What is an Anti-Spam DNS Blacklist?

The Internet Patrol default featured image
Share the knowledge

A friend of mine recently said that they were unable to send me email because my ISP uses a “blacklist” and their email address was listed on that blacklist.

What are these blacklists? Who runs them, and why do they get to decide whether my friend can send me email or not?


Get New Internet Patrol Articles by Email!


Dear P.J.,

Your friend is almost certainly referring to what is typically known in the industry as either a DNS blocklist, or a DNS blacklist, depending upon with whom you speak.

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

Such a DNS list is typically a list of IP addresses all of which have some trait or traits in common, usually having to do with their association with spam. For example, a list might be a list of all IP addresses of which the list maintainer is aware which harbor open proxies or open mail relays through which a spammer has recently sent spam. Or it might be a list of IP addresses which are known to send email (spam) which does not meet with the list maintainer’s standards for the sending of bulk email. It could even be something like a list of all IP addresses which the list maintainer doesn’t like because they end in an odd number, or the numbers add up to 13, or any other arbitrary criteria set by the list maintainer.

Email receivers, such as ISPs and some spam filters, may choose to check this list whenever they get an incoming email, to see whether the IP address sending the email is listed on the DNS list. If the IP address is listed on the list, the ISP may choose to block the email rather than to accept and deliver it – hence the term “blocklist”. There has been a great deal of debate as to whether these lists are more properly called “blocklists” or “blacklists”, but it really doesn’t matter what they are called – their function is to serve as an advisory for the receiving systems which use them. There are presently at least a dozen or so such lists which are used on a regular basis by ISPs and spam filters, and probably at least a dozen more which are used by smaller or less public systems.

Unfortunately, problems can occur when either the receiving system doesn’t really understand the nature of the list they are using, or when the list maintainer doesn’t have in place adequate methods for ensuring against false positives, or both. For example, some DNS blocklists will list an entire block of IP addresses belonging to a given site, even though only one of those IP addresses actually was associated with the underlying spam. This means that if a receiving ISP uses that list, they may end up rejecting all email coming from that site, not just spam. Other blocklists may list an IP address based only on complaints from users, without checking the facts, causing IP addresses to get listed on the blocklist simply because the user forgot that they had subscribed to a given email list, and so they reported it to the blocklist maintainer as ‘spam’.

Now don’t get us wrong. There are some very well-maintained blocklists out there – two which come immediately to our mind are SpamHaus and MAPS. However there are others which are somewhat less well maintained, and those typically are the ones which cause the problems.

As to your friend’s problem, both of you should determine which DNS blocklist is involved, and then contact the abuse and support departments of your respective ISPs, and ask them to please get the situation resolved. If it turns out that the IP address is properly listed in a responsibly-maintained DNS blocklist, then perhaps your friend should consider moving to a new provider. If it turns out that the list in question is one of the less reliably maintained lists, and your ISP continues to use it despite evidence of its unreliability, then perhaps it is your own ISP which needs to be replaced.

Incidentally, a great place to look up on which blocklists, if any, a given IP address is listed is at http://www.samspade.org.

Share the knowledge

3 thoughts on “What is an Anti-Spam DNS Blacklist?

  1. While DNS blocklists or RBL lists are a great way to stop spammers, they should be treated with kid-gloves as they are not perfect. These lists should be used along with other things to help protect against spam.



  3. “For example, some DNS blocklists will list an entire block of IP addresses belonging to a given site, even though only one of those IP addresses actually was associated with the underlying spam.”

    There is an implication of lack of fairness in this statement. Some ISP’s ignore complaints about spam, because the spammers are paying for bandwidth and server space. There is also the issue of dynamic allocation of DNS addresses – which means that the address used by a spammer now is not the same as used 10 minutes ago, or in the future. Either way, blocking the entire ISP puts pressure on the ISP to clean up, as they otherwise stand to lose all of their legitimate well behaved customers. Kind of like a neighborhood citizen’s group boycotting a retailer in order to force certain goods either onto or off of the shelf.

Leave a Reply

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.