What is a DNSBL?

A DNSBL is a DNS (domain name service)-based spam blocking list. Some people call them blacklists, while others call them blocklists.

These blacklists are IP address-based. This means that they contain IP addresses, generally of email servers that you might receive spam from, or that the blacklist maintainer has indeed received spam from. There are dozens of such lists available, all compiled with different criteria, at every conceivable point in the sanity spectrum. Some lists work better than others, and some list maintainers are more trustworthy and respectable than others.

The original (and still primary) use for DNSBLs is to block mail. Most mail servers nowadays have DNSBL support (either built in, or through use of a plug-in) that allows a mail server administrator to block mail from sites listed on a specific DNSBL. The site would choose to do this as part of their attempt to reduce the amount of spam their users would receive.

More recently, DNSBLs are often used as a part of spam scoring system, such as SpamAssassin. If you’re listed on a spam blacklist that is referenced in a spam scoring system, your spam score could be increased by some amount. (The amount varies and is often configurable.) If that, in addition to other scoring tests performed, makes an email’s score rise above a certain level, it could be discarded, or routed to the spam folder.

Note: you might hear people refer to “RBLs” when talking about spam blocking. The first DNSBL was called the RBL, created by a company I once worked for, the Mail Abuse Prevention System (MAPS). MAPS claims “RBL” as a service mark, but as far as I can tell, anybody using the term RBL is usually using it interchangeably with DNSBL.

About the author, Al Iverson

Helping people deal with spam, list management, and deliverability issues is what I've been doing, first as a hobby, and now as my career, for the past ten years.

Since August, 2006, I've been the spam policy enforcement and deliverability guy for an email service provider located in the midwest. Prior to that, I spent just under six years working for a very large e-commerce service provider as the point person for spam and list management issues across the company's thousands of clients and dozen plus divisions and subsidiaries.

Before that, I worked for the Mail Abuse Prevention System (MAPS), one of the first anti-spam blacklist groups. There I created the MAPS RSS (Relay Spam Stopper) blacklist, to help address the scourge of spam being vectored through open-relaying mail servers. I also handled investigation and listing issues as a member of the RBL (Realtime Blackhole List) team.

Stopping spam is important to me. I do my part by guiding senders on how to send mail without sending spam, and guiding end recipients and system administrators on how to most effectively reduce the amount of spam they have to deal with.

I've been called the "baron of blacklists" for "waxing lyrically" on the topic of blacklists here and over on my other site, Spam Resource. There I publish news and info on spam related topics, as and provide best practice information and guidance to both senders and receivers on how to prevent and mitigate spam issues.

Contact me here.

How to confirm the current status of SPEWS

I figured it would be helpful if people were able to check my work. If you’d like to confirm for yourself whether or not SPEWS has been updated recently, here’s a couple different ways you could do that.

Go to this page on the SPEWS site, using the Mozilla Firefox web browser. You’ll get a list of network blocks and IP addresses. Right click on an empty space on the page, and select “View Page Info.” The window that pops up contains a “modified” field. That indicates the last time the SPEWS data was updated.

If you don’t use Firefox, here’s another way you can check. Go to http://web-sniffer.net and paste in this URL: http://www.spews.org/spews_list_level1.txt

Then, hit the submit button. You’ll get a page of output that includes a “last modified” field. This field indicates the last time SPEWS data was updated.

From here you can return to “SPEWS Current Status,” or return to “What to do if you’re listed on SPEWS.”

SPEWS Current Status: DEAD

Please note: I have no involvement in SPEWS. I publish this information simply to be helpful to people I see trying to figure out what to do about a SPEWS listing.

SPEWS is clearly dead/abandoned. SPEWS data has not been updated since Wednesday, August 23, 2006 11:03:29 PM.

This means that the SPEWS data has not changed since August, 2006. This data likely would not be intentionally frozen in time. I am told that the data was generally updated periodically. This probably means that whoever maintains the SPEWS list is unwilling to make updates, or has abandoned this data. I'm not sure -- I don’t know what’s going on behind the scenes. I just know that the data is out of date.

If you'd like to confirm this for yourself, I explain how to do that here.

I confirmed with other smart anti-spam folks to ensure that I am checking this properly, and I’m pretty sure it’s correct.

I will update this page with more information as I have it. Please feel free to contact me if you have any information regarding the SPEWS site or data.

Update as of Thursday, February 1, 2007: Matthew Sullivan of SORBS has emptied out the SPEWS data he was previously serving via his nameservers. Read more >>

If you are listed on SPEWS, don't despair. I've compiled some tips on how to deal with the situation. Click here to read on.

What to do if you're listed on SPEWS

The newsgroup news.admin.net-abuse.blocklisting (NANAB) regularly plays host to de-blacklisting requests. Most of those requests seem to be aimed at SPEWS (the Spam Prevention Early Warning System). The SPEWS FAQ says that “general blocklist related issues can be discussed in the public forums” including NANAB. The end result is that lots of folks post to NANAB, asking that their IP address(es) be removed from SPEWS. Those folks get lots of responses, and only some of them are helpful. Because (as of January, 2007) SPEWS seems to have been frozen in time for many months, I’m sharing this information on my site to help affected folks get the facts on what’s going on, and provide suggestions on how to handle the situation.

Note: This isn’t guidance on how to avoid a blacklisting or sidestep anti-spam groups. This is information regarding how to address an issue with a now-defunct blacklist, where there’s nobody at the group to contact to request delisting.

If you’re listed on the SPEWS blacklist, as confirmed by checking their website, then I’m of the opinion that the following steps are probably what you should take to deal with the issue.

  1. Check the status of SPEWS here. If it’s long out of date, proceed with the steps below. If it’s been updated recently, read the SPEWS website for information on how to proceed.
  2. Assuming that SPEWS has not been updated in months, your next step should be a review your bounce data. Does it contain bounce data that references a SPEWS block?
  3. If no, don’t worry about it. You just determined that you’re not having blocking issues that you can trace back to SPEWS. It’s annoying that you’re listed on the website, but there’s little easy recourse available to you to address that. However, if your bounce data does indicate blocking that you can trace to a SPEWS listing, proceed with the following steps.
  4. If you have a spam issue, resolve it. Just because SPEWS may be gone, doesn’t mean that your spam blocking issues are going to magically going to go away. If SPEWS is listing you, other blacklists or ISPs are probably blocking your mail. Make sure you’re doing everything possible to comply with best practices, and remember that complying with the law just isn’t enough. I realize that this guidance is pretty brief and high level. Reach out to an email service provider (ESP) or email deliverability/reputation consultant for further assistance, as appropriate.
  5. Contact the site bouncing your mail. Show them that SPEWS is out of date and is no longer updating. Feel free to point them at this site. You should be able to demonstrate to them that you do not spam. Be polite. ISPs and companies are perfectly free to block your mail. Attempts to strong-arm a site into accepting your mail are legally and ethically questionable, and will cause far more problems than realize.
  6. Read the bounce to see if you can determine who is serving up the SPEWS blacklist. SPEWS doesn’t publish the data as a blacklist themselves; they leave that to others. As of February 1, 2007, Matthew Sullivan of SORBS has stopped serving the stale SPEWS data. I assume that other sites serve it up as well. If you find that a site is serving up this outdated info from SPEWS, contact them and let them know that the information they’re sharing is out of date. Feel free to point them toward this site. Recommend they follow Matthew's example with regard to nulling out the listings until (if) SPEWS returns.
I hope you find this information helpful. Please feel free to contact me with your comments or feedback. But, please note that I'm unable to consult with you regarding your specific situation -- I've already got a full time day job, and I'm not looking for consulting clients.