Even in times of Facebook, WhatsApp, and endless kinds of collaboration tools, email plays a big role in digital communication. For a secure and pleasant experience in your inbox, it is just as relevant now as ever to know how to recognize and prevent spam. Even decades after the first spam messages were sent, it is important to maintain a certain sense of caution with your emails.
In practice, high-performance security mechanisms, such as greylisting, catch the most annoying or dangerous emails. One important part of these mechanisms are Domain Name System-based Blackhole Lists (DNSBL) – blocklists for questionable sender addresses that can be retrieved in real-time. Keep reading to find out what a DNS-based Blackhole List is, how exactly it works, and what advantages and disadvantages it has.
$1 Domain Names
Register great TLDs for less than $1 for the first year.
Why wait? Grab your favorite domain name today!
Matching emailSSL certificate24/7/365 supportA Domain Name System-based Blackhole List (DNS-based Blackhole List or DNSBL for short) is a service that email servers can use to quickly check the spam potential of IP addresses. A DNSBL has access to a list of addresses that are known senders of spam. A querying mail server can inspect the list in real-time using a DNS request. Most server software can be configured to consult several DNS-based Blackhole Lists, providing the user with even better protection against unwanted junk mail. If the DNSBL query comes up with a hit, the message coming from that email address will be blocked or marked as spam.
In the context of computer networks, the term “blackhole” refers to a connection in which incoming or outgoing traffic is dropped rather than forwarded and the data source is not informed.
When reading about DNSBL, you’ll probably come across the term Real-time Blackhole List (RBL). Sometimes the terms are used interchangeably, although this isn’t quite correct. A Real-time Blackhole List is one available DNSBL and admittedly a very important one. As a part of the anti-spam initiative Mail Abuse Prevention Systems (MAPS), it became the first official DNS-based Blackhole List in 1997.
Originally, the computer scientist behind RBL, Paul Vixie, published the spam blocklist (also known as “blacklist”, which is politically incorrect today) as BGP Feed (Border Gateway Protocol) rather than as a DNSBL. The feed contained a list of known spam addresses that was sent to subscribers’ routers using the BGP protocol. Eric Ziegast, a developer working with Vixie on the MAPS project, initiated the transition to the more effective DNS-based transmission.
In addition to RBL, there are now countless other DNSBLs, such as the Spamhouse Block List (SBL), SORBS (Spam and Open Relay Blocking System) and ASPEWS (Another Spam Prevention Early Warning System). These lists mostly differ with respect to their goals (which type of IP addresses are listed - individual, ISPs, proxies, etc.), their sources (where the IP addresses listed come from) and their lifespan (how long IPs are listed for).
Three things are required to run a DNSBL query service:
The most difficult part of maintaining a DNSBL, without a doubt, is building the list itself. Operators need to develop a clear strategy and stick to it long-term to gain and maintain users’ trust. Specific policies that are made public give an impression of what it means to be listed in the DNSBL and how the list positions itself in terms of the three points listed above (goals, source(s), and lifespan).
On the side of the mail servers that have chosen a DNS-based Blackhole List to check for spam, the service is simple:
Querying a DNS-based Blackhole List works similarly to a Reverse DNS Lookup. The main difference between the two query types lies in the record type: In the case of a rDNS query, the PTR record is looked up instead of the A record.
The most popular use of Domain Name System-based Blackhole Lists is as the basis for a spam filter. But these practical lists also have several uses in other software and alternative contexts entirely:
Rule-based spam analysis software: Rule-based anti-spam programs such as Spamassassin can be used for a more complex analysis of a larger set of DNSBLs. This type of software uses a separate rule for each DNS-based Blackhole List, which can be referred to in combination with other rules when evaluating an incoming message. This way, emails aren’t weeded out just because their sender is on a DNSBL; instead, a set of clearly defined criteria are used to decide what is sent to the spam folder. The process can, however, lead to slower message retrieval.
Combination with other list types: One of the most important tasks in managing a Domain Name System-based Blackhole List is regular maintenance of the list. If entries are no longer up to date, perfectly acceptable messages will end up in the spam folder. To prevent this, many filters use combinations with other list types, including allowlists or passlists (“whitelists”). Depending on the tool and settings, address entries on a passlist can be given more weight than (often out-of-date) entries for the same address in a DNSBL.
Make your data exchange more secure with SSL certificates from IONOS and strengthen customer trust.
DNS-based Blackhole Lists are one of the most important parts of fighting spam, especially from the perspective of the user. The fact that listed entries can be queried via DNS makes the services quick and easy for mail servers to use, making it possible to display a filtered inbox without any noticeable effect on performance. The query method is easy to implement for developers and operators of email servers.
However, DNS services do come with a series of problems and difficulties, especially in terms being trustworthy and up to date. There is, for example, no guarantee that the entries in a DNSBL are justified and regularly updated by the DNSBL provider. Additionally, it’s often very difficult to remove addresses from the register of a DNS-based Blackhole List once they’ve landed on the list. Users of IPs that have been hacked in the past and used for spam will have a hard time rehabilitating their address.
If you regularly send large quantities of emails, you should consider a dedicated IP from a provider you trust, to keep the reputation of the address in your own hands and have a strong partner on your side should worst come to worst.
Scammers send out dubious e-mails attempting to obtain sensitive data from internet users every day. This is known as phishing and isn’t just annoying; fraudulent e-mails cost millions each year as internet users fall victim to them. We reveal how to identify phishing e-mails and how to render your inbox harmless.
Operating systems, such as Windows or macOS, automatically save information about address resolution from systems and applications in the network in a DNS cache. The purpose of this practical cache is to speed up network traffic. Read on to find out why it’s useful to regularly clear the DNS cache and how exactly such a DNS flush works.
It can make sense to change DNS servers (typically that of the internet provider) for a number of reasons: One example is that it can enable faster access times on the World Wide Web. In this guide, you’ll find out why this is the case and how you can change DNS server on Windows 10, macOS, and other operating systems.
Internet users are constantly the target of cyberattacks. Most attacks are easy to fend off, but a new form of scam has proven to be especially dangerous. Spear phishing messages don’t contain absurd claims or bad spelling. These deceitful messages target specific individuals and look frighteningly real. How do these attacks work?
DNS spoofing involves tampering with DNS name resolution. This kind of attack poses a serious threat to internet users. Here you will learn how the different types of attack methods work, which targets attackers go after, and what you can do to effectively protect yourself.
Provide powerful and reliable service to your clients with a web hosting package from IONOS.
View packages
