Monday, October 12, 2009

Filtering Messages based upon DNS-based Blacklists

A DNSBL (DNS-based Blackhole List, Block List, or Blacklist) is a list of IP addresses published through the Internet Domain Name Service in a particular format. DNSBLs are most often used to publish the addresses of computers or networks linked to spamming; most mail server software can be configured to flag or reject messages which have been sent from a site listed on one or more such lists.

DNS-based Blacklists or DNSBLs are for investigative filtering and blocking. A site publishes a list of IP Addresses via the DNS so that the mail servers know for sure whether they have to accept a message or reject it.

There are literally scores of DNSBLs, each of which reflects different policies: some list sites known to give out spam; others list open mail relays or proxies; others list ISPs known to support spam.

An SMTP server configured in such a way that it allows anyone on the Internet to send e-mail through it, not just mail destined to or originating from known users, is known as an open mail relay. This used to be the default configuration in many mail servers; indeed, it was originally the way the Internet was set up, but open mail relays have become unpopular due to their exploitation by spammers and worms. Thus, many relays were closed, or were placed on blacklist by other servers.