What is a DNSBL and how it works?
What is a DNSBL?
Domain Name System blacklists, also known as DNSBL or DNS blacklists, are spam blocking lists that allow the website administrator to block messages from certain systems. As their name makes clear, the lists are based on the Domain Name System, which converts complex numeric IP addresses, such as 220.127.116.11, into domain names, such as Stormwall.network, which makes it much easier to read, use and search for lists. If the DNSBL owner has received spam of any kind from a particular domain name in the past, this server will be blacklisted, and all messages sent from it will either be marked as spam or rejected from all sites using this particular list.
How does it work?
Three things are required to start the DNSBL query service:
- The domain where the DNSBL can be placed
- Name server for this domain (for address resolution)
- List of IP addresses that should be available (via a DNS query)
The most difficult part of maintaining a DNSBL, without a doubt, is creating the list itself. Operators need to develop a clear strategy and adhere to it in the long term to win and maintain the trust of users. The specific policies that are published give an idea of what it means to be included in the DNSBL list and how the list positions itself in terms of the three points listed above (goals, sources, and life expectancy).
On the side of mail servers that have chosen DNSBL for checking for spam, the service is simple:
- 1. The order of octets in the sender's IP address is reversed. For example, 192.168.11.12 will become 18.104.22.168.
- 2. The domain name DNSBL is added - 22.214.171.124.dnsbl.example.net.
- 3. The name server of the lock list is checked for the presence of a suitable entry for the address. If this is the case, the address is sent back to the mail server, indicating that the client is on the blocked list. If the address is not specified in the list, the code “NXDOMAIN" is sent.
- 4. If the IP address is specified in the DNSBL, the mail server can also view the name as a TXT record. This often helps to find out why this client is on the list.
How it can be used?
Most often, DNSBL is used as the basis for a spam filter. But these lists can also be used in other software and completely alternative contexts:
- Rule-based spam analysis software: Rule-based anti-spam programs can be used for more complex analysis of a larger set of DNSBLs. This type of software uses a separate rule for each DNSBL list, which can be referenced in combination with other rules when evaluating an incoming message. Thus, emails are not filtered out just because their sender is in the DNSBL; instead, a set of well-defined criteria is used to determine what is being sent to the spam folder. However, this process may result in slower retrieval of messages.
- Combination with other types of lists: One of the most important tasks when managing DNSBL is the regular maintenance of the list. If the entries are no longer relevant, perfectly acceptable messages will end up in the spam folder. To prevent this, many filters use combinations with other types of lists, including "whitelists". Depending on the tool and address recording settings, “whitelists” may have more weight than (often outdated) entries for the same address in DNSBL.