0

The End of DNS Blacklists


03/10/2008

I hate to discourage the use of any technique that can stop spam, but I think DNS blacklists should no longer be used by Lotus Domino (IBM Domino) email administrators.

What are DNS blacklists? They are usually free services that list the IP addresses of machines that have sent some amount of spam. Generally, they are updated daily, but not always. Getting off the list if you are a legitimate sender is difficult, and sometimes there are no clear explanations on different DNS Blacklist sites as to how to get off of them. Adding to this problem, some enterprising RBL site managers are trying to charge a fee to get off of the list.

Here is how Wikipedia defines a DNS Blacklist: http://en.wikipedia.org/wiki/DNSBL

The best of these is the SpamHaus project, which has the cleanest and most reliable list. It was the only list that we ever recommended. If you must use a list, we prefer this one, as it has the lowest incident of false positives.

Until SpamSentinel version 6, we used these DNS Blacklists in conjunction with our spam blocking, and redirected these blocks to the user quarantine, which would then show up on the daily report, and can be released to the user's mailbox. We preferred this method over the popular "do not accept the message" approach which sent the message back to the sender, because end users could never get those messages, unless they knew there was a problem and they contact the sender, who then had to send the email from a personal account to get it through the DNS Blacklist filter. That caused too much pain for most corporate customers.




The problem with DNS Blacklists now is that spammers are effectively using proxy servers to continuously vary the source IP address of a machine that sends spam. These IP proxies are most likely a home computer without anti-virus software that has been compromised and is sending out giant gobs of spam to thousands of people. Usually the owner of the computer has no idea that this is happening. The result of this IP proxying is that the same spam message, sent to 10 internal users, could come from 10 different IP addresses. This is the spammers' response to DNS blacklists, besides one devilish lawsuit from a company known as e360 that tried to shutdown Spamhaus.


So, I would check your Domino server configuration document in the Name & Address book, looking for the Configuration document for your server or the All Servers global document. Disable the DNS Blacklist filters and save the document. I usually restart my Domino session after this change to be sure it is disabled.

Open NAB and click on "Configurations" Disable DNS Blacklist filters:


Author's Blog
Frank Paolino


Contact Frank Paolino via email about this blog posting.


All Blog Postings

Recent Postings
Bolstering Email Defense Against BEC
Verisend Pro User Guide
Worry-Free Inbox
A Very Real Fake
Verisend Training Email for End-Users
Verisend Resources
Send a Message to Test your SPF Settings
Verisend Display Panel
How to Deploy the Verisend Template
Verisend Quick Start Guide



( domino-web.maysoft.com )