How DNSBLs Work: Avoid Getting Blacklisted
When you open your email client, type a message, and hit “send” it seems so easy. You don’t think about all the processes taking place in the background or security checks being run on your outgoing mail. Most of the time, you don’t even wonder if your message will make it to the recipient, or if it will be marked as spam.
Email has come a long way since its early days. Today, many tools exist to help verify that a sent email comes from a legitimate IP address or domain name. But this verification is still a difficult process for email service providers. If you have your own mail server and send out messages from your domain, you don’t want your emails getting blacklisted as spam — especially if you run a business that focuses on email marketing.
In this guide to DNSBLs, (Domain Name System Blacklists), you’ll learn how DNSBLs work, what to do if your domain gets blacklisted, and how to avoid getting blacklisted in the first place.
What is a DNSBL?
A DNSBL, also referred to as a DNS Blacklist or RBL (Realtime Blackhole List), is a list of domain names and IP addresses that have a history of sending spam emails. Web administrators use DNSBLs to block messages from these addresses so that when messages get sent from these addresses, they are flagged or rejected before arriving in the recipient’s inbox.
DNSBLs date back to 1997, when the first one was created. Today, almost all email servers support at least one DNSBL to reduce junk mail and spam that clients receive. The basic components of every DNSBL are:
- A domain name to host the list
- A server to host the domain
- A list of addresses to publish the blacklist
Many services today offer DNSBLs and each one has its own standards for what is considered spam. Some are stricter than others, making it relatively difficult to be removed from the blacklist once you’re on it.
Some common DNSBL services include:
- The Passive Spam Block List (psbl.surriel.com)
- The Spamhaus Project
- The Spamcop Blacklist
- The Spam and Open Relay Blocking System (SORBS)
- MegaRBL Blacklist
- Blackholes.five-ten-sg.com Blacklist
- Emailbasura Blacklist
You can see a full list of DNSBLs on our Blacklist Checker tool webpage.
How DNSBLs prevent spam emails
All DNSBLs operate on the same premise: adding spammers to the blacklist. But the policies of each DNSBL differ. How long a domain stays on the blacklist, what must be done to be removed from it, and other details vary depending on the DNSBL service you use.
You can tell DNSBL policies apart by looking at three factors:
- Goals: Goals measure what the DNSBL aims to blacklist. It could be all open-relay mail servers, open proxies, IP addresses known to send spam, or even IP addresses belonging to Internet Service Providers (ISPs) that are known to allow spammers to operate.
- Nomination: Nomination refers to how addresses get added to the blacklist. The DNSBL could rely on addresses submitted by its users or set spam traps like honeypots.
Listing lifetime: Listing lifetime is how long an address stays on the blacklist once it’s added. Some services automatically expire addresses after a certain time and others require manual removal. It also refers to the policies the DNSBL has in place to allow listed hosts to get their addresses removed.
The reasons DNSBLs list domains and IP addresses
Each DNSBL uses different listing criteria. Something that gets flagged with one service may not be flagged with another. For the most part, DNSBLs use the following reasons to blacklist addresses.
- Technical: Listings for technical reasons are due to mail server configuration issues. These might include missing or incorrect reverse DNS records, missing or incorrect banner greetings, or a mail server operating with an IP address that an ISP has said not to operate in.
- Policy based: Some addresses get listed because an operator doesn’t want to receive email from certain countries, ISPs, or addresses with a history of not complying with unsubscribe rules.
- Evidence based: If an operator has received direct or indirect evidence that an IP address is involved in sending unsolicited emails, it can land that address on the blacklist as well.
How to know if your domain name gets blacklisted
If you run a mail server or manage one with multiple accounts, you need to ensure that your server doesn’t get blacklisted. You can look up your IP address or domain with our Blacklist Check tool. We also have a Blacklist Help forum you can visit for questions about listing and removing IP addresses on blacklists.
How to get removed from a blacklist
If you suspect your IP address or domain name has been blacklisted by a DNSBL service, the first thing you need to do is figure out which service is blocking you. You can do that by using Blacklist Check tool mentioned above.
Once you know which DNSBL has flagged you, you can check their website for resources or articles on how to get delisted. Most services have instructions you can follow for getting your address removed from the blacklist. You may also learn why you’ve been listed in the first place.
After learning the reason behind being put on a blacklist, your next step is to remedy the action that put you there. Some steps you may have to take include:
- Correcting forward and reverse DNS records
- Correcting SMTP banners
- Scanning all the computers on your network for viruses
- Look for and install updates to your operating system
- Make your routers more secure
- Create and start using stronger passwords
Some DNSBLs have a self-service removal feature that lets you take your address off the list yourself. Most blacklists, however, have a time-based removal. These processes automatically remove low-level offenders within one or two weeks.
Contacting a blacklist operator
When you reach out to a blacklist service about getting your address removed, it’s important to be professional and follow their instructions. If you truly haven’t done anything wrong, let them know and they should be more than willing to help you get your address removed.
When your interact with the DNSBL, keep the following in mind:
- Their goal is not preventing you from sending emails, it’s reducing email spam for their customers.
- DNSBLs don’t add addresses to their lists for no reason. They’re trying to identify and prevent real problems, so be flexible and willing to take action to rectify the situation.
- Blacklists are legal in most countries because they are designed to prevent fraud. You most likely won’t be able to take legal action against a DNSBL service.
- If you ended up on the blacklist because of an error you made, don’t commit that error again. DNSBLs are significantly less lenient for second or multiple offenders.
How to avoid being listed on a DNSBL
The best way to deal with getting blacklisted is not to get blacklisted in the first place. You can do several things to prevent being considered spam or ending up on a blacklist.
- Don’t send spam from your network: Make sure no senders on your network are sending out spam, intentionally or unintentionally. You will need to check the mail logs to do this. You might end up finding that a laptop on your network that sends spam every time it’s connected has no anti-spyware or malware protection installed, for example, which would flag DNSBLs.
- Use mail sending best practices: These best practices include setting a DNS pointer, matching your MX domain name to the pointer, checking that your mail transfer agent (MTA) uses proper EHLO/HELLO, and only allowing mail attachments of 50MB maximum.
- Check your logs and queues: You should check your mail logs and queues daily for potential problems.
- Set up DNSBL monitoring alerts: You can subscribe to a service that will monitor potential blacklistings for you if you don’t want to have to run the check yourself all the time.
- Always respond to complaints: Keep your admin email contacts updated so if users have abuse complaints you receive them right away. Always respond to these complaints professionally so users don’t feel inclined to report you as spam.
- Publish SPF records: Sender Policy Framework (SPF) is a process to validate email messages that have been sent. Setting up and publishing SPF records is a must for avoiding spam.
- Create an email with DKIM: DomainKeys Identified Mail (DKIM) is an authentication process that allows an organization to claim responsibility for a message. It uses public key cryptography to detect possible forgery.
- Never allow open relays: Never allow your email server to be open-relay. You should only let authenticated users send emails from your server, and your email program should be able to help you with that.
- Set up a firewall for outbound mail: Set up a firewall that all your outgoing messages pass through to check for viruses, malware, or spyware.
Can you get whitelisted?
At this point, you may wonder if it’s possible to have your address whitelisted by a DNSBL service. In other words, no messages from your server or address ever get flagged because you’re marked as “safe.”
As a general rule, DNSBL services like Spamcop, Spamhaus, and others do not allow whitelisting. If they did, it would compromise the security they’re promising to their email clients. You know that your emails are safe, but the DNSBL or users don’t. Furthermore, at some point after you’ve been “whitelisted” a spam email could mistakenly come from your address and if you are considered “safe” this email would get through to its recipient.
The best thing you can do is work to avoid getting blacklisted and to cooperate with DNSBL services to get removed if you ever do end up on a blacklist.
Don’t get blacklisted
Finding out your domain or IP address has been blacklisted isn’t cause for panic, but you should take the matter seriously. If you follow some of the tips in this guide, hopefully, you can avoid being blacklisted entirely.
- Easy Prey Podcast
- General Topics
- Home Computing
- IP Addresses
- Online Privacy
- Online Safety
With so many people working from home now, one big question employees have started asking is: Can…[Read More]