Tuesday, June 2, 2009

The DNSBL

What is a DNSBL?

Domain Name System Blacklists, also known as DNSBL's or DNS Blacklists, are spam blocking lists that allow a website administrator to block messages from specific systems that have a history of sending spam. As their name implies, the lists are based on the Internet's Domain Name System, which converts complicated, numerical IP address such as 140.239.191.10 into domain names like example.net, making the lists much easier to read, use, and search. If the maintainer of a DNS Blacklist has in the past received spam of any kind from a specific domain name, that server would be "blacklisted" and all messages sent from it would be either flagged or rejected from all sites that use that specific list.

Where are the DNSBL ?

as an example, here are the default list Netasq provide in there Firewall:

DSBL: list.dsbl.org :
DSBL was a blocklist specialized in listing open relays and open proxies. It is off now.

SORBS: dnsbl.sorbs.net : The Spam and Open Relay Blocking System (SORBS) was conceived as an anti-spam project where a daemon would check "on-the-fly", all servers from which it received email to determine if that email was sent via various types of proxy and open-relay servers.

SPAMCOP: bl.spamcop.net : SpamCop determines the origin of unwanted email and reports it to the relevant Internet service providers.

SPAMHAUS: various list:

SPAMHAUSSBL: The SBL is a realtime database of IP addresses of verified spam sources and spam operations (including spammers, spam gangs and spam support services).

SPAMHAUSXBL: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies (HTTP, socks, AnalogX, wingate, etc), worms/viruses with built-in spam engines, and other types of trojan-horse exploits.

SPAMHAUSCOMB: Combo of SBL and XBL.

SPAMRBL: French List: OUTDATED,

For a full list, you can go here: http://www.dnsbl.info/dnsbl-list.php .