[TAG] Using DNS blacklists to reject mail.

Michael Makuch linuxgazette at makuch.org
Sat Sep 20 20:01:24 MSD 2008 

I have been running sendmail for my own personal and business email for the
past eight years or so. And I have been using DNSBLs for most of that time.
I think DNSBL is a great tool to fight spam. I do not use any type of 
spam filtering that
requires the user to sift through junk/bulk folders as IMHO that 
completely misses the point.
I have encountered two issues with using DNSBL that were easily addressed.

The two issues I have encountered are 1) blacklists sometimes list a 
whole class C when
they should only be listing specific IPs and 2) I recently ran into a 
problem with the latency
involved in using DNSBL.

Occasionally the ISP of a friend or business associate will become 
blacklisted and that
person can no longer send email to me, they bounce back. Well when this 
happens it
is invariably someone who knows another way to contact me and does so. 
At that point
I check my maillog and whitelist the ISP. Solved.

Recently one particular ISPs mail server began timing out while 
communicating with my
sendmail. I narrowed the problem down do a DNSBL that had gone out of 
business,
removed it from my config and all was fine again.

Initially I used a long list of DNSBLs including spamhaus, abuseat, 
njabl, blitzed, dsbl,
ordb, JAMMConsulting and uceprotect. But over time I have shortened that 
list and I
currently only use zen.spamhaus.org.

I recommend DNSBL. I wish that many more ISPs would use DNSBLs as I
think they would work even better.

Mike

Joey Prestia wrote:
> Hi all,
>
> I am wanting to gather some information about using DNSBL on mail
> servers. I have been reading the information on most of the more popular
> used blacklists like Spamcop and Spamhaus. Now I have come up with all
> kinds of questions on the subject.
>
> I would like to hear from any mail server administrators of their
> experiences with these methods of rejecting spam at the "gate". It
> seems apparent that one must gage what type of spam and what type of
> lists to use very carefully because of the possibility of refusing valid
> mail?
>
> Is the implementation of using a DNSBL definitely something mail server
> administrators should consider?
>
> Is it common practice to use spamassassin and DNSBL together to reduce
> bombardment of spam?
>
> Although I have been using spamassassin for some time and see that it
> does a very good job of filtering and correctly labeling mail. Also the
> majority seems it could be prevented altogether by implementing the
> correct DNSBL or DNSBL's at the mail server level as I can see by
> spamassassin headers.
>
> One thing I have heard is that it is not a good practice to put into
> effect something like this because many bigger institutions can and
> periodically do get put on blacklists, through no fault of their own.
> One example I have seen:
> http://www.stanford.edu/services/email/antispam/blacklist.html is this
> an accurate representation of some of the possible effects of this being
> put into practice?
>
> Any recommendations as to suggested best practices in using these
> measures?
>
> Thanks,
>
>

More information about the TAG mailing list