Jump to content

Too Many DNSBL's ?


Recommended Posts

Is there info on who decides who the authoritative DNSBL's are?

With SpamCop email you do/decide

You just check what DNSBL you want. Your white list overrides them all

Each DNSBL have their own owners/operators/creators

MailWasher (Free version) you can add as many as you like

Link to comment
Share on other sites

I'm fairly sure this topic doesn't belong in the FAQ Under Construction forum and probably needs moving to a more appropriate venue here, where it might elicit some more highly-focused response - but will let that go for the moment pending clarification by the O/P as to context.

petzl has already given a general response, assuming some sort of connection to SC e-mail use/SC reporting with MailWasher.

DNSBLs apply in user account mail filtering (there is no indication yet that the O/P uses a SC e-mail account) and are also referenced by the parser when processing reporter spam submissions - currently the parser suite is: dnsbl.njabl.org ( ), dnsbl.njabl.org ( ), cbl.abuseat.org, dnsbl.sorbs.net, accredit.habeas.com, plus.bondedsender.org and iadb.isipp.com (per parse results any spam submission) - for reporter information (and perhaps additional reporting action in one or two cases), apparently not for weighting the reputation score used to determine whether or not listing will occur (refer What is the SpamCop Blocking List (SCBL)?).

For a good discussion which includes the use of DNSBLs in conjunction with SC reporting, see Rick Conner's Wiki article.

Public blocklists use different criteria for listing - the SCbl "speciality" is rapid response and automated removal once the source stops sending spam. A large part of the 'model' is to give the hosting provider evidence of abuse on their network as soon as it starts (should they wish to be so advised). To see which (if any) public RBLs (including the SCbl) best catches "your" spam sources, use one of the multi-list lookups to query on the source IP address, like

http://multirbl.valli.org/dnsbl-lookup/ or

http://www.robtex.com/ ("blacklists" tab via IP address lookup and information page about IP number)


Since errant IP addresses enter and (hopefully) leave the SCbl more rapidly than others, the SCbl will probably not show as many hits as some others for any given lookup (which might mean less false positives at any given time).

Similarly, there are "reputation rating" providers such as http://www.senderbase.org/about (lookup at http://www.senderbase.org/senderbase_queries/rep_lookup).

Note, these relate sometimes to potential message sources - any dynamically-allocated IP address (such as those of most of us) SHOULD be present in some blocklists and should have, at best, an "indeterminate" reputation rating simply because dynamic addresses should not be sending directly to the internet and many network administrators would want to block them pre-emptively should they ever try. The SCbl (and most others) handle actual message sources.

[P.S. There are many BL comparisons out there, just do an internet search on the terms blacklist (or blocklist) and comparison - one is here http://www.sdsc.edu/~jeff/spam/cbc.html - IMO the results don't mean a lot until you also compare how the lists work and (by inference at least) what they mean to achieve and how that might fit in with your requirements. There is no single "authoritative" blocklist and no list samples more than a fraction of the spam which is the main component (by a great margin) of all e-mail traffic. It's a matter of finding the ones that work best for you - and that includes reliability/availability.]

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...