Spamhaus DBL

Over the last few months I’ve gotten an increasing number of questions about the Spamhaus DBL. So it’s probably time to do a blog post about it.

Last year I wrote about the DBL:

DBL is the Domain Block List. It lists domains and not IP addresses. I’ll be honest, I don’t have as much experience with the DBL as with other lists, but I have had a few clients on the DBL.

  • DBL is tied into the CSS.
  • You can get on the DBL without the sending IP being on CSS.
  • DBL makes no judgement on the source of the mail, only the content of the mail

With more clients being on the list, I have a little more information about it.

DBL listings are generated both by automated tools and by manual entries from the Spamhaus folks. Automated listings are the ones most closely tied to CSS listings.

From my perspective, the goal of the DBL is to block domains found in spam being sent from many IP addresses in a way that makes it difficult to address with standard IP based blocks. I believe that the automated DBL listings are generated based on domains found in the content of the email rather than domains found in the headers. However, most of the DBL users match against any domain in the message including those in the headers.

The automated DBL listings are usually the root domain, but it is possible some of the manual listings are more specific and list subdomains.

There is an automated delisting process, but there are limits to the number of times you can delist. Too many delistings and you need to send email and be manually delisted. This can take quite more than 24 hours, in some cases. If you are listed on both the CSS and the DBL you need to ask for delisting for both.

If your domain is on the DBL but your IPs are not on the CSS then then I suggest looking at the possibility that someone is putting your links in spam. It could be web server compromise hosting phishing. Or, if you’re an ESP, maybe a customer  grabbed a tracking link and is using it in mail sent through another provider.

As with all listings, identifying the underlying reason for the listing and fixing the problem is crucial to staying off the list. If you’ve not fixed the problem, the listing will come back. And, eventually, you won’t be able to delist automatically.

Related Posts

Bit.ly gets you Blocked

URL shorteners, like bit.ly, moby.to and tinyurl.com, do three things:

Read More

Fake DNSBLs

Spamhaus recently announced a few years ago that they have discovered a company that is pirating various blocklists, relabeling them and selling access to them. Not only is the company distributing the zones, they’re also running a “pay to delist” scheme whereby senders are told if they pay money, they’ll be removed from the lists.
The fake company does remove the listing from the fake zones, but does nothing to remove the IP from the original sender. This company has been caught in the past and was blocked from downloading Spamhaus hosted zones in the past, but have apparently worked around the blocks and are continuing to pirate the zone data.
It’s not clear how many customers the blocklist has, although one ESP rep told me they were seeing bounces referencing nszones.com at some typo domains.
No legitimate DNSBL charges for delisting. While I, and other people, do consult for senders listed on the major blocklists, this is not a pay for removal. What I do is act as a mediator and translator, helping senders understand what they need to do to get delisted and communicating that back to the blocklist. I work with senders to identify good, clean addresses, bad address segments and then suggest appropriate ways to comply with the blocklist requirements.

Read More

Links: September 24, 2012

Last week Return Path announce a new set of email intelligence products. One of their new products offers customers the chance to actually see how (some subset of) their customer base interacts with mail directly. It moves beyond simply looking at probe mailboxes and actually looks inside the mailbox of recipients.
Spamhaus has listed bit.ly on the Domain Blocklist (DBL) for allowing spammers to abuse their redirector service. Spammers have been abusing bit.ly for a while, and I’m a little surprised it’s taken so long for a listing to happen. Steve wrote a post last year about URL redirectors and offered suggestions on what to do to avoid blocking problems when using a URL shortening service.
Real Insights has a very interesting post on why it should be “hard” to subscribe to your mailing list. There are also a number of good suggestions about the subscription process itself. Definitely worth a read.

Read More