The Spamhaus Project

news

Approaching 100% spam block: Spamhaus releases the Domain Block List

by The Spamhaus TeamMarch 01, 20104 minutes reading time

Jump to

Introduction

1 March 2010: The Spamhaus Project is proud to release its newest spam-blocking advisory list to the world's internet users, this time focused on the domain side of email filtering. Called simply the Domain Block List, the DBL has been in beta testing for much of 2009 on production ISPs and corporate servers in Europe, Asia and North America, and results have been exceptionally positive. It upholds the Spamhaus reputation for extremely high spam detection and virtually no false positives. The DBL is now ready for broad use in production spam filter systems.

Why the DBL

Anyone trying to block spam knows that spammers have evolved elaborate strategies to evade filters. IP address based filters such as The Spamhaus Project's Zen lists successfully clean the vast majority of the email flow. This works by shedding connections from known-bad IP addresses with the least possible load on the receiving system. Currently, most users see nearly 90% effectiveness using this method, however, spammers still manage to sneak some junk into recipient's mail delivery systems. This is often done by spamming from normally legitimate sources which should not be blocked at connection time. At that stage of delivery, after the Zen connection filter and either during the "DATA" part of SMTP transaction or after message acceptance, receivers must use increasingly resource-intensive (and thus costly) filters to mop up spam that seeps through. Spammers are using tremendous numbers of domains for short intervals to evade filters at this stage. This is where the DBL is designed to be extremely effective.

About the DBL

Most spam contains a link to a "payload" or "landing" webpage where whatever fraud, phish, malware or suspect offer is presented. Those links are normally based on domains. Many receivers already use domain or URI filters and the popular open-source SpamAssassin has included them, highly scored, in its ruleset for years. While there are already excellent URI datasets available such as SURBL and URIBL, Spamhaus has tailored the DBL to work specifically in conjunction with our IP address based lists.

The DBL system has been built to process an enormous input of spam data arriving at Spamhaus' spamtraps in order to detect and list spam domains in realtime. Spamhaus' robust DNS infrastructure enables the DBL to be rebuilt and republished every 120-seconds. What this will mean is that DBL users will be able to block spam containing DBL-listed domains within just minutes of a spam being seen by the Spamhaus detectors.

How to use the DBL

The DBL is fully operational today and published at dbl.spamhaus.org for users with mail servers capable of using domain URI blocklists or Right Hand Side Block Lists (RHSBLs) and who wish to use it via DNS query. It is also available immediately to Spamhaus Datafeed users. Users wanting to implement DBL in spam filters must read the DBL FAQ for proper use guidelines as the DBL is not an 'IP blocklist' and can not be plugged into normal mail server 'RBL' filters. DBL must be specifically used only where "domain blocklists" or RHSBLs are used.

SpamAssassin is releasing a new version specifically with DBL support: SpamAssassin 3.3.1. SpamAssassin users should upgrade to 3.3.1 before using DBL. DBL can not be retroactively added to older SpamAssassin versions.

Companies using the Spamhaus data such as Microsoft Hotmail, Yahoo!, Comcast and many others should soon be using the DBL data to help catch more spam before it hits their users' mailboxes. Spamhaus also hopes the DBL will be of use to domain registrars, registries and ICANN to help show problem areas of spammer domain registration.

What Spamhaus hopes is that this new data zone will allow internet users to approach the goal of stopping every spam sent to them. While a 100% spam block may never be achievable, the ability to reduce "seen" spam to a rarity is approaching. Further new Spamhaus data lists due out this year will continue to pursue that goal.

About Spamhaus

The Spamhaus Project is an international nonprofit organization whose mission is to track the internet's spam operations, to provide dependable realtime anti-spam protection for Internet networks and to work with Law Enforcement Agencies to identify and pursue spammers worldwide. The number of internet users whose mailboxes are currently protected by Spamhaus DNSBLs now exceeds 1.4 Billion. Founded in 1998, Spamhaus is based in Geneva, Switzerland and London, UK and is run by a dedicated team of 28 investigators and forensics specialists located in 8 countries.


Article links:

Help and recommended content

See below for helpful articles and recommended content