Monday, October 15, 2007

DNS block list effectiveness

There has been some discussion this morning on one of the lists that I am on about the effectiveness of DNS block lists (aka realtime block lists). I have made no secret of my support of block lists over the years, but others think they are downright evil. I have had great success with RBL / DNSBL's over the years provided I have used the right one. My favorite is the ZEN list from the Spamhaus Project. It is not too agressive and I find that it blocks between 70 and 80% of the connections from spammers.

Other RBLs are a bit too agressive for me and I end up blocking legitimate traffic. Spamhaus has a number of different lists but I use their ZEN list (which combines all of their other lists). Here is a summary of their lists taken from the DNSBL resource site:
  • SBL (Spamhaus Block List), which aims to block verified spam sources, spam gangs, and supporters of spam. This list is manually operated, in that every listing is the result of a volunteer deciding that a given IP address or network block merits listing.
  • XBL (Exploits Block List), which aims to block infected computers, open proxies, and the like. Data for this list is supplied by (or supplemented by) outside sources, such as the CBL (Composite Blocking List), meaning that if you use the XBL to filter or reject mail, you do not need to also use the CBL.
  • PBL (Policy Block List), which aims to reject mail from machines that are not meant to be mail servers, ones that would not normally send mail. This includes end user computers on dynamic internet connections (dialup, cable modems, DSL), unassigned IP addresses, web servers, etc. The data from this list is compiled by Spamhaus based on their personal observations, and also from information provided from various internet service providers who choose to cooperate in attempts to help reduce spam delivery effectiveness.
  • ZEN (zone: is a combination of all of the above lists. If you are using the ZEN list, you do not need to also use the other lists individually.

One issue that some people find when using the CBL (composite block list) is that it includes DHCP ranges for residential providers, but every once and a while one of those IP ranges is used by a business provider.

Remember, if you use an RBL, start out by adding one at time (if you are going to use more than one). Always implement your RBL settings on the message hygiene system that accepts mail from the Internet. If you use a managed provider, you don't need one. If you have a 3rd party system sitting in your DMZ/Perimeter network, THAT is where you implement the RBL.


At 1:35 PM, Blogger Howie said...

Jim -

I also use ... in addition to:

I'm extremely weary to use something too aggressive as I don't want anything potentially blocked that shouldn't be ... and I've had great success with these.

I've tried spamcop and have had some valid messages rejected so I don't use them anymore for outright rejection (but I use it in a weighing system once it gets past the first filter).

What other lists do you also use? I've found the best source for new / changing RBL settings is to ask others what they use and how they implement it.


At 1:48 AM, Blogger Storm Design said...

This comment has been removed by a blog administrator.

At 6:06 AM, Blogger robert henrichs said...

I'd be careful using Spamhaus->XBL->CBL . . . The CBL and by proxy the XBL are too aggressive, they go beyond the bounds of detecting spam operators and list sites that have even the slightest configuration problem, even with zero spam messages ever being sent, no spyware, no open proxies!

At 5:50 PM, Blogger ally said...

It is very stylish and sleek. In the casual attire category tracksuits and tank tops rule for men. The most popular t-shirts this season would be the ones with funny sayings on abercrombie fitch clothingdiscount abercrombie fitch T-shirtsdiscount abercrombie and fitch hoodiesabercrombie fitch outletwholesale abercrombie fitched hardy wholesale
cheap ed hardy wholesalediscount ed hardy wholesale
wholesale ed hardyed hardy outletdiscount abercrombie and fitch outletdiscount abercrombie outletdiscount abercrombie clothingdiscount abercrombie jacketdiscount abercrombie shirtdiscount abercrombie and fitch outletdiscount bercrombie and fitch clothesdiscount abercrombie and fitch hoodiediscount abercrombie and fitch shirtsdiscount abercrombie fitch jacketBesides, the urban trend, vintage clothing will also rule this season. This includes tight jeans and leather jackets and embroidered clothing.This season it seems like we are going to have a handful to choose from because the trend is a nice mix match of clothes from different seasons. So go ahead flaunt your style your own way.

At 5:52 PM, Blogger ally said...

Apart from these military fashion tops and ripped and torn jeans are also hip and happening this season.2010 fashion trends for men would be dominated this season by denim. By denim we don't need to just stick to jeans but also sport denim jackets and casual pants as well. wholesale LV handbagsdiscount moncler jacketsmoncler coatsmonclermoncler vestmoncler outletmoncler t-shirtmoncler jacketsmonclernew moncler coatsmoncler vestmoncler outletmoncler polo t-shirtCoach handbags outletCheap Coach handbag 2010Discount Coach hand bagAuthentic Coach handbagNewest Coach handbags outletLouis Vuitton handbagsLV handbags 2010Discount LV handbagsCheap Louis Vuitton Outletnewest Louis Vuitton handbagscheap rain weardiscount rainweardog rain jacketscolorful rain bootsrainboots outletCheap Ture Religion Jeans outletDiesel JeansLevis JeansWholesale Ed Hardy JeansDiscount Dior Jeans outlet Jerseys and sneakers are never out of fashion. It is very urban and very hip hop.ust as leather is in trend for women it is also true for men. Leather jackets are a must in the wardrobe this season.


Post a Comment

<< Home