Tuesday, January 30, 2007

What is a DNSBL?

A DNSBL is a DNS (domain name service)-based spam blocking list. Some people call them blacklists, while others call them blocklists.

These blacklists are IP address-based. This means that they contain IP addresses, generally of email servers that you might receive spam from, or that the blacklist maintainer has indeed received spam from. There are dozens of such lists available, all compiled with different criteria, at every conceivable point in the sanity spectrum. Some lists work better than others, and some list maintainers are more trustworthy and respectable than others.

The original (and still primary) use for DNSBLs is to block mail. Most mail servers nowadays have DNSBL support (either built in, or through use of a plug-in) that allows a mail server administrator to block mail from sites listed on a specific DNSBL. The site would choose to do this as part of their attempt to reduce the amount of spam their users would receive.

More recently, DNSBLs are often used as a part of spam scoring system, such as SpamAssassin. If you’re listed on a spam blacklist that is referenced in a spam scoring system, your spam score could be increased by some amount. (The amount varies and is often configurable.) If that, in addition to other scoring tests performed, makes an email’s score rise above a certain level, it could be discarded, or routed to the spam folder.

Note: you might hear people refer to “RBLs” when talking about spam blocking. The first DNSBL was called the RBL, created by a company I once worked for, the Mail Abuse Prevention System (MAPS). MAPS claims “RBL” as a service mark, but as far as I can tell, anybody using the term RBL is usually using it interchangeably with DNSBL.