Spam blacklists

From LinuxReviews
Jump to: navigation, search

There are quite a few services who allow you to use their frequently updated spam blacklists. Most of these blacklists can be used with MTA programs such as Postfix (see HOWTO Stop spam using Postfix). But some of the blacklists are a bit too wide and block innocent machines as well as those who are guilty of spam. It's generally much easier to get on a blacklist than it is to get off.

Here are some of the blacklists available:


[edit] Spamhaus

This is a great and frequently updated blacklist. It's free for mail servers with less than 100 users. They have 3 blacklists, "Spamhaus Block List", "Exploits Block List" and "Policy Block List". You can use in your DNSBL configuration to subscribe to these lists[1] (This list was formerly known as "", this list is now replaced by zen).

[edit] SORBS

SORBS (Spam and Open Relay Blocking System) is a spam fighting service in Australia[2]. Their list is very effective, too effective for a whole lot of reasons. First of all, they are known to be very quick to blacklist entire IP ranges if there's a spammer on it - and there's been numerous complaints about people with static IP's getting their IP-range blocked because of someone else's spamming.

And then there's the Tor-network. Most of the routers in the Tor-network are relay nodes, they don't allow exiting. And the default exit policy for Tor is to disallow port 25, so you can't spam from exit nodes unless the exit node has intentionally configured the router to allow e-mails to be sent. And about none (perhaps 3) of the around 1000 Tor-routers allow exiting on port 25 - yet SORBS policy regarding Tor is to block all of them, regardless of them allowing exiting or not, and regardless of their exit policy. Now, specifically blocking the Tor-network isn't a big deal, it's a small deal, but it is a typical example of SORBS's blocking policy: When in doubt, block it.

You will get less spam by using SORBS's list. But you may also prevent legitimate e-mail by using this list.

You can use in your DNSBL configuration to subscribe to their list[3].

[edit] SCBL

SpamCop Blocking List (SCBL) story is that "The SCBL is a list of IP addresses which have transmitted reported email to SpamCop users, which in turn is used to block and filter unwanted email."[4] This should, in theory prevent false positives from automatically entering their list. Add to use their DNSBL.

[edit] CBL

CBL (Composite Blocking List) is a list which only blocks based on traps. Their story is this:

"The CBL takes its source data from very large spamtraps/mail infrastructures, and only lists IPs exhibiting characteristics which are specific to open proxies of various sorts (HTTP, socks, AnalogX, wingate etc) which have been abused to send spam, worms/viruses that do their own direct mail transmission, or some types of trojan-horse or "stealth" spamware, without doing open proxy tests of any kind.

In other words, the CBL only lists IPs that have attempted to send email to one of our servers in such a way as to indicate that the sending IP is infected."[5]

This is a great way to prevent false positives to be added to the list; if you haven't spammed them then you're not listed by them. Their DNSBL is

[edit] Dead services

The Open Relay Database ( is now dead, even the website previously at is gone. Thus; you should remove from your MTA/spamfilter configuration (Remember this if you're a consultant who visit clients who only have someone tune their MTA once a year or so - unless it breaks, of course. ORDB died December 2006, such clients may likely have it in their config).

[edit] One last detail

It's generally a good idea to make sure that users can send to services they can't get mail from because they are blocked. There is such a thing as false positives, specially if you're using SORBS or DSBL's "unconfirmed" list.

[edit] DNSBL's In Bullet Summary

  • Spamhaus:
  • Sorbs:
  • SCBL:
  • CBL:

[edit] How to use DNSBL lists

[edit] References

  1. The Spamhaus Project:
  2. SORBS (Spam and Open-Relay Blocking System)
  3. SORBS: Using SORBS
  4. What is the SpamCop Blocking List (SCBL)?
  5. CBL - Composite Blocking List
Personal tools
hardware tests
Privacy policy
linux events


linux newz | random page | poetry | free blog