I recently checked a server where the client had problems receiving e-mail. Checking the spam filter revealed that the client was using 54 DNS blacklists to keep out the spam. As a result, the server was overloaded trying to check all the DNS blacklists. I would recommend keeping the number of lists to a minimum to prevent false positives and slowing your mail queue. But that leads to the next question, what blacklists should you use?
Should you use a DNSBL?
I guess is should address this issue first. A lot of people argue that DNS Blacklists are useless and annoying. The main problem with DNSBL is that they can contain false positives. It can be easy to get on a blacklist by sending a lot of newsletters or catching a virus, but it’s hard to get off a blacklist. Most spammers keep switching servers to avoid getting blocked by the blocklists. This all might make it seem like that DNSBL are not worth it.
However, in my opinion, you should use one or two of the DNSBL listed below as a filter to keep most of the junk mail out. You should never try to filter out all spam using DNSBL. Deploy a good filter solution using a Bayesian filtering engine to keep out the real spam. A DNSBL is like a large filter to keep the big chunks out.
What are some recommended DNS Blacklists?
Checking the blacklists at valli.org reveals that there are over 300 blacklists. Under normal circumstances, you should only need one or two blacklists to block up to 70% of the spam. Here are a few DNS blacklists which I like to use. Please note that these servers are my personal preference and I am not saying that these servers are the best out there.
The Spamhaus Project is an international organization, based in both London and Geneva, founded in 1998 by Steve Linford to track email spammers and spam-related activity. The name Spamhaus, a pseudo-German expression, was coined by Linford to refer to an Internet service provider, or another firm, which spams or knowingly provides service to spammers.
I suggest using the ZEN blacklist. ZEN is the combination of all Spamhaus IP-based DNSBLs into one single powerful and comprehensive blocklist to make querying faster and simpler. It contains the SBL, SBLCSS, XBL and PBL blocklists.
zen.spamhaus.org should be the only spamhaus.org DNSBL in your IP blocklist configuration. You should not use ZEN together with other Spamhaus IP blocklists, or with blocklists already included in our zones (such as the CBL) or you will simply be wasting DNS queries and slowing your mail queue.
Barracuda Networks, Inc. is a company providing security, networking and storage products based on network appliances and cloud services. The company’s security products include products for protection against email, web surfing, web hackers and instant messaging threats such as spam, spyware, trojans, and viruses. The company’s networking and storage products include web filtering, load balancing, application delivery controllers, message archiving, NG firewalls, backup services and data protection.
Starting in September 2008, Barracuda Networks introduced the Barracuda Reputation Block List (BRBL – pronounced “bahr-bel”) as a free DNSBL of IP addresses known to send spam. Barracuda Networks fights spam and created the BRBL to help stop the spread of spam.
The BRBL is open to the public and can be used within reason. Barracuda Networks is currently making this service available free of charge.
While the blocklist might work without registration, Barracuda Networks suggest register free of charge. Registration ensures access to their DNSBL. Register here.
LashBack’s unsubscribe blacklist (“UBL”) is a unique, real-time blacklist of IP addresses which have sent email to addresses harvested from suppression files. There are approximately one million IPs on the UBL and it is updated on an hourly basis.
The listings are determined objectively and systematically. Only IPs that send the email to specially-created, LashBack owned-and-monitored email addresses (unsubscribe probes) — that are used only on suppression lists — are blacklisted.
LashBack has been monitoring unsubscribe compliance for more than a decade and this effort has resulted in, what we believe to be, the world’s largest unsubscribe intelligence database.
Spamcop has a mixed reputation. Because they rely almost entirely on user submissions the list has had some false positive problems in the past. The list works reasonably well, and you should certainly try it if you are heaving issues with SPAM. Just make sure to check this blacklist first if you get any issues with false positives.