DNSBL Antispam

There are a wide variety of techniques for blocking spam. One popular method is to check the source of connections to your mailserver and prevent them from sending email if those sources are known spammers. This technique relies on lists of known spammer addresses (their Internet addresses, or IP addresses).
These lists can include the IP addresses of:

  • machines that have recently sent spam. A large proportion of spam today comes from compromised computers running malware and forming part of what is known as a "botnet". These networks of computers can be controled remotely and used by spammers to send spam to any address they like. The machines are typically normal computers running on normal networks, so the lists have to include the network addresses of the individual compromised machines or blocks of addresses belonging to badly compromised networks.
  • dedicated servers sending spam
  • "open relays", servers that are so badly configured that they can be freely used to send spam by others.
  • servers sending spam because a login has been guessed due to a weak password

The lists used to block spam use the Domain Name System (DNS) in order to be efficient. This is basically the same system that looks up where to take your browser when you type in for example www.google.com. The system provides your computer with the IP address of Google's server. The same trick is used to check a source against a spammer list. The mailserver must check the IP address of the connection source against one or more large lists of spammers and does so using a DNS request. The request can give a positive or negative result and then the server can choose what to do with the connection: whether to allow it to send email or not. Similar lists exists for the email domain of senders (the bit after the @ in user@example.com) and also links contained in the email being sent. The system also works well in reverse. You can check connecting addresses against whitelists and then know that you can trust them NOT to send spam.

Lets work through an example.

DNSBL Example

Mail connections from InternetMailserverLocal users
Mail connections from InternetMailserverLocal users

Your server recieves connections from the Internet trying to send email to your users. Without any DNSBL spam checking your server accepts all email to local user email addresses and delivers them to the local users email boxes. As an example let say one connection is coming from the Internet address 34.23.34.54, another from 67.34.46.34 and another from 125.34.46.34 The server must decide which connection is a spammer and which are not.

Mail connections from InternetDNSBL QueryLocal users
Mail connections from InternetDNSBL QueryLocal users

As the connections are made to the mailserver it takes each connecting address and queries a DNS server to see whether the address is known to belong to a spammer. If it is it can reject the email, drop the connection or accept the email and block it later on (for example if the IP has sent spam AND legitimate email in the past you don't want to just block everything!). Hexamail will also allow you to weight the email from a suspicious connection so that they are more likely to be blocked as spam if the email content also appears suspicious.

Adding DNSBL to your server

If you wish to add DNSBL antispam features to your existing email server you can use Hexamail Guard or Hexamail Nexus. They provide a sophisticated array of DNSBL features in addition to many other spam blocking techniques. You can choose as many DNS based block lists as you like, and configure each to have a different effect: Reject email, Weight email, Block email, Delete email or Allow email (for whitelists). You can also apply DNSBL to the sender domains (known as RHSBL or Right Hand Side Block Lists) and links (URLs) contained within the email itself. Hexamail also automatically supports back scatterer lists such as ips.backscatterer.org and provides a dedicated DNSBL just for Hexamail customers.

Hexamail also provide a mailserver with built in antispam capabilities Hexamail Server.