DNS block lists are easy to include into most mail servers. They are a very effective and efficient server side tool to help keeping spam out of your systems. As the name implies they use domain name servers to transmit the information whether mails from a distinct mail server should be accepted or rejected.
Sometimes they are too effective. It can happen that a mail server is listed on a block list wrongfully. This can lead to a situation where your mail server will reject mails that you wanted to receive. The biggest problem with block lists is that you have to trust somebody else to take the right decision which mails to accept and which ones to reject.
So how useful are DNS block lists after evaluating the pros and cons? They can be very useful to lower the overall CPU usage of your anti spam strategy. It is advisable to use a small number of carefully chosen blocklists. If you are using a block list, subscribe to the mailing list or newsletter of the organization who runs the block list. That way you will take note of any problems that the block list may have and you will be informed if it gets shut down. DNS blocklists should never be your only strategy against spam. They should be combined with other mechanisms to help keeping spam out of your inbox.
There are some things you should consider before implementing DNS block lists in your anti spam strategy. If you reject a connection from a mail server because it is listed in a block list, return a detailed error message. This enables the admin of a mail server that gets listed wrongfully to see why the mails get rejected and to act accordingly.
If your mail server software allows to select the order of different sender or client restrictions be sure to put DNS blacklists after SMTP authentication. This enables your co-workers (and your customers if you are in the ISP business) to send their mails even if they come from a dial-in IP address that is listed in a block list.
You should consider using DNS block lists for scoring instead of blocking if your mail server has enough resources (CPU, IO, traffic). That would mean to use the block lists in a program like spamassassin that gives points for different criteria of a message and considers it as spam if it surpasses a certain number of points. That way the chances for false positives are lower because a message is not rejected if the sending server is on a single block list only. The message will get rejected if there are other signs of spam.
Huge indexes of available DNS block lists can be found at www.moensted.dk/spam/ and www.declude.com.
![]() White Hat News | What to Watch at Black Hat and Defcon PC World Two years ago, Dan Kaminsky made headlines worldwide by uncovering a flaw in the DNS (Domain Name System) used to look up the addresses of computers on the ... Black Hat 2010 - Day One Roundup |
Five tips for using Web-based tools on your consulting jobs TechRepublic (blog) The site provides free tools for checking spam blacklists, analyzing DNS record entries, verifying email accounts, and more. What online tools do you use ... |
![]() Geeky gadgets | Security Claim: Most Home Routers Vulnerable to Hack PC World According to the Black Hat website, this particular DNS rebinding attack can bypass existing DNS rebinding protections because it does not require the ... Many home routers hackable Millions of Home Routers Will Soon Be Hacked Millions of routers vulnerable to new version of old attack |
CRM prominent on Google Apps marketplace ITWorld Canada (registration) Hosted DNS service includes IP address managementBy: Howard Solomon (15 Jul 2010)For some companies, a hosted domain name system service (DNS) is the only ... |
![]() Cult of Mac (blog) | Seagate's New BlackArmor NAS 400 Is iTunes-Friendly Cult of Mac (blog) This is the first app we've reviewed to earn five Black Turtlenecks using our rating system! What It is: Animated Knots presents a list of knots that are ... |
| |
| |
| |