Mail server spam blacklists

Fri, 2008-10-10 23:30 by admin

I have tuned my email server and have taken the opportunity to find and check the available DNS blacklists (DNSBL) by reading statistics and opinions. The result is that I currently (last change: 2010-01-06) use the first 9 of these blacklists to block mail without any scoring or further conditions:

  1. zen.spamhaus.org
  2. dnsbl-1.uceprotect.net
  3. cbl.abuseat.org
  4. ix.dnsbl.manitu.net
  5. bl.spamcop.net
  6. dul.dnsbl.sorbs.net
  7. psbl.surriel.com
  8. combined.njabl.org
  9. bogons.cymru.com
  10. bb.barracudacentral.org
  11. db.wpbl.info
  12. virbl.dnsbl.bit.nl
  13. blackholes.five-ten-sg.com
  14. httpbl.abuse.ch
  15. drone.abuse.ch

The lists are ordered such that the upper ones are most likely to catch a bogus mail, for performance reasons.

Together these blacklists block roughly 90% of all incoming spam on my server, which is a really nice result.

Notes:

  1. The uceprotect lists, particularly dnsbl-2.uceprotect.net (not listed above), are allegedly somewhat aggressive, but the statistics I have found didn't bear that out. If you are, like me, risk-averse, don't use the dnsbl-2 list or use neither of these two.
  2. The spamcop blacklist used to be over-aggressive, but this has changed recently. This list is now eminently usable even in conservative settings.
  3. At least two of the blacklist contain dynamic IP addresses like dial-in ports and DSL addresses. If your mail server checks mail coming from authenticated users against the blacklists (which it shouldn't do, but some do it), then you cannot use these lists. Try to make all your mail users use port 587, the new mail submission port, for SMTP, instead of port 25, because some mail servers do check mail coming in through port 25 against the blacklists, even if the user has authenticated himself, while incoming mail on port 587 can only be delivered by authenticated users and should never be checked against any blacklist.

I am grateful for comments.

Average: 3 (2 votes)