	Welcome to Islandnet.com *Locally owned and operated since 1993*
	Create an Account • Pricing & Features • Domain Registration • Customer Sites • Help & Info
	Saturday November 21 2009
	LOG IN: Username: Password:

PEP Documentation

Return to the help index

Pages: Quickstart • Actions • Headers • Tests • Commands • Attachment Handling • Reply Files • Mailing Lists • Child Accounts • DNS Blocklists • SpamAssassin • Challenges • M-Script • Glossary • Spam FAQ • SMTP Tutorial • PEP Quick Setup • PEP Wizard • PEP Editor

DNS Blocklists

What's a DNS blocklist?

It's a database that contains the IP addresses or domain names of sites that you might not want to receive mail from. They might list open relays, known sources of spam, ISPs that are spam-friendly, and so on.

These databases are stored in a DNS "zone" and they are queried via DNS lookups (PEP does all that for you, so don't worry about it if you don't know what that means).

How do sites get listed in a DNS blocklist?

The exact criteria depends on who owns and manages the database. Some blocklists are well managed and have clearly defined criteria, while others will list just about any site that annoys them in some way.

Generally, though, a site gets listed because it is the source of spam or facilitates spam in some way (often due to being an open relay).

What's an "open relay"?

It's an improperly configured mail server that allows anonymous people to send mail to arbitrary addresses on the Internet. In other words, it relays messages for anyone who asks it to.

Spammers like open relays because they can offload all the resource usage (CPU, disk space, bandwidth, etc.) of sending their junk to someone else's server. This is theft of service.

What DNS blocklists are available?

There are many different blocklists out there. Most are free for the public to use, but some are subscription based. They all have pros and cons.

The main thing to keep in mind is that every blocklist can help to eliminate spam, but every blocklist will also eventually cause legitimate mail to be blocked. Usually the more effective it is at blocking spam, the more likely it is to block legitimate mail as well. Use them at your own risk.

It is up to you to visit the web site for each blocklist and determine for yourself whether it suits your needs.

Here's a list of just some of the DNS blocklist zones you can use (in no particular order and presented without comment). Some services have more than one zone that you can use:

ORDB

relays.ordb.org

Spamcop

bl.spamcop.net

Arbitrary Blackhole List

spammers.v6net.org

Relay Stop List

relays.visi.com

spambag.org

blacklist.spambag.org

Blars Block List

block.blars.org

Wirehub!

blackholes.wirehub.net
dynablock.wirehub.net

Five-Ten-SG

blackholes.five-ten-sg.com

Not Just Another Blacklist

dnsbl.njabl.org

XBL

xbl.selwerd.cx

RFC-Ignorant.org

ipwhois.rfc-ignorant.org
whois.rfc-ignorant.org
dsn.rfc-ignorant.org
postmaster.rfc-ignorant.org
abuse.rfc-ignorant.org

How do I use these in PEP?

You give PEP a zone name and either an IP address or a domain name to search for within that zone. If the search is successful, it will return a result code that looks like an IP address (usually 127.0.0.2). Some DNSBLs also return a "TXT record", which is a brief line of text about the entry.

PEP has two special "header" values named "DNSBL" and "DNSBLTXT" which contain the result code and the TXT record (if any) from the last lookup. By default these are both set to empty values. They are only filled in when you tell PEP to perform a DNSBL lookup for a zone, which you do with the dnsbl command. If the lookup fails they will be emptied again.

The dnsbl command must always be given a zone name. You can also give it an IP address or domain name to look up, but the default is to use the IP address of the machine that passed the message to our mail server, which is usually what you want.

In this example we first tell PEP to perform a DNSBL lookup in the relays.osirusoft.com zone. After that we can test the return code for specific values. Then we perform another DNSBL lookup on the relays.ordb.org zone and fail anything that is listed there:
dnsbl relays.osirosoft.com fail if dnsbl is "127.0.0.2" with "You are a verified open relay" fail if dnsbl is "127.0.0.3" with "Direct mail from dialups not allowed" fail if dnsbl is "127.0.0.4" with "You are a confirmed spam source" dnsbl relays.ordb.org fail if dnsbl is not "" with "Spam from {ip} not welcome {dnsbltxt}"

Notice how we only need to perform one dnsbl lookup for a zone, then we can perform multiple tests on the results.

This example checks to see if the sender's domain is violating the RFCs that require a server to have a postmaster mailbox:
dnsbl postmaster.rfc-ignorant.org {senderdomain} fail if dnsbl is not "" with "{dnsbltxt}"

Page generation time: 0.01 seconds

	Domain Registration
	Dialup Access
	High Speed Access
	Web Hosting
	Server Colocation

	Pricing & Services
	Contact Us
	Quick Settings
	Web Gadgets
	Authorized Agents
	Terms of Use
	Privacy Policy
	About Us
	More...

Do you have any questions that I can help you with?