How to use a Spamhaus DNSBL?
How to use a Spamhaus DNSBL?
This FAQ entry assumes that the reader is running their own mail server and has a developed technical understanding of how mail servers and DNSBLs work. Any DNSBL that is chosen for use should be fully understood before deployment.
All modern mail servers have a “DNSBL” feature (sometimes called “RBL Servers” or “Blacklist”). If it appears not to, please refer to the “Help” file or ask the mail server vendor for clarification.
The Spamhaus public DNSBLs can be used free of charge by querying “zen.spamhaus.org”, if:
- Use of the Spamhaus DNSBLs is non-commercial
and - Queries are not being made from a public resolver or an IP with generic rDNS
Please see our Spamhaus DNSBL Usage Terms page for additional information and a quote.
—
Remember, MTAs should be set to query a Spamhaus DNS zone such as “zen.spamhaus.org”.
- Do NOT automate queries of our website lookup form!
Other ways to use DNSBLs beyond just checking the connecting IP:
- Our Effective Spam Filtering page has suggestions for checking URLs against SBL, which has excellent results.
- “Nameserver IPs of connecting hosts” is another check which some admins have found effective.
- If such a check is going to be utilized, be very careful which Spamhaus zone is selected for each step!
- Checking against SBL is quite conservative and will have few false positives.
- Checking against XBL is more aggressive and while it will catch more spam it may also intercept more non-spam mail.
- Using URL checks against PBL is very risky; please ensure that how this will work is fully understood before deployment.
- It will result in rejecting non-spam mail for most servers!
NOTE: Zen contains SBL, XBL and PBL combined, so the correct response will need to be chosen based on the 127 return code.
Back