Can the Spamhaus DNSBL be used on a web server or other applications?
Can the Spamhaus DNSBL be used on a web server or other applications?
The SBL and XBL can be queried to prevent things such as blog-comment and guestbook spamming, click-fraud, and automated email address harvesting.
- This can be done by programming application(s) to query our DNS servers to determine whether a specific IP address is on one of our blocklists.
- Such queries can be used to stop posts from users who use IP addresses on the SBL or XBL to connect to a web site, or to block comment and guestbook posts that contain URLs hosted on IP addresses listed in the SBL or XBL.
Comment and guestbook posts can also be searched for for URLs that contain domains found in our domain blocklist, the DBL. More information on what the Spamhaus DBL is and how it works, can be found in the DBL FAQ
There are open-sourced code bases available in Perl and PHP for performing DNS queries that can be found by searching the Web. Some useful web sites that have code to perform DNS lookups:
If you prefer to write your own code, below is the information you will need:
-
- ZONE = zen.spamhaus.org
- PROTOCOL & PORT = UDP/53
- QUERY SYNTAX = <REVIP>.zen.spamhaus.org, where “<REVIP>” is the IP you are querying, reversed.
For example, if you want to check 192.168.25.1, you would query 1.25.168.192.zen.spamhaus.org.
- RESPONSE CODES
- IP NOT FOUND = (NXDOMAIN)
- DNS SERVER ERROR = (SERVFAIL) (These are quite rare.)
- IP FOUND = See the Spamhaus DNS Return-Codes list.
General Advice:
- We encourage applications to query zen.spamhaus.org and then parse the return code(s) to determine whether to block an IP, whenever possible.
- This prevents unnecessary queries and speeds processing on your application.
- If your application cannot parse return codes, you can query sbl.spamhaus.org to determine whether an IP address is on the SBL, and xbl.spamhaus.org to determine whether an IP address is on the XBL.
- Either of these zones returns 127.0.0.2 if the IP address is on that blocklist.
WARNING! Do not block users using IP addresses listed on the PBL from accessing Web-based applications. The PBL is not a list of “spamming IP addresses”; treating IP address on it as if they all belong to spammers will result in blocking large numbers of legitimate users. Consult the Spamhaus FAQ on the PBL for more information on what the PBL is and how it works.