Mail Spam Prevention with RBL/DNSBL
RBL stands for Real-time Black-hole List, this is a term for DNS based systems designed to assist in the prevention of email abuse. The first such system was created by Mail Abuse Prevention System (MAPS) LLC. The generic name for such services is DNSBL.
The RBL usually lists server IP addresses from ISPs whose customers are responsible for the spam and from ISPs whose servers are hijacked for spam relay. The DNSBL consists of a DNS based system containing lists of IP addresses whose owners refuse to stop the proliferation of spam whether this is by running their mail servers as open relays, or by allowing their users free outbound access to port 25.
In the case of E-mail there are distributed projects on the Internet which monitor where spam mail is originating from and add these to a real time list which can be checked when deciding whether to accept or deny mail.
Most spam on the Internet originates from two places:
- Virus/Trojan infected machines which appear to be running normally to a user but are also sending spam out to the Internet at large after being fed a list of addresses/spam e-mail from a remote operator.
- Professional spammers. Who send spam out from their own systems up to any limits by ISP or any compromised mail server.
The RBL identifies these machines by their internet address and adds them to a list that can be checked in real time by an e-mail server. If a server has been listed as a spam host the mail will be refused immediately. This means less overhead on e-mail systems and a lot less spam for end users. It also generally means less “fake” bounce messsages that users receive when spam is forged to come from them.
As subscribers to the DNSBL, ISPs and companies will know from which IP addresses to block traffic. Most traffic blocking occurs during the SMTP connection phase. The receiving end will check the DNSBL for the connecting IP address. If the IP address matches one on the list, then the connection gets dropped before accepting any traffic from the IP address.
Below are the lists of few RBL/DNSBL sites.
SpamCop – http://www.spamcop.net/
The Spamhaus Project – http://www.spamhaus.org/
Mail Abuse Prevention System LLC – http://www.mail-abuse.com/
The Spam and Open Relay Blocking System – http://www.sorbs.net/