In-Depth

Using DNSBLs

How Black Lists work for blocking spam.

Just about every server-side anti-spam product offers DNS Black Lists (DNSBLs, sometimes called Real-time Black Lists or RBLs) as an option for blocking spam. You may be able to use this as an effective anti-spam tool, but you’ll need to have some basic understanding of the field first.

A DNSBL uses the DNS protocol to signal whether a particular mail server is a source of unwanted e-mail. Some such lists are free, and others are supported by subscription. Your anti-spam software makes a DNS inquiry to the DNSBL server, but the returned IP address doesn’t point to a server. Rather, it’s a code that tells you what the DNSBL server thinks of the domain in question. For example, a return code of 127.0.0.2 usually indicates a server that the DNSBL thinks you should block.

The original DNSBLs concentrated on identifying open relays. An open relay is an SMTP server that will accept mail from anyone, for anyone, regardless of domain. Open relays are often targeted by spammers, because they will happily accept mail from bogus return addresses and deliver it anywhere. If you’re running an open relay, you should almost certainly stop doing so; starting with Exchange 2000, Microsoft Exchange is not open by default.

Many of the best-known DNSBLs still concentrate on open relays. ORDB, MAPS, and OsiruSoft are probably the leaders in this class. More recently, other organizations (notably SpamHaus) have started using the DNSBL protocol to indicate servers that host known spammers, whether they’re open relays or not. By running your e-mail through such a known spammer’s relay, you can effectively block much spam e-mail before it gets to your users.

Additional Information on Spam

Outrun the Avalanche
http://mcpmag.com/features/article.asp?editorialsid=362

What's New in Exchange 2003
http://mcpmag.com/features/article.asp?editorialsid=363

Understanding Bayesian Analysis
http://mcpmag.com/features/article.asp?editorialsid=364

Two Services for the Enterprise
http://mcpmag.com/features/article.asp?editorialsid=365

A Thanks to Hormel
http://mcpmag.com/features/article.asp?editorialsid=367

Spam-Fighting Terminology
http://mcpmag.com/features/article.asp?editorialsid=368

While DNSBLs seem like an ideal way to block spam, you need to exercise considerable caution to use them effectively. First, the different DNSBLs differ in how aggressive they are. Some have been known to declare all of yahoo.com or hotmail.com as spam, based on the actions of a few users. Second, mistakes can and do happen. Over the month that I was working on this roundup, I had DNSBL mistakenly identify MCP Magazine’s own domain as a spam source. And one of my own domains spent time on the ORDB list thanks to an IP address change that they were slow to react to.

For a good list of DNSBL servers, try www.email-policy.com/Spam-black-lists.htm.

About the Author

Mike Gunderloy, MCSE, MCSD, MCDBA, is a former MCP columnist and the author of numerous development books.

Featured

  • The 2020 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generations of .NET and PowerShell, here's what's on tap from Microsoft this year.

  • Microsoft's Power Platform, Dynamics 365 Get AI Boost with Orions Systems Buy

    Microsoft this week acquired Orions Systems with plans to bring the firm's AI-powered video analysis solutions to the Dynamics 365 and Power Platform products.

  • 2020 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss. (Now updated with COVID-19-related event changes.)

  • Microsoft Partners with Movial To Bring Android to Surface

    Microsoft is adding more Android expertise to its in-house engineering teams via a deal with Movial, a software engineering and design services company based in Finland.

RCP Update

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.