Using RBL and DCC for spam protection

Thursday June 14, 2007 (02:01 PM GMT)

By: Murthy Raju

I run a Postfix-based mail server that services a few hundred users with an average load of a couple of thousand legitimate messages a day — but thanks to spam, the actual load on the server is much higher. I use Realtime Blackhole Lists (RBL) and Distributed Checksum Clearinghouse (DCC) clients on Postfix and SpamAssassin to reduce the impact of spam.

RBLs are lists of IP addresses of known and potential spam originators. There are many RBL providers, such as Spamhaus, Spamcop, and DNSRBL. These lists are also known by various other names, such as blacklists or blocking lists. Mail servers can connect to RBL servers to check on IP addresses.

RBL providers add IP addresses to their lists that fall into any of the following categories:

* Known originator of spam
* Open SMTP relay that can be misused by any mail server in the world to send spam
* Dynamically assigned IP addresses of DSL or dial-up customers of ISPs who allow their machines to be used to originate spam
* IP addresses of computers affected by mass mailing viruses or trojans

RBL providers may also take various other parameters into account for listing an IP address. Each RBL provider has its own strategy for gathering IP addresses. The process may involve actively checking large sets of IP addresses for potential listing.

An IP address that reaches an RBL won’t stay there forever. Some providers have a specific time period after which IP addresses are automatically delisted. Some other providers delist on request from the owners of the affected IP addresses if they are convinced that the cause for delisting does not exist any more. Ease of delisting varies among providers; getting off a list can be a cumbersome task.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s