Know more. Do more. Get IPInsights
Subscribe to our newsletter and boost your IT I.Q. with
IP news, hot tips, updates and more.

Get yours today!
We'll never share your address. You can opt out any time.
This is a free publication. Please review our Privacy Policy.

The Abusive Hosts Blocking List

Summary

Status:Active
Terms:Free
Zones:1
Website:ahbl.org
Lookup or
Removal:
ahbl.org/lktool
FAQ:ahbl.org/documents
Contact:ahbl.org/aboutus

Background

dnsbl.ahbl.org, otherwise known as The Abusive Hosts Blocking List is a DNS based blacklist. The AHBL started in 2003, and is a division of the Summit Open Source Development Group. According to The AHBL website, the data for their dnsbl.ahbl.org blacklist comes from several different sources in addition to custom tools designed to find and detect problematic hosts on the Internet. The AHBL does share data with other DNS blacklists, such as DSBL, SpamCop, and SpamHaus, though they are not in any way associated with those DNS service providers.

The AHBL considers itself an involved entity in the anti-spam community, taking pride in their open communication policy. If you make contact with The AHBL, you can rest assured you will be speaking with the same people who create, maintain, and monitor the entire AHBL system. This assures you that if you have any specific problems, you will be speaking with those who can help you solve those problems in the most technically correct way using the least amount of time.

As with some other DNS blacklists, the exact methods and techniques used by The AHBL are not fully exposed in an effort to keep trade secrets from turning into tools spammers might use against DNS blacklists. It is a safe assumption that The AHBL uses spamtraps, honeypots, open relay testing, along with internal analytics system as part of their methods for gathering hosts to list in their database.

Listing criteria

Getting listed in The AHBL is caused by a server sending unsolicited commercial or bulk email to any of the monitoring systems which The AHBL uses to detect spam. A sending server will also be listed for participating in any form of attack against The AHBL or other hosts on the Internet, such as denial of service, distributed denial of service, cracking, or general malicious behavior. Finally, running your sending server as an open relay, where other hosts are allowed to send unauthenticated email through your SMTP server, will cause listing within The AHBL.

All IP addresses have what is called a reverse DNS record. This is a DNS record of your IP address that translates back to a name. In the same way DNS takes a name and converts it into an IP address, reverse DNS takes an IP address, and does the reverse, converting it into a name. The AHBL will block any host in which the reverse DNS is invalid. This does not mean that having a dynamic appearing reverse DNS entry will cause you to become listed, The AHBL is not a dynamic IP list. It does mean that any name that is not resolvable, will be listed. Interestingly, completely lacking a reverse DNS record will not cause The AHBL to list your IP address; only invalid reverse DNS will inspire a listing in their zone.

For example, all 65,534 IP addresses in the range of 123.26.0.0/16, assigned to "Vietnam Posts and Telecommunications", currently have a listing. With it being impossible to identify what any of the 65,534 IP addresses do, The AHBL has decided to block the entire range of hosts. The general line of thinking is that if an ISP with that many IP addresses does not care to perform the most basic of adherence to internet standards, there is no hope they will be willing to work in stopping the flood of spam that comes from their IP addresses.

Zones

dnsbl.ahbl.org

dnsbl.ahbl.orf is the primary and sole zone for The AHBL. Configuration is like any other DNS blacklist. Any positive response to a query against dnsbl.ahbl.org is confirmation that IP address has been listed. Any negative response means the host is clean, and has not been listed.

The AHBL is currently blocking all of China from accessing their services. This does not mean that all of China is listed in their DNS blacklist. This does mean that the entire range of China owned IP addresses has been blocked from using The AHBL DNS blacklisting service. This policy will remain in effect until the Chinese government puts a stop to the hacking and espionage against US servers.

tor.ahbl.org

The AHBL used to maintain a zone named tor.ahbl.org, which was a list of Tor exit servers. Without mention, this zone has been removed. The zone no longer resolves, and returns "NXDOMAIN", or Non Existent Domain, for any query that is sent to it. If you are using tor.ahbl.org on your server, you should remove it. While the zone is configured in a way that will not cause you to reject any email, it will add additional DNS lookup time to your server, as well as create the need for additional DNS resources to be provided from The AHBL.

Removal Process

Removal from The AHBL is generally a simple process. If it is determined you are listed, use their lookup/removal tool to enter in your IP address. If listed, the reason why, as well as specific instructions on Ip address removal will be provided to you. Your listing will include the date and time of detection, and any other data maintained in The AHBL database that pertains to your IP address.

Related Articles

Facebook Google+ Twitter
Like this site?
Post a review!