Spamhaus DBL

Over the last few months I’ve gotten an increasing number of questions about the Spamhaus DBL. So it’s probably time to do a blog post about it.

Last year I wrote about the DBL:

DBL is the Domain Block List. It lists domains and not IP addresses. I’ll be honest, I don’t have as much experience with the DBL as with other lists, but I have had a few clients on the DBL.

  • DBL is tied into the CSS.
  • You can get on the DBL without the sending IP being on CSS.
  • DBL makes no judgement on the source of the mail, only the content of the mail

With more clients being on the list, I have a little more information about it.

DBL listings are generated both by automated tools and by manual entries from the Spamhaus folks. Automated listings are the ones most closely tied to CSS listings.

From my perspective, the goal of the DBL is to block domains found in spam being sent from many IP addresses in a way that makes it difficult to address with standard IP based blocks. I believe that the automated DBL listings are generated based on domains found in the content of the email rather than domains found in the headers. However, most of the DBL users match against any domain in the message including those in the headers.

The automated DBL listings are usually the root domain, but it is possible some of the manual listings are more specific and list subdomains.

There is an automated delisting process, but there are limits to the number of times you can delist. Too many delistings and you need to send email and be manually delisted. This can take quite more than 24 hours, in some cases. If you are listed on both the CSS and the DBL you need to ask for delisting for both.

If your domain is on the DBL but your IPs are not on the CSS then then I suggest looking at the possibility that someone is putting your links in spam. It could be web server compromise hosting phishing. Or, if you’re an ESP, maybe a customer  grabbed a tracking link and is using it in mail sent through another provider.

As with all listings, identifying the underlying reason for the listing and fixing the problem is crucial to staying off the list. If you’ve not fixed the problem, the listing will come back. And, eventually, you won’t be able to delist automatically.

Related Posts

Links: September 24, 2012

Last week Return Path announce a new set of email intelligence products. One of their new products offers customers the chance to actually see how (some subset of) their customer base interacts with mail directly. It moves beyond simply looking at probe mailboxes and actually looks inside the mailbox of recipients.
Spamhaus has listed bit.ly on the Domain Blocklist (DBL) for allowing spammers to abuse their redirector service. Spammers have been abusing bit.ly for a while, and I’m a little surprised it’s taken so long for a listing to happen. Steve wrote a post last year about URL redirectors and offered suggestions on what to do to avoid blocking problems when using a URL shortening service.
Real Insights has a very interesting post on why it should be “hard” to subscribe to your mailing list. There are also a number of good suggestions about the subscription process itself. Definitely worth a read.

Read More

Spamhaus comments on subscription attack

Steve Linford, CEO of Spamhaus commented on my blog post about the current listings. I’m promoting it here as there is valuable information in it.

Read More

Questions about Spamhaus

I have gotten a lot of questions about Spamhaus since I’ve been talking about them on the blog and on various mailing lists. Those questions can be condensed and summed up into a single thought.

Read More