Avoid common errors: how the Policy Block List (PBL) should not be used
Avoid common errors: how the Policy Block List (PBL) should not be used
The Policy Block List (PBL) should not be used to block an ISPs own users from accessing their smarthost email servers.
- ISPs should ensure that:
- Their smarthost email servers are configured to use SMTP Authentication;
- Specific instructions are published for their users regarding the configuration of SMTP Auth in their local email program;
- Their users are otherwise allowed access to the servers (for example: whitelisting of local dynamic ranges).
PBL (and, therefore, Zen) should not be used to check all the IP addresses appearing in mail headers.
- It is normal for legitimate emails to originate from an IP listed in PBL;
- That IP will usually appear in the message headers, and should not be used as a basis for blocking;
- In order to be effective, PBL must be used exclusively for checks at the SMTP connection level.
PBL should not be used to block access to webservers and blogs because the majority of legitimate web access comes from end-user IP space: that end-user space should be listed in PBL.
PBL should not be used for URL-based blocking.
- Using it to block URLs will lead to potentially large numbers of false positives
- Legitimate webservers are often hosted with dynamic DNS services such as dyndns.org, noip.com, freedns.afraid.org, etc.
- ISPs and other networks are encouraged to list any IP ranges which should not send mail, and that should include web servers.
- SBL or XBL (or sbl-xbl.spamhaus.org) should be used for URL blocking as described in our Effective Spam Filtering section.
Some post-delivery filters use what they call “full Received line parsing” or “deep parsing”, in which the post-delivery filter reads all the IPs in the “Received” lines.
- Legitimate users will have PBL-listed IPs showing in the first (lowest) “Received header” where their personal computer hands off the email to the ISP.
- Email should NOT be blocked for this!
PBL policy is based on ranges which should not directly deliver e-mail to the internet, so any other use will be riskier and subject to more false positives.
Back