What is an RBL (or DNSBL)

vitaly's picture
Print this pagePrint this page

RBL or DNSBL is a means by which an Internet site may publish one or more dynamically changing lists in real time for others to use. It is mainly used by SMTP servers to block or flag mail coming in from certain IP addresses, thus effectively blocking and rejecting traffic from such sites. There are other uses for these protocols, but in our applications we are mainly interested in this particular use, so we will concentrate on that.
RBL stands for "Realtime Blackhole List" and DNSBL stands for DNS block list and they both represent essentially the same thing.
The technology is based on the regular DNS (Domain Name Search) technology, hence the name DNSBL. It is quite simple. Each time a host connects to SMTP server, SMTP server sends a specially formatted DNS request to one or more of the black lists it uses to filter out their messages. If the response is negative or no response at all, then the IP is passed further, if the response is positive, such connection will be flagged and unless the user trying to send the transmission authenticates with username and password or somehow else proves to be trustworthy (different providers may have different policies), this message will be either dropped or flagged as spam and delivered to a junk mail folder.
Most of the ISP's and corporate mail servers (including us) currently use one or more of these lists.
Use of such services is a double sided coin, because it may produce (in rare ocasions) false negatives and false positives. This means that it can block a genuine non spam sender as well as not block a spammer. In this case, the blame is hanging between block list operators and the SMTP server operators.
Most of the black list operators say, that it is not them who actually decide to block or not block a certain IP address, they just provide the information to do it and are completely not responsible for how this information may be used.
Same is true from the side of the SMTP server operators, because they have received information from the block list operator and have no reason not to trust them.
However, since this technology has been around for a very long time now, most of the problems have been ironed out almost completely. There are some rare occurences of false positives and false negatives, especially if you operate a high volume SMTP server, but the benefits of using this technology now greatly outweight the disadvantages, so majority of ISP's and large corporations are prepared to sacrifise a few lost email messages, but reduce 90% of spam messages by using this technology. Some would use a smarter combination of this and additional technologies and instead of deciding only yes or no about each message, will apply a score to it from 0 to 100. Based on this score, more intelligent decisions can be made and in addition to that, each individual user may adjust his own "passing" and "failing" score.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <h2> <h3>
  • Use <!--pagebreak--> to create page breaks.
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent spam
P
7
g
K
j
V
Enter the code without spaces and pay attention to upper/lower case.