp?editorialsid=362

What's New in Exchange 2003
http://mcpmag.com/features/article.asp?editorialsid=363

Understanding Bayesian Analysis
http://mcpmag.com/features/article.asp?editorialsid=364

Two Services for the Enterprise
http://mcpmag.com/features/article.asp?editorialsid=365

A Thanks to Hormel
http://mcpmag.com/features/article.asp?editorialsid=367

Spam-Fighting Terminology
http://mcpmag.com/features/article.asp?editorialsid=368

While DNSBLs seem like an ideal way to block spam, you need to exercise considerable caution to use them effectively. First, the different DNSBLs differ in how aggressive they are. Some have been known to declare all of yahoo.com or hotmail.com as spam, based on the actions of a few users. Second, mistakes can and do happen. Over the month that I was working on this roundup, I had DNSBL mistakenly identify MCP Magazine’s own domain as a spam source. And one of my own domains spent time on the ORDB list thanks to an IP address change that they were slow to react to.

For a good list of DNSBL servers, try www.email-policy.com/Spam-black-lists.htm.

About the Author

Mike Gunderloy, MCSE, MCSD, MCDBA, is a former MCP columnist and the author of numerous development books.

Featured

  • Surface and ARM: Why Microsoft Shouldn't Follow Apple's Lead and Dump Intel

    Microsoft's current Surface flagship, the Surface Pro X, already runs on ARM. But as the ill-fated Surface RT showed, going all-in on ARM never did Microsoft many favors.

  • IT Security Isn't Supposed To Be Easy

    Joey explains why it's worth it to endure a little inconvenience for the long-term benefits of a password manager and multifactor authentication.

  • Microsoft Makes It Easier To Self-Provision PCs via Windows Autopilot When VPNs Are Used

    Microsoft announced this week that the Windows Autopilot service used with Microsoft Intune now supports enrolling devices, even in cases where virtual private networks (VPNs) might get in the way.

  • Most Microsoft Retail Locations To Shut Down

    Microsoft is pivoting its retail operations to focus more on online sales, a plan that would mean the closing of most physical Microsoft Store locations.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.