Status of relays.radparker.com: DEAD

The DNSBL relays.radparker.com is no longer valid. If you are using relays.radparker.com in a mail server or spam filtering product, please stop doing so immediately. It will not block any spam. No DNSBL has been available under this domain for years, and unexpected results may be returned.

It used to be the home to a list called the Radparker Relay Spam Stopper (RRSS). The RRSS was a list that I myself (Al Iverson) created in early 1999 to help mail server administrators reject mail from open relaying mail servers. Back then, open relays were the primary transmission vector for the worst-of-the-worst kinds of spam. I created the list primarily to offer an alternative to ORBS, an open relay blocking list run by Alan Brown out of New Zealand. (This ORBS was a sort of descendant of a previous ORBS, run in Canada by Alan Hodgson.) Alan (Brown) had a habit of getting into arguments with people who were listed, actively probing mail servers without permission, listing things that didn't actually qualify as an open relays, and so forth. I found it distasteful and unfriendly.

Major policy differences for my new alternative open-relay list included:

• A remote server was not tested for open relay unless a spam message was received.

• Public record was kept of the spam message, and test proving the site was an open relay.

• Anybody could request that any listing be removed, and it would be removed.
  

The net result was that ORBS ended up imploding under various legal challenges, and the RRSS ended up becoming the Mail Abuse Prevention System (MAPS) RSS, later a component of a commercial spam-filtering solution, provided as of late by MAPS' current owners, Trend Micro.

Throughout the spring and summer of 1999, the RRSS list grew in popularity. At its peak, we figured that it was protecting over 350,000 mailboxes from open relay spam, and was used by quite a few local and regional ISPs, including USWest/Qwest.

I created the list on my own, on my spare time. Back then, it was hosted by my employer, with their permission. This meant that the company would occasionally get a screaming goober phone call from somebody whose mail got blocked, who couldn't figure out how to resolve the issue, and was sure that there was some giant conspiracy in place to harass them. (I probably wasn't as polite to some of those folks as I should have been, either.) Eventually enough of those calls started coming in that I decided it wasn't very wise to continue hosting the RRSS from my office at work. That's when I started talking to MAPS. They offered to host the project for me under the MAPS umbrella, a partnership I entered into somewhere around August or September 1999. Eventually my volunteer work turned into a full time job working for MAPS, where I continued to manage and develop the RSS project, as well as working as an investigator for the MAPS RBL (Realtime Blackhole List) project.

I left MAPS in October, 2000.

The zone relays.radparker.com was emptied out sometime after the project was moved to the MAPS' servers in California. That was back sometime in 1999 or 2000. It's not been used to host a DNSBL since.

Interestingly, the RRSS data, process, and code was my own intellectual property that I brought with me to MAPS, and never had any sort of formal agreement to transfer ownership to them. When I later left, I decided my heart lay elsewhere and I never pursued any sort of plan to take the project back unto myself. My friend Gordon Fecyk, who created what became the MAPS DUL, found himself in a similar situation when he left MAPS in 2002. In his case, he attempt to continue with his DUL project. This resulted in him being sued by MAPS, having been accused of stealing MAPS' own intellectual policy-- a claim I suspect was distorted and probably unfounded, as did others.

MAPS founder Paul Vixie recently posted to a mailing list that the original, long-dead MAPS RBL zone of rbl.maps.vix.com is still receiving may queries against it. This got me to thinking – I did a bit of Google searching myself and found that there are still some people out there wondering if the RRSS zone of relays.radparker.com is working. So, here I am, posting this information, in the hope that the next time somebody's wondering, they'll query Google for more information, and find this page with the definitive answer: Nope, there is no DNSBL to be found at relays.radparker.com.

CBL: Block those exploits!

The Composite Blocking List (CBL) is a DNSBL that helps you block mail from exploited computers. That includes abused open proxy servers, as well as virus and trojan-infected spam spewers, the primary vector for most of the illegal spam people are receiving nowadays. By some counts, there are millions of these computers in the world, and besides spam, they’re also responsible for denial-of-service attacks, virus distribution, phishing, etc.

As the CBL website indicates, the data behind the listings is sourced from very large spamtrap-receiving domains and various email infrastructures. Their intent is to list only IP addresses that exhibit characteristics specific to open proxies, viruses, stealth spamware applications loaded on a computer without the user’s knowledge, etc. They don’t knowingly attempt to block any sort of legitimate mail. And I would characterize “legitimate” very broadly here – legitimate senders like most email service providers (and their clients) should rarely, if ever find their mail blocked by a CBL listing.

Though, on occasion, it does happen. CBL doesn’t ever list good senders intentionally. The problem is that some computers share IP addresses with others, behind a NAT (network address translation) device or firewall. Your legitimate mail could be going out to the internet over an IP address shared with an infected, spam-spewing Windows desktop. It’s fairly rare, but when it does happen, CBL makes it easy for you to address those kinds of issues, by allowing you to remove any entry from the list. This allows you to again send mail to the site that was rejecting it due to the listing. Keep in mind that if they again later see bad traffic coming from that IP, it could get listed again. That means it’s important to figure out what on your network is infected or spewing, and fix it.

I recommend use of the CBL (or one of the other lists that includes the CBL data) to filter or reject inbound mail. It helps to block some of the worst types of illegal spam out there, and the risk of blocking legitimate mail is very low.

The CBL listing data is integrated into the Spamhaus XBL (and is therefore also part of Spamhaus ZEN). If you use either of these Spamhaus DNSBLs to tag, filter or reject inbound mail, then there’s no need to utilize the CBL as well – you’re already doing so.

Status of rbl.maps.vix.com: INVALID DOMAIN

In January 2007, MAPS (Mail Abuse Prevention System) co-founder Paul Vixie noted on the NANOG mailing list that he continues to receive significant traffic from sites attempting to query the “rbl.maps.vix.com” blocking list.

The DNS zone “rbl.maps.vix.com” was the original zone for the MAPS Realtime Blackhole List (RBL), the first widely-used anti-spam DNSBL. The zone has long since been replaced with another, named blackholes.mail-abuse.org.

The queries against rbl.maps.vix.com will never return anything valid. It’s my understanding that you currently would get no response, and it will block no more mail. You risk eventually blocking wanted mail, if Vixie later decides to implement a wildcard listing strategy, to force sites to stop using his list. (This would make all inbound mail to any site using the list bounce.)

If you currently have rbl.maps.vix.com on the list of DNSBLs you are querying, please remove it. As indicated above, there is currently no spam-blocking value, and there is potential for future risk.

It appears that RBLSMTPD, a tool to allow sites to utilize DNSBLs to block mail, widely utilized in conjunction with qmail, will default to querying rbl.maps.vix.com. If you use RBLSMTPD, please review your configuration to ensure that you’re not contributing to this problem.

If you are attempting to use the MAPS RBL, please do not simply change over to the blackholes.mail-abuse.org zone. The MAPS services are not free, and are blocked from unregistered access. Please see the MAPS website for more information.

If you’re looking for a free, reputable blocking list suite to try, my recommendation would be to consider Spamhaus’s ZEN combined list. I plan to post an article about them very soon, and I’ll link to that from here, after it’s posted.

It's very unlikely that you would see a bounced email message making reference to rbl.maps.vix.com. If you do see such a bounce, it is likely in error. Contact the site (from another email account or via telephone call) and point them toward this site for further information.

Status of lbl.lagengymnastik.dk: DEAD

The DNSBL lbl.lagengymnastik.dk is no longer active. It ceased operation back in 2003 or 2004.

In January 2007, Henrik, the operator of this DNSBL, indicated that his bandwidth is still being greatly consumed by DNS queries against his list. Because of this, he has implemented a “wildcard listing strategy” to force sites to stop using the list.

In a wildcard listing strategy, a DNSBL lists all IP addresses in the world. That means that anybody using this list will no longer be able to receive any mail at all. This controversial “last resort” is done as a wake-up call for sites using the list. Suddenly they stop receiving all inbound mail, and hopefully they soon realize what’s going on and resolve it.

If you find your mail bouncing with a reference to the lbl.lagengymnastik.dk list, contact the site that blocked your mail. I assume you’ll have to do that via telephone, since mail to them will not go through. Inform them that the list is no longer around. Direct them to this site or recommend they do a Google search to learn more.

For more information, visit the LBL website, and this posting to the usenet newsgroup news.admin.net-abuse.blocklisting. (Note that “the Osirusoft solution” refers to a wildcard listing strategy.)

What is a DNSBL?

A DNSBL is a DNS (domain name service)-based spam blocking list. Some people call them blacklists, while others call them blocklists.

They are most often IP address-based. This means that they contain IP addresses, generally of email servers that you might receive spam from, or that the list maintainer has indeed received spam from. There are dozens of such lists available, all compiled with different criteria, at every conceivable point in the sanity spectrum. Some lists work better than others, and some list maintainers are more trustworthy and respectable than others.

The original (and still primary) use for DNSBLs is to block mail. Most mail servers nowadays have DNSBL support (either built in, or through use of a plug-in) that allows a mail server administrator to block mail from sites listed on a specific DNSBL. The site would choose to do this as part of their attempt to reduce the amount of spam their users would receive.

More recently, DNSBLs are often used as a part of spam scoring system, such as SpamAssassin. If you’re listed on a spam blocklist that is referenced in a spam scoring system, your spam score could be increased by some amount. (The amount varies and is often configurable.) If that, in addition to other scoring tests performed, makes an email’s score rise above a certain level, it could be discarded, or routed to the spam folder.

Note: you might hear people refer to “RBLs” when talking about spam blocking. The first DNSBL was called the RBL, created by a company I once worked for, the Mail Abuse Prevention System (MAPS). MAPS claims “RBL” as a service mark, but as far as I can tell, anybody using the term RBL is usually using it interchangeably with DNSBL.