All about DNSBLs, aka blocklists/blacklists // Since 2001 // Published by Al Iverson
Security Sage Update
It seems today as though the Security Sage domains have expired and/or replaced by "placeholder" pages by their registrar. Net result: Bad things. If you were still using their BL, you're probably having problems receiving inbound mail right about now.
DSBL Current Status: DEAD
DSBL, the Distributed Sender Blackhole List, seems to have gone missing. The list appears to have been in operation since at least May, 2002.
Help, we're listed on ORDB!
I've received multiple queries about this today, so I figured it would be wise to put up a quick message about this.
ORDB is a long dead blocking list, gone for more than a year.
Recently, they started "listing the world" -- meaning everybody using ORDB is now blocking 100% of inbound mail. Blocking lists do this to shed themselves of any excess DNS query traffic from sites who haven't yet ceased querying their data. It can very much be considered a slap in the face -- hey, we tried shutting down the nice way, but since you're not listening, we're going to make all your mail bounce.
But what does that mean? Why am I listed?
You're not actually listed on ORDB. ORDB is returning a "yup, they're listed" answer for any IP address that people check. Meaning the whole world is listed. Everybody, not just you. It's not because they hate you, it's because they want people to stop querying their DNSBL.
If you received bounces from somebody that suggests that you're listed on ORDB, here's what to do:
ORDB is a long dead blocking list, gone for more than a year.
Recently, they started "listing the world" -- meaning everybody using ORDB is now blocking 100% of inbound mail. Blocking lists do this to shed themselves of any excess DNS query traffic from sites who haven't yet ceased querying their data. It can very much be considered a slap in the face -- hey, we tried shutting down the nice way, but since you're not listening, we're going to make all your mail bounce.
But what does that mean? Why am I listed?
You're not actually listed on ORDB. ORDB is returning a "yup, they're listed" answer for any IP address that people check. Meaning the whole world is listed. Everybody, not just you. It's not because they hate you, it's because they want people to stop querying their DNSBL.
If you received bounces from somebody that suggests that you're listed on ORDB, here's what to do:
- Call that person on the phone, if you can. Tell them all of their inbound mail is probably not working, and won't work, until they stop using ORDB. Point them to this page for more information.
- Don't worry. The person who bounced your mail is suddenly now having problems receiving any mail at all. They're likely to figure this out very quickly and fix it. Try your mail again, in a day or two.
Status of rbl.spamhaus.org: NOT A BLOCKING LIST
My friend Mickey Chandler pointed out recently that he's been seeing some unusual bounces that look like this:
Host blacklisted - Found on Realtime Black List server blocklist.address.is.wrong.spamhaus.org
Host blacklisted - Found on Realtime Black List server blocklist.address.is.wrong.spamhaus.org
Labels:
dead dnsbls,
dnsbl,
no such dnsbl,
spamhaus
Status of blackhole.securitysage.com: DOWN
The RHSBL (right hand side blocking list) blackhole.securitysage.com appears to have been created by Jeffrey Posluns and appears to have been around since at least August, 2004.
I received a report today indicating that a mail administrator has been unable to reliably query the blackhole.securitysage.com DNSBL zone. With the help of my friends, I was able to confirm this issue.
It looks to be a DNS issue. What we see from here is that the zone blackhole.securitysage.com is delegated to nameserver blackhole.securitysage.com. The two DNS "glue entries" for the zone are servers that aren't configured to be authoritative for the zone, so no results are returned. Ultimately, this points toward a DNS configuration issue with this domain and/or sub-domain.
The popular anti-spam filter SpamAssassin has been tracking this issue since at least October 8, 2007. On October 17th, SpamAssassin decide to remove support for this list (implemented in the DNS_FROM_SECURITYSAGE rule), due to the ongoing issues with accessing this DNSBL.
As a result of this ongoing issue, I recommend against using the blackhole.securitysage.com blocking list. If you continue to check against this list; queries are likely to time out and it could delay the receipt of inbound mail. Use of this list while this issue persists is likely to provide no blocking or filtering benefit.
I, and others, have contacted Security Sage and Mr. Posluns, making him aware of the issue and asking for more information. I'll be sure to update this page with more information as I have it.
11/03/2007 update: I've seen no response to my email to Mr. Posluns, nor to a friend's email to Security Sage's support address. I emailed that support address today, and my attempt bounced. The error message suggested an SPF failure. The fact that I publish a working SPF record, and other information in the bounce, suggest that it is in error. I guess that means either nobody's home, or they don't want anyone to contact them.
5/26/2008 update: Way back in November, I talked to Jeffrey Posluns. He is no longer actively involved with Security Sage, but was kind enough to nudge the folks running things, in hopes of making things better. It fell off my radar, until a few days ago, when I was alerted to the fact that Security Sage's domains have expired.
Net result: Broken blocklist. Has a wildcard listing, meaning that if you use their list, you're probably negatively impacting your own email delivery.
My recommendation: Stop using this blocklist immediately and permanently. Even if they do somehow manage to pull things back together, they don't have a good track record of staying online.
I received a report today indicating that a mail administrator has been unable to reliably query the blackhole.securitysage.com DNSBL zone. With the help of my friends, I was able to confirm this issue.
It looks to be a DNS issue. What we see from here is that the zone blackhole.securitysage.com is delegated to nameserver blackhole.securitysage.com. The two DNS "glue entries" for the zone are servers that aren't configured to be authoritative for the zone, so no results are returned. Ultimately, this points toward a DNS configuration issue with this domain and/or sub-domain.
The popular anti-spam filter SpamAssassin has been tracking this issue since at least October 8, 2007. On October 17th, SpamAssassin decide to remove support for this list (implemented in the DNS_FROM_SECURITYSAGE rule), due to the ongoing issues with accessing this DNSBL.
As a result of this ongoing issue, I recommend against using the blackhole.securitysage.com blocking list. If you continue to check against this list; queries are likely to time out and it could delay the receipt of inbound mail. Use of this list while this issue persists is likely to provide no blocking or filtering benefit.
I, and others, have contacted Security Sage and Mr. Posluns, making him aware of the issue and asking for more information. I'll be sure to update this page with more information as I have it.
11/03/2007 update: I've seen no response to my email to Mr. Posluns, nor to a friend's email to Security Sage's support address. I emailed that support address today, and my attempt bounced. The error message suggested an SPF failure. The fact that I publish a working SPF record, and other information in the bounce, suggest that it is in error. I guess that means either nobody's home, or they don't want anyone to contact them.
5/26/2008 update: Way back in November, I talked to Jeffrey Posluns. He is no longer actively involved with Security Sage, but was kind enough to nudge the folks running things, in hopes of making things better. It fell off my radar, until a few days ago, when I was alerted to the fact that Security Sage's domains have expired.
Net result: Broken blocklist. Has a wildcard listing, meaning that if you use their list, you're probably negatively impacting your own email delivery.
My recommendation: Stop using this blocklist immediately and permanently. Even if they do somehow manage to pull things back together, they don't have a good track record of staying online.
Subscribe to:
Posts (Atom)