A DNS Blacklist, or DNSBL (definition below), is a means by which an Internet site may publish a list of IP addresses that some people may want to avoid and in a format which can be easily queried by computer programs on the Internet. The technology is built on top of the Internet Domain Name System, or DNS. DNSBLs are chiefly used to publish lists of addresses linked to spamming. Most mail transport agent (mail server) software can be configured to reject or flag messages which have been sent from a site listed on one or more such lists. A DNS Blacklist, or DNSBL (definition below), is a means by which an Internet site may publish a list of IP addresses that some people may want to avoid and in a format which can be easily queried by computer programs on the Internet. ... This article or section does not cite any references or sources. ... It has been suggested that this article be split into multiple articles. ... A KMail folder full of spam emails collected over a few days. ... A mail transfer agent or MTA (also called a mail server, or a mail exchange server in the context of the Domain Name System) is a computer program or software agent which transfers electronic mail messages from one computer to another. ...

DNSBL names a medium, not any specific list or policy. There has been a good deal of controversy over the past several years over the operation of specific lists, such as the MAPS RBL and SPEWS. The Mail Abuse Prevention System (MAPS) was founded in 1996 as a non-profit organization to pioneer innovative anti-spam techniques (e-mail). ... The Spam Prevention Early Warning System (SPEWS) is an anonymous service which maintains a list of IP address ranges belonging to Internet service providers which host spammers. ...

Terminology

The following are all closely related terms:

• RBL is an abbreviation for "Real-time Blackhole List". As mentioned below, "RBL" was the name of the first system to use this technology. However, since "RBL" is a trademark for the proprietary MAPS DNSBL, using it as a generic term causes trademark dilution. Some pieces of mail software have configuration parameters that use "RBLs" or "RBL domains" when any DNSBLs can be used, not just the MAPS RBL.

• DNSBL is an abbreviation that usually stands for "DNS blacklist", although different DNSBL operators define the term in various ways. The use of the word "blacklist" is somewhat controversial. The reasons cited include its association with Joseph McCarthy and legal liability ^[1]. Instead, some people have suggested that DNSBL should stand for "DNS blocklist" even though DNSBLs are not always used for direct blocking, or "DNS blackhole list" even though that may still infringe on MAPS's trademark and isn't a true blackhole. The term "rejectlist" has also been used from almost the beginning.

• DRBL is an abbreviation for "Distributed Realtime Block List". The MAPS RBL service worked well for a long time. Unfortunately, MAPS LLC stopped their free services on July 31 2001, turning into a paid list then. DRBL differs from MAPS RBL in its distributed nature. Instead of a proprietary database controlled by certain people, DRBL offers every network to establish its own database and share it with colleagues. DRBL method of operation is similar to "old" RBL, but the main difference is (1) using many "local" databases instead of one centralized and (2) sharing information among them, so many other networks can make decisions whether some server is a junk generator and has to be banned, and ever do that automatically by getting and analyzing such information from different sources.

• DNSWL is an abbreviation for "DNS whitelist". It is a list of IP addresses that some people may want to treat more favorably.

• RHSBL is an abbreviation for "Right Hand Side Blacklist". This is similar to a DNSBL but it lists domain names rather than IP addresses. The term comes from the "right-hand side" of an email address -- the part after the @ sign -- which clients look up in the RHSBL.

• URIBL is an abbreviation for "Uniform Resource Identifier Blacklist". A URIBL lists domain names and IP addresses that appear in URIs such as web sites mentioned in message bodies. It contrasts with a RHSBL which lists domain names used in e-mail addresses ^[2].

Dilution is a trademark law concept forbidding the use of a famous trademark in a way that would lessen its uniqueness. ... Joseph Raymond McCarthy (November 14, 1908 – May 2, 1957) was a Republican U.S. Senator from the state of Wisconsin between 1947 and 1957. ... In networking, black holes refer to places in the network where incoming traffic is silently discarded (or dropped), without informing the source that the data did not reach its intended recipient. ... The term domain name has multiple related meanings: A name that identifies a computer or computers on the internet. ... A Uniform Resource Identifier (URI), is a compact string of characters used to identify or name a resource. ... The term domain name has multiple related meanings: A name that identifies a computer or computers on the internet. ...

History of DNSBLs

The first DNSBL was the Real-time Blackhole List (RBL), created in 1997 by Paul Vixie and Dave Rand as part of the Mail Abuse Prevention System (MAPS). Initially, the RBL was not a DNSBL, but rather a list of commands that could be used to program routers so that network operators could blackhole all TCP/IP traffic for machines used to send spam or host spam supporting services, such as a website. Vixie, an influential Internet programmer, network administrator and CTO of AboveNet, was able to install these blackhole routes in key routers so that many people across the internet would not be able to connect to these machines, even if they wanted to. Paul Vixie is the author of several RFCs and well known UNIX system programs, among them SENDS, proxynet, rtty and Vixie cron. ... The Mail Abuse Prevention System (MAPS) was founded in 1996 as a non-profit organization to pioneer innovative anti-spam techniques (e-mail). ... Cisco 1800 Router ERS-8600 In simple layman terms, a router is a device that determines the proper path for data to travel between different networks. ... In networking, black holes refer to places in the network where incoming traffic is silently discarded (or dropped), without informing the source that the data did not reach its intended recipient. ... The Internet protocol suite is the set of communications protocols that implement the protocol stack on which the Internet runs. ... AboveNet, Inc. ...

The purpose of the RBL was not simply to block spam—it was to educate Internet service providers and other Internet sites about spam and related problems, such as open SMTP relays, spamvertising, etc. Before an address would be listed on the RBL, volunteers and MAPS staff would attempt repeatedly to contact the persons responsible for it and get its problems corrected. Such effort was considered very important before blackholing all network traffic, but it also meant that spammers and spam supporting ISPs could delay being put on the RBL for long periods while such discussions went on. “ISP” redirects here. ... Simple Mail Transfer Protocol (SMTP) is the de facto standard for email transmission across the Internet. ... Spamvertising is the practice of sending E-mail_spam, advertising a website. ...

Later, the RBL was also released in a DNSBL form and Paul Vixie encouraged the authors of sendmail and other mail software to implement RBL clients. These allowed the mail software to query the RBL and reject mail from listed sites on a per mail server basis instead of blackholing all traffic. Sendmail is a mail transfer agent (MTA) that is a well known project of the open source, free software and Unix communities, which is distributed both as free software and proprietary software. ...

Soon after the advent of the RBL, others started developing their own lists with different policies. One of the first was Alan Brown's Open Relay Behavior-modification System (ORBS). This used automated testing to discover and list mail servers running as open mail relays—exploitable by spammers to carry their spam. ORBS was controversial at the time because many people felt running an open relay was acceptable, and that scanning the Internet for open mail servers could be abusive. To meet Wikipedias quality standards, this article or section may require cleanup. ... An open mail relay is an SMTP (email) server configured in such a way that it allows anyone on the Internet to relay (i. ... This article is about spam, the abuse of electronic communications media to send unsolicited bulk messages. ...

In 2003, a number of DNSBLs have come under denial-of-service attacks. Since no party has admitted to these attacks nor been discovered responsible, their purpose is a matter of speculation. However, many observers believe the attacks are perpetrated by spammers in order to interfere with the DNSBLs' operation or hound them into shutting down. In August 2003, the firm Osirusoft, an operator of several DNSBLs including one based on the SPEWS data set, shut down its lists after suffering weeks of near-continuous attack. Year 2003 (MMIII) was a common year starting on Wednesday (link displays 2003 calendar) of the Gregorian calendar. ... A denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended users. ... 2003 : January - February - March - April - May - June - July - August - September - October - November - December A timeline of events in the news for August, 2003. ... The Spam Prevention Early Warning System (SPEWS) is an anonymous service which maintains a list of IP address ranges belonging to Internet service providers which host spammers. ...

Major events: ORBS controversy, lawsuits, RBL commercialization, ORBS breakup, ORBZ, SBL, SPEWS, RHSBLs SBL stands for Super Basketball Leaque, official basketball games that played in Taiwan. ... The Spam Prevention Early Warning System (SPEWS) is an anonymous service which maintains a list of IP address ranges belonging to Internet service providers which host spammers. ...

DNSBL operation

To operate a DNSBL requires three things: a domain to host it under, a nameserver for that domain, and a list of addresses to publish.

It is possible to serve a DNSBL using BIND, the popular DNS software. However, BIND is inefficient for zones containing large numbers of addresses, particularly DNSBLs which list entire Classless Inter-Domain Routing netblocks. DNSBL-specific software—such as Michael J. Tokarev's rbldnsd or Daniel J. Bernstein's rbldns—is faster, uses less memory, and is easier to configure than the general-purpose BIND. Alternatively, Simplicita Software offers a commercial DNSBL server that provides additional benefits such as point-in-time auditing and 24/7 IP address monitoring. BIND (Berkeley Internet Name Domain, previously: Berkeley Internet Name Daemon) is the most commonly used DNS server on the Internet, especially on Unix-like systems, where it is a de facto standard. ... Warning! This Article contains disinformation. ... Daniel Julius Bernstein (sometimes known simply as djb; born October 29, 1971) is a professor at the University of Illinois at Chicago, a mathematician, a cryptologist, and a programmer. ...

The hard part of operating a DNSBL is populating it with addresses. DNSBLs intended for public use usually have specific, published policies as to what a listing means, and must be operated accordingly to attain or keep public confidence.

DNSBL queries

When a mail server receives a connection from a client, and wishes to check that client against a DNSBL (let's say, dnsbl.example.net), it does more or less the following:

1. Take the client's IP address—say, 192.168.42.23—and reverse the bytes, yielding 23.42.168.192.
2. Append the DNSBL's domain name: 23.42.168.192.dnsbl.example.net.
3. Look up this name in the DNS as a domain name ("A" record). This will return either an address, indicating that the client is listed; or an "NXDOMAIN" ("No such domain") code, indicating that the client is not.
4. Optionally, if the client is listed, look up the name as a text record ("TXT" record). Most DNSBLs publish information about why a client is listed as TXT records.

Looking up an address in a DNSBL is thus similar to looking it up in reverse-DNS. The differences are that a DNSBL lookup uses the "A" rather than "PTR" record type, and uses a forward domain (such as dnsbl.example.net above) rather than the special reverse domain in-addr.arpa.

There is an informal protocol for the addresses returned by DNSBL queries which match. Most DNSBLs return an address in the 127.0.0.0/8 IP loopback network. The address 127.0.0.2 indicates a generic listing. Other addresses in this block may indicate something specific about the listing—that it indicates an open relay, proxy, spammer-owned host, etc. [1] A loopback is a communications channel with only one endpoint. ...

DNSBL policies

Different DNSBLs have different policies. DNSBL policies differ from one another on three fronts:

• Goals. What does the DNSBL seek to list? Is it a list of open-relay mail servers or open proxies—or of IP addresses known to send spam—or perhaps of IP addresses belonging to ISPs that harbor spammers?
• Nomination. How does the DNSBL discover addresses to list? Does it use nominations submitted by users? Spam-trap addresses or honeypots?
• Listing lifetime. How long does a listing last? Are they automatically expired, or only removed manually? What can the operator of a listed host do to have it delisted?

It has been suggested that Honeynet be merged into this article or section. ...

Criticisms

Email users who find their messages blocked from mail servers that use DNSBLs often object vociferously, sometimes to the extent of attacking the existence of the lists themselves. The following lists are controversial:

• Lists of dynamic or dial-up IP addresses. These lists most often also include "static" ADSL addresses, thus "end-user IP addresses" might have been a better description. Some mail sites choose not to accept messages from such addresses, since they are often home computers exploited by spammer viruses.
  This can inconvenience SOHO users who wish to run their own mail servers on residential ISP connections or local MTAs on laptops for example. (To work around this, users who wish to run their own mail server are expected to relay via their ISP's mail server using the smart host functionality built-in to most mail servers.)
  Additionally, it may be tricky to get a mistakenly listed IP address removed. For example, to request removal from the DUL provided by dynablock.njabl.org, you are supposed to send an email to removals at mail.njabl.org [2] but that address is in turn protected by the same DUL you are asking to be removed from.
• Lists that include "spam-support operations", such as MAPS RBL. A spam-support operation is a site that may not directly send spam, but provides commercial services for spammers, such as hosting of Web sites that are advertised in spam. Refusal to accept mail from spam-support operations is intended as a boycott to encourage such sites to cease doing business with spammers, at the expense of inconveniencing non-spammers who use the same site as spammers.
• Predictive ("early warning") lists, notably SPEWS. SPEWS lists addresses belonging to spam-support operations, under the hypothesis that such addresses are more likely to send spam in the future. SPEWS "escalates" listings, increasing the size of the netblock listed, as a site continues to support spam.

Although many have voiced objections to specific DNSBLs, few people object to the principle that mail-receiving sites should be able to reject undesired mail systematically. One who does is John Gilmore, who deliberately operates an open mail relay. Gilmore accuses DNSBL operators of violating antitrust law. Asymmetric Digital Subscriber Line (ADSL) is a form of DSL, a data communications technology that enables faster data transmission over copper telephone lines than a conventional modem can provide. ... A mail transfer agent or MTA (also called a mail transport agent, mail server, or a mail exchanger in the context of the Domain Name System) is a computer program or software agent that transfers electronic mail messages from one computer to another. ... A smart host is a type of mail relay server which allows an SMTP server to route e-mail to an intermediate mail server rather than directly to the recipient’s server. ... Look up Boycott in Wiktionary, the free dictionary. ... The Spam Prevention Early Warning System (SPEWS) is an anonymous service which maintains a list of IP address ranges belonging to Internet service providers which host spammers. ... John Gilmore John Gilmore is one of the founders of the Electronic Frontier Foundation, the Cypherpunks mailing list, and Cygnus Solutions. ... An open mail relay is an SMTP (email) server configured in such a way that it allows anyone on the Internet to relay (i. ... This article is about anti-competitive business behavior. ...

For Joe Blow to refuse emails is legal (though it's bad policy, akin to "shooting the messenger"). But if Joe and ten million friends all gang up to make a blacklist, they are exercising illegal monopoly power. [3]

A number of parties, such as the Electronic Frontier Foundation and Peacefire, have raised concerns about some use of DNSBLs by ISPs. One joint statement issued by a group including EFF and Peacefire addressed "stealth blocking", in which ISPs use DNSBLs or other spam-blocking techniques without informing their clients. [4] EFF Logo The Electronic Frontier Foundation (EFF) is a non-profit advocacy and legal organization based in the United States with the stated purpose of being dedicated to preserving free speech rights such as those protected by the First Amendment to the United States Constitution in the context of today... Peacefire. ... “ISP” redirects here. ... Peacefire. ...

Spammers have pursued lawsuits against DNSBL operators on similar grounds:

• In 2003, a newly-formed corporation calling itself "EmarketersAmerica" filed suit against a number of DNSBL operators in Florida court. Backed by spammer Eddy Marin, the company claimed to be a trade organization of "email marketers" and that DNSBL operators Spamhaus and SPEWS were engaged in restraint of trade. The suit was eventually dismissed for lack of standing. [5]
• In 2006 a US court required Spamhaus to pay $11,715,000 in damages to the spammer "e360 Insight LLC", see e360 Lawsuit.

Year 2003 (MMIII) was a common year starting on Wednesday (link displays 2003 calendar) of the Gregorian calendar. ... Official language(s) English Capital Tallahassee Largest city Jacksonville Largest metro area Miami Area  Ranked 22nd  - Total 65,795[1] sq mi (170,304[1] km²)  - Width 361 miles (582 km)  - Length 447 miles (721 km)  - % water 17. ... The Spamhaus Project is a completely volunteer effort founded by Steve Linford in 1998 that aims to track e-mail spammers and spam-related activity. ... The Spam Prevention Early Warning System (SPEWS) is an anonymous service which maintains a list of IP address ranges belonging to Internet service providers which host spammers. ... At present, the law will not enforce certain types of contracts on the ground of illegality. ... In law, standing or locus standi is the ability of a party to demonstrate to the court sufficient connection to and harm from the law or action challenged. ... For the Manfred Mann album, see 2006 (album). ... The Spamhaus Project is a completely volunteer effort founded by Steve Linford in 1998 that aims to track e-mail spammers and spam-related activity. ...

See also

• Comparison of DNS blacklists
• News.admin.net-abuse.blocklisting

The following table lists technical information for a number of DNS blacklists. ... news. ...

Notes and references

Year 2007 (MMVII) is now the current year, a common year starting on Monday of the Gregorian calendar and the AD/CE era. ... is the 26th day of the year in the Gregorian calendar. ... Year 2007 (MMVII) is now the current year, a common year starting on Monday of the Gregorian calendar and the AD/CE era. ... is the 26th day of the year in the Gregorian calendar. ...

External links

• Spamhaus Block List
• SORBS DNSBL
• Distributed Sender Blackhole List
• Distributed Realtime Block List
• Black-Hole DNS List for blocking Malware and Spyware
• linux.ie: What is a DNS Blacklist?
• Declude's list of known DNS-Based spam databases
• Jørgen Mash's list of DNSBL Databases
• SURBL - Lists of URIs that have been advertised in UBE/UCE
• URIBL.com - RHSBL, classifies domains into red, black, grey, and white lists
• SARE RBL Lookup - RulesEmporium's SURBL+ Checker, SpamAssassin friendly
• Community Run List Of Free Providers
• A DNSBL and RBL IP checker
• How to Setup RBL with your MTA - ORBITrbl is an Aggressive black list by ORBITnet
• NetOp.org - a method for distributing geolocation information by DNSBL
• MXToolBox - free DNSBL lookup tool to check your IP Address against approximately 140 blacklists.
• Yafrf - free DNSBL lookup (web interface and mozilla plugin) tool to check ip against active and useful blacklists.