Post Kitchen # 3: DNSBL - What is the DNS blacklist and what do they eat?
Continuing the cycle of articles about email. This time - block lists.
Part One: DNS (Author differentlocal )
Part Two: SMTP - (Posted by seriyPS )
')
DNSBL , as the name implies, is a DNS based blocking list. Previously, such lists were called RBL (Real-time Blackhole List), but due to licensing restrictions on the trademark were renamed.
Like that:
A letter comes to the server from another server, with IP 111.222.333.444.
A server configured to work with a blocklist makes a DNS query of the form:
reverse-ip.BLNAME.DNSBLProvider.TLD
For example:
444.333.222.111.bl.spamcop.net
Further, depending on the response, the server makes a decision:
If the answer is “NXDOMAIN”, then this IP address is clean and spam is not seen from it.
If the answer is any IP, then the address is listed and you should not accept the letter.
Depending on the block list, IP may indicate the reason for the address being entered in the BL, or not. :)
Also, the reason (detailed) may be contained in the TXT record.
Getting into the list is easy, getting out of there is difficult. You can get for:
What to do if you are covered with :
The first unblock is usually not difficult, but the second time in the lists is better not to fall.
At the moment, DNSBL is one of the most popular anti-spam technologies, on par with greylisting.
Its main advantages:
And cons, where without them:
To not get into the list:
0) Do not spam or order spam. True. It will give few benefits, and a lot of problems.
1) Follow the standards. Have the correct HELO, SPF, PTR, configure authorization, limit the number of sent letters. Keep the correct and readable mailboxes of abuse, root and postmaster to quickly find out that spam is coming through you.
2) Do not abuse mailings, even legal ones. If you need to send several thousand letters - you should not do it directly, from the server. Create, for example, a mailing list or a newsgroup.
In order not to lose mail due to BL. This is especially critical for organizations where the loss of letters can incur direct losses.
1) Do not use "hard" BL, which block not the addresses, but the subnets. Not once or twice there were cases when whole data centers got into such lists due to one spammer.
2) Do not make BL the only method to protect against spam.
3) Use a “soft” BL policy when a letter from a blocked address is not discarded, but is sent for an additional check (for example, on spamassasin).
4) Have a backup MX server.
Most Popular BL:
www.spamhaus.org - SpamHouse.
www.spamcop.net - Spamcop.
www.dsbl.com - DSBL.
dnsbl.njabl.org - njabl.
Tools:
rosinstrument.com/cgi-bin/blqw.pl - check IP inclusion in sheets, more than 200 sheets.
spamlinks.net/filter-dnsbl-lists.htm - lists of blacklist, not sure that all, but very much.
woland.pl.ua/3-pochemu-ya-ne-ispolzuyu-dnsbl-v-pomoshh-nachinayushhemu-postmasteru - a great article in Russian about using DNSBL.
Part One: DNS (Author differentlocal )
Part Two: SMTP - (Posted by seriyPS )
')
What is DNSBL \ RBL?
DNSBL , as the name implies, is a DNS based blocking list. Previously, such lists were called RBL (Real-time Blackhole List), but due to licensing restrictions on the trademark were renamed.
How it works?
Like that:
A letter comes to the server from another server, with IP 111.222.333.444.
A server configured to work with a blocklist makes a DNS query of the form:
reverse-ip.BLNAME.DNSBLProvider.TLD
For example:
444.333.222.111.bl.spamcop.net
Further, depending on the response, the server makes a decision:
If the answer is “NXDOMAIN”, then this IP address is clean and spam is not seen from it.
If the answer is any IP, then the address is listed and you should not accept the letter.
Depending on the block list, IP may indicate the reason for the address being entered in the BL, or not. :)
Also, the reason (detailed) may be contained in the TXT record.
What can I get into the blacklist?
Getting into the list is easy, getting out of there is difficult. You can get for:
- Spam, of course.
- For what you are open relay.
- Mailing viruses \ posting them on the site.
- Spam sent by a virus or through a hacked account (the trouble of all hosters).
- Lack of PTR-record for IP, or indication of this record for the dial-up provider, dynamic range or anonymizer.
- For opening (independently or through a trojan) public proxy on the address.
- Lists of subnets for dynamic, dial-up, bulletproof hosting providers.
What to do if you are covered with :
- First of all - to eliminate the blocking reason. If the first unblocking of most blocklist is simple and free, then hitting the list a second time getting out of there is orders of magnitude more difficult.
- Go to the site of the provider who has populated your address.
- Find this address there and apply for unlocking.
The first unblock is usually not difficult, but the second time in the lists is better not to fall.
Advantages and disadvantages of DBSBL.
At the moment, DNSBL is one of the most popular anti-spam technologies, on par with greylisting.
Its main advantages:
- Speed of work
- Does not require additional software on the server.
- Easy to set up.
And cons, where without them:
- A relatively large number of false positives.
- For part of the lists - the low relevance of the data.
- Not all spammers are listed.
Some tips.
To not get into the list:
0) Do not spam or order spam. True. It will give few benefits, and a lot of problems.
1) Follow the standards. Have the correct HELO, SPF, PTR, configure authorization, limit the number of sent letters. Keep the correct and readable mailboxes of abuse, root and postmaster to quickly find out that spam is coming through you.
2) Do not abuse mailings, even legal ones. If you need to send several thousand letters - you should not do it directly, from the server. Create, for example, a mailing list or a newsgroup.
In order not to lose mail due to BL. This is especially critical for organizations where the loss of letters can incur direct losses.
1) Do not use "hard" BL, which block not the addresses, but the subnets. Not once or twice there were cases when whole data centers got into such lists due to one spammer.
2) Do not make BL the only method to protect against spam.
3) Use a “soft” BL policy when a letter from a blocked address is not discarded, but is sent for an additional check (for example, on spamassasin).
4) Have a backup MX server.
References
Most Popular BL:
www.spamhaus.org - SpamHouse.
www.spamcop.net - Spamcop.
www.dsbl.com - DSBL.
dnsbl.njabl.org - njabl.
Tools:
rosinstrument.com/cgi-bin/blqw.pl - check IP inclusion in sheets, more than 200 sheets.
spamlinks.net/filter-dnsbl-lists.htm - lists of blacklist, not sure that all, but very much.
woland.pl.ua/3-pochemu-ya-ne-ispolzuyu-dnsbl-v-pomoshh-nachinayushhemu-postmasteru - a great article in Russian about using DNSBL.
Source: https://habr.com/ru/post/59598/
All Articles