DNSBL
When DNS -based Blackhole List ( DNSBL ) are called queryable in real time black lists that are used to classify email as spam dubious origin. The first known to a wider professional public has become DNSBL was the Real - time Blackhole List (RBL ), the (English: Mail Abuse Prevention System) as part of Paul Vixie's MAPS was only made as a BGP feed and later as DNSBL available. RBL is a registered trademark of Trend Micro.
Function
In most DNSBLs IP addresses are listed by computers, which are noticed in the past by frequent sending unsolicited spam messages. Some lists also contain sources of computer viruses and other malware. Today, it usually is on these computers to trojaned PCs or rarely open mail relays that have been abused by spammers.
These lists can email server or spam detection software (such as SpamAssassin ) when you receive a mail in near real time evaluate on the DNS protocol and refuse to accept the mail in case of positive result, the acceptance of mail delay ( tar pit, Greylisting ), or the mail to highlight that it can be filtered by the receiver without much effort. A list of several trustworthy RBLs in conjunction with Greylisting has proven to be very efficient (as of end of 2007).
The query a DNSBL is, as the name suggests, from a technical perspective, a DNS query. So usually no additional release in the firewall.
Pros and Cons
The advantage of DNSBLs lies in the fact that the query is fast and is easy to implement technically.
With appropriate use, the use is very efficient and rarely produces false -positive results.
The main drawback of DNSBLs best shows an example:
Sent a customer spam through the mail server of his ISP and the IP address of the mail server is listed therefore can mail other clients that use the same mail server, are classified as spam. Similar problems have virtually any senders of bulk mail, even with Confirmed Opt-In.
Are e- mails will be rejected due to DNSBL entries and multiple DNSBLs are used in a row, this has the disadvantage that the proportion of false positives added. For this reason, only a few, well-chosen DNSBLs are used to reject e-mails. To mitigate this problem, the results of DNSBL queries can be weighted together with other criteria. The result is then used for spam classification and possibly used to reject the mail ( as used eg for SpamAssassin ).
Some DNSBLs, it is difficult, expensive or even impossible to let remove an IP address again ( delisting ). In such cases, the DNSBL hurts less spammers rather than the owners of abused computers. The administrator of the mail server must therefore carefully weigh the RBLs he used to avoid false positive results. Some RBLs such as spamhaus.org Spamcop or remove the list items after a certain time automatically.