Which DNSBL should be used?
Which DNSBL should be used?
Which DNSBL to choose depends on what the desired outcome is, and whether it is for small-volume or professional use.
For IP-based datasets, we recommend using our 3-in-1 zone, Spamhaus Zen:
- Zen can be used by all modern mail servers by setting the mail server’s anti-spam DNSBL feature (also called “Blacklist DNS Servers” or “RBL servers”) to query zen.spamhaus.org .
- The subzones of Zen (SBL, XBL, PBL) should not be queried seperately.
The 3 subzones of Zen are:
- The “Spamhaus Block List” (SBL)
- The SBL lists IPs identified to Spamhaus’ best ability as likely to be:
- Direct spam sources
- Spammer hosting/DNS
- Spam organizations
- The “Exploits Block List” (XBL)
- Automated tools observe email traffic at spamtrap and production mail servers in near-real-time to find characteristic patterns of malware or botnet-infected computers. It lists IP addresses that are hosting:
- Bots
- Malware-infected computers.
- Automated tools observe email traffic at spamtrap and production mail servers in near-real-time to find characteristic patterns of malware or botnet-infected computers. It lists IP addresses that are hosting:
- The “Policy Block List” (PBL)
- PBL is a list of IP space that should not be sending email directly to the Internet: often these are IP ranges assigned by ISPs to broadband or dial-up customers, but the PBL does include other types of IP space.
- The SBL lists IPs identified to Spamhaus’ best ability as likely to be:
For domain-based datasets, we recommend using the Spamhaus DBL.
- The Domain Block List (DBL) is a list of domain names with poor reputations.
- The DBL ONLY lists domains. The DBL should never be used to query for IP addresses.
Other DNSBLs published by other organizations can also be used. Information, reputation, and opinions about other DNSBLs are available on the web.
- Careful selection and implementation of DNSBLs, including the order in which a mail server queries various zones, can provide optimal performance and spam protection.
NOTE: With so many different mail servers in use we can not offer technical help with setting up the query system. For instructions on how to configure a specific mail server to use the Spamhaus zones, please refer to that mail server’s documentation or manuals, or ask your mail server administrator.
- As a general rule, DNSBLs – particularly PBL – should not be applied to outbound mail.
- Authenticating users via SMTP Authentication is strongly recommended and avoids the need to whitelist and maintain authorized dynamic ranges.
An expanded set of data is available in the DQS offering of our commercial sister company, Spamhaus Technologies, Ltd
An overview of Effective Spam Filtering strategies explains additional uses of various Spamhaus datasets in tools like SpamAssassin or Rspamd.
Back