Sometime in the last few days, Spamhaus seems to have started issuing a block message if someone queries the DBL with an IP address. folks started seeing an uptick in error messages that mention Spamhaus saying: 554 5.7.1 Service unavailable; Client host [x.x.x.x] blocked using dbl.spamhaus.org; No IP queries, see (in reply to RCPT TO command)) Crowdsourcing information from the emailgeeks slack...
Spamhaus DBL
Over the last few months I’ve gotten an increasing number of questions about the Spamhaus DBL. So it’s probably time to do a blog post about it. Last year I wrote about the DBL: DBL is the Domain Block List. It lists domains and not IP addresses. I’ll be honest, I don’t have as much experience with the DBL as with other lists, but I have had a few clients on the DBL. DBL is tied into...
Brief DBL false positive
A code glitch in a new DBL sub-zone known as 'Abused-Legit' caused the new Abused-Legit zone to list ".net." for 60 minutes from 08:35 UTC. — Spamhaus (@spamhaus) December 17, 2014 Spamhaus are rolling out a new subzone of the DBL, for domains whose webservers have been compromised and used to host spam landing pages, often via mass compromises of their management control...
Links: September 24, 2012
Last week Return Path announce a new set of email intelligence products. One of their new products offers customers the chance to actually see how (some subset of) their customer base interacts with mail directly. It moves beyond simply looking at probe mailboxes and actually looks inside the mailbox of recipients. Spamhaus has listed bit.ly on the Domain Blocklist (DBL) for allowing spammers to...
Bit.ly gets you Blocked
URL shorteners, like bit.ly, moby.to and tinyurl.com, do three things: Make a URL shorter Track clicks on the URL Hide the destination URL Making URLs shorter was their original role, and it’s why they’re so common in media where the raw URL is visible to the recipient – instant messaging, twitter and other microblogs, and in plain text email where the “real” URL...
New blocklisting process
There is a new type of blocking designed to interrupt the ability of users to click and visit phishing sites. DNS Response Policy Zones allows companies running recursive resolvers to create a zone that will not resolve specific domains. This is a second layer of filtering, if a spammer manages to get an email with a malicious link into the inbox then the ISP can still protect the user from...