In-Depth

Using DNSBLs

How Black Lists work for blocking spam.

Just about every server-side anti-spam product offers DNS Black Lists (DNSBLs, sometimes called Real-time Black Lists or RBLs) as an option for blocking spam. You may be able to use this as an effective anti-spam tool, but you’ll need to have some basic understanding of the field first.

A DNSBL uses the DNS protocol to signal whether a particular mail server is a source of unwanted e-mail. Some such lists are free, and others are supported by subscription. Your anti-spam software makes a DNS inquiry to the DNSBL server, but the returned IP address doesn’t point to a server. Rather, it’s a code that tells you what the DNSBL server thinks of the domain in question. For example, a return code of 127.0.0.2 usually indicates a server that the DNSBL thinks you should block.

The original DNSBLs concentrated on identifying open relays. An open relay is an SMTP server that will accept mail from anyone, for anyone, regardless of domain. Open relays are often targeted by spammers, because they will happily accept mail from bogus return addresses and deliver it anywhere. If you’re running an open relay, you should almost certainly stop doing so; starting with Exchange 2000, Microsoft Exchange is not open by default.

Many of the best-known DNSBLs still concentrate on open relays. ORDB, MAPS, and OsiruSoft are probably the leaders in this class. More recently, other organizations (notably SpamHaus) have started using the DNSBL protocol to indicate servers that host known spammers, whether they’re open relays or not. By running your e-mail through such a known spammer’s relay, you can effectively block much spam e-mail before it gets to your users.

Additional Information on Spam

Outrun the Avalanche
http://mcpmag.com/features/article.asp?editorialsid=362

What's New in Exchange 2003
http://mcpmag.com/features/article.asp?editorialsid=363

Understanding Bayesian Analysis
http://mcpmag.com/features/article.asp?editorialsid=364

Two Services for the Enterprise
http://mcpmag.com/features/article.asp?editorialsid=365

A Thanks to Hormel
http://mcpmag.com/features/article.asp?editorialsid=367

Spam-Fighting Terminology
http://mcpmag.com/features/article.asp?editorialsid=368

While DNSBLs seem like an ideal way to block spam, you need to exercise considerable caution to use them effectively. First, the different DNSBLs differ in how aggressive they are. Some have been known to declare all of yahoo.com or hotmail.com as spam, based on the actions of a few users. Second, mistakes can and do happen. Over the month that I was working on this roundup, I had DNSBL mistakenly identify MCP Magazine’s own domain as a spam source. And one of my own domains spent time on the ORDB list thanks to an IP address change that they were slow to react to.

For a good list of DNSBL servers, try www.email-policy.com/Spam-black-lists.htm.

About the Author

Mike Gunderloy, MCSE, MCSD, MCDBA, is a former MCP columnist and the author of numerous development books.

Featured

  • Microsoft Previews Windows VM Authentications via Azure Active Directory

    Microsoft on Thursday announced a preview of remote authentications into Windows-based Azure virtual machines (VMs) using Azure AD credentials.

  • Windows Server 20H1 Getting Smaller Containers and Faster PowerShell

    Microsoft is promising to deliver a smaller container size and improved PowerShell performance with its next release of Windows Server.

  • Microsoft Previews Microsoft Teams for Linux

    Microsoft on Tuesday announced a "limited preview" release of Microsoft Teams for certain Linux desktop operating systems.

  • Hyper-V Architecture: Some Clarifications

    Brien answers two thought-provoking reader questions. First, do Hyper-V VMs have direct hardware access? And second, how is it possible to monitor VM resource consumption from the host operating system?

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.