What is an Anti-Spam DNS Blacklist?   6/9/2004 - 1,532 views, 3 Comments

—

Dear P.J.,

Your friend is almost certainly referring to what is typically known in the industry as either a DNS blocklist, or a DNS blacklist, depending upon with whom you speak.

Such a DNS list is typically a list of IP addresses all of which have some trait or traits in common, usually having to do with their association with spam. For example, a list might be a list of all IP addresses of which the list maintainer is aware which harbor open proxies or open mail relays through which a spammer has recently sent spam. Or it might be a list of IP addresses which are known to send email (spam) which does not meet with the list maintainer’s standards for the sending of bulk email. It could even be something like a list of all IP addresses which the list maintainer doesn’t like because they end in an odd number, or the numbers add up to 13, or any other arbitrary criteria set by the list maintainer.

Email receivers, such as ISPs and some spam filters, may choose to check this list whenever they get an incoming email, to see whether the IP address sending the email is listed on the DNS list. If the IP address is listed on the list, the ISP may choose to block the email rather than to accept and deliver it - hence the term “blocklist”. There has been a great deal of debate as to whether these lists are more properly called “blocklists” or “blacklists”, but it really doesn’t matter what they are called - their function is to serve as an advisory for the receiving systems which use them. There are presently at least a dozen or so such lists which are used on a regular basis by ISPs and spam filters, and probably at least a dozen more which are used by smaller or less public systems.

Unfortunately, problems can occur when either the receiving system doesn’t really understand the nature of the list they are using, or when the list maintainer doesn’t have in place adequate methods for ensuring against false positives, or both. For example, some DNS blocklists will list an entire block of IP addresses belonging to a given site, even though only one of those IP addresses actually was associated with the underlying spam. This means that if a receiving ISP uses that list, they may end up rejecting all email coming from that site, not just spam. Other blocklists may list an IP address based only on complaints from users, without checking the facts, causing IP addresses to get listed on the blocklist simply because the user forgot that they had subscribed to a given email list, and so they reported it to the blocklist maintainer as ’spam’.

Now don’t get us wrong. There are some very well-maintained blocklists out there - two which come immediately to our mind are SpamHaus and MAPS. However there are others which are somewhat less well maintained, and those typically are the ones which cause the problems.

As to your friend’s problem, both of you should determine which DNS blocklist is involved, and then contact the abuse and support departments of your respective ISPs, and ask them to please get the situation resolved. If it turns out that the IP address is properly listed in a responsibly-maintained DNS blocklist, then perhaps your friend should consider moving to a new provider. If it turns out that the list in question is one of the less reliably maintained lists, and your ISP continues to use it despite evidence of its unreliability, then perhaps it is your own ISP which needs to be replaced.

Incidentally, a great place to look up on which blocklists, if any, a given IP address is listed is at http://www.samspade.org.