In black and white: how to use anti-spam lists

The Internet Research Task Force's (IRTF) Anti-Spam Research Group (ASRG) has produced a summary of how DNS blacklists and whitelists (DNSBLs and DNSWLs, designated in the RFC as DNSxLs) should be used and of the security issues which need to be considered when doing so. The summary is in the form of a 'Request for Comments' (RFC 5782).

For a decade, DNSBLs (also known as RBLs, the latter a Trend Micro trademark) have been widely-used as a means for internet users to exchange information on internet abuses. This is usually in the form of IP addresses from which undesirable content is being spread (generally via email), but domain names which are, for example, being advertised via spam, can also be exchanged simply using the domain name system.

Most mail servers or spam filters integrated into mail servers are configured to compare IP addresses with DNS blacklists and, should they score a hit, to decline email from that IP address, or to mark it as potential spam. As an alternative to scoring using multiple criteria, whitelists such as dnswl.org are also now being used. Technically, DNSWLs work in exactly the same way as DNSBLs, except that possible hits are assessed in the opposite manner.

As practical as DNSxLs are, careful consideration still needs to be given to their use. The ASRG guidelines point out that using DNSxLs means making yourself dependant on third party technology and listing criteria. DNSxL providers can also use DNS queries to generate statistical data on how much email DNSxL users from different areas of the internet are receiving. And like any DNS service, they are potential targets for online attacks.

(djwm)