PEP: DNS Blocklists
For support call:     778-410-2454

PEP: DNS Blocklists

What's a DNS blocklist?
It's a database that contains the IP addresses or domain names of sites that you might not want to receive mail from. They might list open relays, known sources of spam, ISPs that are spam-friendly, and so on.

These databases are stored in a DNS "zone" and they are queried via DNS lookups (PEP does all that for you, so don't worry about it if you don't know what that means).

How do sites get listed in a DNS blocklist?
The exact criteria depends on who owns and manages the database. Some blocklists are well managed and have clearly defined criteria, while others will list just about any site that annoys them in some way.

Generally, though, a site gets listed because it is the source of spam or facilitates spam in some way (often due to being an open relay).

What's an "open relay"?
It's an improperly configured mail server that allows anonymous people to send mail to arbitrary addresses on the Internet. In other words, it relays messages for anyone who asks it to.

Spammers like open relays because they can offload all the resource usage (CPU, disk space, bandwidth, etc.) of sending their junk to someone else's server. This is theft of service.

What DNS blocklists are available?
There are many different blocklists out there. Most are free for the public to use, but some are subscription based. They all have pros and cons.

The main thing to keep in mind is that every blocklist can help to eliminate spam, but every blocklist will also eventually cause legitimate mail to be blocked. Usually the more effective it is at blocking spam, the more likely it is to block legitimate mail as well. Use them at your own risk.

It is up to you to visit the web site for each blocklist and determine for yourself whether it suits your needs.

Here's a list of just some of the DNS blocklist zones you can use (in no particular order and presented without comment). Some services have more than one zone that you can use:

ORDB
  • relays.ordb.org

Spamcop
  • bl.spamcop.net

Arbitrary Blackhole List
  • spammers.v6net.org

Relay Stop List
  • relays.visi.com

spambag.org
  • blacklist.spambag.org

Blars Block List
  • block.blars.org

Wirehub!
  • blackholes.wirehub.net
  • dynablock.wirehub.net

Five-Ten-SG
  • blackholes.five-ten-sg.com

Not Just Another Blacklist
  • dnsbl.njabl.org

XBL
  • xbl.selwerd.cx

RFC-Ignorant.org
  • ipwhois.rfc-ignorant.org
  • whois.rfc-ignorant.org
  • dsn.rfc-ignorant.org
  • postmaster.rfc-ignorant.org
  • abuse.rfc-ignorant.org

How do I use these in PEP?
You give PEP a zone name and either an IP address or a domain name to search for within that zone. If the search is successful, it will return a result code that looks like an IP address (usually 127.0.0.2). Some DNSBLs also return a "TXT record", which is a brief line of text about the entry.

PEP has two special "header" values named "DNSBL" and "DNSBLTXT" which contain the result code and the TXT record (if any) from the last lookup. By default these are both set to empty values. They are only filled in when you tell PEP to perform a DNSBL lookup for a zone, which you do with the dnsbl command. If the lookup fails they will be emptied again.

The dnsbl command must always be given a zone name. You can also give it an IP address or domain name to look up, but the default is to use the IP address of the machine that passed the message to our mail server, which is usually what you want.

In this example we first tell PEP to perform a DNSBL lookup in the relays.osirusoft.com zone. After that we can test the return code for specific values. Then we perform another DNSBL lookup on the relays.ordb.org zone and fail anything that is listed there:

dnsbl relays.osirosoft.com
fail if dnsbl is "127.0.0.2" with "You are a verified open relay"
fail if dnsbl is "127.0.0.3" with "Direct mail from dialups not allowed"
fail if dnsbl is "127.0.0.4" with "You are a confirmed spam source"

dnsbl relays.ordb.org
fail if dnsbl is not "" with "Spam from {ip} not welcome {dnsbltxt}"

Notice how we only need to perform one dnsbl lookup for a zone, then we can perform multiple tests on the results.

This example checks to see if the sender's domain is violating the RFCs that require a server to have a postmaster mailbox:

dnsbl postmaster.rfc-ignorant.org {senderdomain}
fail if dnsbl is not "" with "{dnsbltxt}"


Islandnet.com

Follow Us

twitter-48x48 facebook-48x48 linkedin-48x48 google-48x48
youtube-48x48 feed-48x48