Table of contents |
2 DNSBL Operation 3 Terminology |
The first DNSBL was the Real-time Blackhole List (RBL), created in 1997 by Paul Vixie as part of his Mail Abuse Prevention System (MAPS). Vixie, an influential Internet programmer and administrator, encouraged the authors of sendmail and other mail software to implement RBL clients. These allowed the mail software to query the RBL and reject mail from listed sites. However, the purpose of the RBL was not simply to block spam -- it was to educate Internet service providers and other Internet sites about spam and related problems, such as open SMTP relays. Before an address would be listed on the RBL, volunteers and MAPS staff would attempt repeatedly to contact the persons responsible for it and get its problems corrected.
Soon after the advent of the RBL, others started developing their own lists with different policies. One of the first was Alan Brown's Open Relay Behavior-modification System (ORBS). This used automated testing to discover and list mail servers running as open mail relays -- exploitable by spammers to carry their spam. ORBS was controversial at the time because many people felt running an open relay was acceptable, and that scanning the Internet for open mail servers could be abusive.
In recent events (2003), a number of DNSBLs have come under denial-of-service attacks. Since no party has admitted to these attacks nor been discovered responsible, their purpose is a matter of speculation. However, many observers believe the attacks are perpetrated by spammers in order to interfere with the DNSBLs' operation or hound them into shutting down. In August 2003, the firm Osirusoft, an operator of several DNSBLs including one based on the SPEWS data set, shut down its lists after suffering weeks of near-continuous attack.
Major events: ORBS controversy, lawsuits, RBL commercialization, ORBS breakup, ORBZ, SBL, SPEWS, RHSBLs
To operate a DNSBL requires three things: a domain under which to host it, a nameserver for that domain, and a list of addresses to publish.
It is possible to serve a DNSBL using BIND, the popular DNS software. However, BIND is inefficient for zones containing large numbers of addresses, particularly DNSBLs which list entire CIDR netblocks. DNSBL-specific software -- such as Michael J. Tokarev's rbldnsd or Daniel J. Bernstein's rbldns -- is faster, uses less memory, and is easier to configure than the general-purpose BIND.
The hard part of operating a DNSBL is populating it with addresses. DNSBLs intended for public use usually have specific, published policies as to what a listing means, and must be operated accordingly to attain or keep public confidence.
When a mail server receives a connection from a client, and wishes to check that client against a DNSBL (let's say, spammers.example.net), it does more or less the following:
Different DNSBLs have different policies. DNSBL policies differ from one another on three fronts:
The proprietary term RBL is sometimes erroneously used in place of the generic DNSBL. RBL is a service mark of MAPS LLC. Some pieces of mail software have configuration parameters for the use of "RBLs" or "RBL domains", used to set the DNSBLs that the software should use. This may be trademark dilution.
An RHSBL or Right-Hand-Side Blackhole List is a DNSBL which lists domain names rather than IP addresses. The term comes from the "right-hand side" of an email address -- the part after the @ sign -- which clients look up in the RHSBL.History of DNSBLs
DNSBL Operation
DNSBL Queries
DNSBL Policies
Terminology