As most of you know the dsbl.org blacklist shut down almost a year ago. While they have officially been down for almost a year, many people were still had this RBL configured in their mailservers or anti-spam software, causing lots of queries on their nameservers. As of today, they have prevented this by changing their nameservers to a fake IP address that is not responding to any queries.
Since the DNS servers don’t respond, any machines still doing lookups in the dsbl.org zone will suffer from slower response times while waiting for replies. This is bad, but still a much better way to handle this than the methods some other RBL’s have used in the past. One notable example of how NOT to shut down your blacklist was ORDB; last year, it began listing every single machine on the internet in the relays.ordb.org zone.
DSBL used to provide a high-quality, manually maintained blacklist, and services like theirs have helped to remove lots of open relays and proxy servers from the internet. Their list worked like this:
DSBL relied on volunteers who, upon receiving spam, would test the IP addresses that sent them spam for open relay and open proxy vulnerabilities.
The tests consisted of doing a straightforward open relay test on the sending IP address, as well as open proxy tests on a few well-known proxy ports (1080, 3128, etc), with the aim of relaying a test message to DSBL. Upon receipt of the test message, DSBL would add the IP address to its database.
Since most spammers have moved on to different methods and many countries now have laws that might forbid these kinds of tests, DSBL has decided to stop providing their list. If you’re looking for alternatives, I’d like to recommend checking out the following RBLs:
- zen.spamhaus.org (great list, but not free to use!)
- bl.spamcop.net (free, but sometimes has false positives)
- virbl.bit.nl (list of hosts that spread viruses)
- There’s a more comprehensive list at http://www.robtex.com/rbls (page takes a while to load, so please be patient)
- And if you have any other suggestions for new RBLs feel free to leave them in the comments!
Of course, using only blacklists will lead to many false positives, so having a list of “known good” mailservers might come in handy as well:
- list.dnswl.org (does it really cover 50% of all legitimate mailservers?)
- nl-whitelist (covers mainly dutch ISPs)