QTH Net started using Real Time Black Hole Lists (RBL) in Dec. 2003 to prevent SPAM from known SPAM sources. RBLs generally do not block individuals, they block known spam sources, spaming companies, and sometimes entire IP address blocks. Unfortunately, sometimes legitimate individuals are using these sources for their ISPs or their ISP has unknowingly been hijacked which gets them listed.
We make use of the following RBL providers and some IP based black lists:
- spamhaus.org -- mainly lists the very large spam companies.
- spamcop.net -- list spam companies and individual spammers.
- dnsbl.njabl.org -- lists mail servers that are configured as open relays.
- dsbl.org -- lists mail servers that are configured as open relays.
- bl.csma.biz -- lists addresses and IP blocks of known spam sent to various servers owned by McFadden Associates.
Why did we go the RBL route?
While SPAM has been a growing problem for QTH Net, starting in 2004 it just got out of control. Spammers are trying to send junk mail to our email lists and are altering the From: address of every single message they send out so we can't effectively block them based on the email address. The subject line changes and they even try to hide text in the body so we can't filter for that. They have even tried to hijack our server. Quite honestly, I don't understand why they work so hard to send mail to someone that doesn't want it.
How much SPAM are you blocking by using these RBL providers and filters?
We are now blocking approximately 19,655 SPAM messages out of approximately 44,000 incoming email messages that we process per day. Yes, that means approximately 45% of the mail coming into our email server is SPAM.
Now, what does all of this mean to you?
RBL Providers, and there are literally hundreds of them on the Net, came into existence as a means to help IP's like QTH Net battle the increasing costs of SPAM. SPAM is a theft of our services, and a theft of your services, increasing costs for everyone. In the United States alone, the estimated cost of SPAM in 2005 is $22,000,000,000 ($22 Billion U.S. Dollars).
How do mail servers get listed in RBLs?
How does one get listed in spamhaus.org and spamcop.net?
spamhaus.org typically deals with the very large SPAM providers who have been identified through various means as sending SPAM. It is uncommon to be listed in spamhaus.org if you are not a major provider of SPAM.
spamcop.net lists organizations and individuals who have been reported as sending SPAM. They research their findings, and do a math computation based on how much email is going out of a mail server, and how much of that email is reported to be SPAM. Like spamhaus.org, it is uncommon to be listed in spamcop.net if you are not a SPAM sender.
How does one get listed in dnsbl.njabl.org, opm.blitzed.org, or dsbl.org, and what is an open relay?
An "open relay" mail server is a server that can be used by anyone to send mail. These RBL providers list organizations and individuals whose mail servers are poorly configured and can be hijacked, allowing anyone to use them to send untraceable mail anywhere.
Why do you use several RBL providers instead of just one?
Each list operates independently of each other. While they may have duplicated entries, they aren't swaping information, and generally they have different critera for listing. We picked a combination of providers that would yield the most accurate and best results for preventing SPAM.
What happens when a person trying to send an email to a list has their ISP in an RBL provider's database?
The sender will receive an error message giving them some indication that their mail has been blocked and returned undeliverable. Exactly what the sender is told will depend on which real time black hole list (RBL) their mail server is listed on:
Those listed in Spamhaus.org may receive something like:
554 Service unavailable; [80.57.142.99] blocked using sbl-xbl.spamhaus.org, reason: http://www.spamhaus.org/xbl/xbl.lasso?query=80.57.142.99
Those listed in SpamCop.net may receive something like:
554 Service unavailable; [221.15.71.57] blocked using bl.spamcop.net, reason: Blocked - see http://www.spamcop.net/bl.shtml?221.15.71.57
Those in dnsbl.njabl.org and opm.blitzed.org and the other open relay RBL provider's databases will receive either "open proxy" or "relay proxy" as the error message.
554 Service unavailable; [24.232.29.207] blocked using dnsbl.njabl.org, reason: open proxy -- 1076174404
How does an ISP or other form of mail server provider get out of an RBL provider's database?
Each list has a different method of removal. Some allow immediate removal by anyone. For those that don't have this option, The ISP must contact the black list list administrator and verify that they have fixed what ever problem got them listed. In most cases, the ISP will not take any action untill one of their customers complains. If mail from you is being black listed, your first move should be forwarding the entire rejected message to your ISP, asking why his server is black listed and what he intends to do to fix it.
While there are black lists that are almost impossible to get removed from, we have purposely picked RBL providers that are easy to work with as well as being accurate as to who is listed in their databases.
