How Do RBLs Affect Me? (Part 3)

sbOriginally posted on RBLTracker

In Part 1 and Part 2 of our series, I talked about what RBLs are, how they work, and how RBLs are used by administrators to control the day-to-day onslaught of SPAM on their email systems. In this article I’m going to talk about how RBLs affect you, your business, and why you should care.

So Why Do I Care?

Getting listed on an RBL or URIBL is not uncommon- it happens.

  • Maybe you have a customer using your email platform that didn’t quite understand the rules against bulk email.
  • Maybe one of your employees downloaded some virus infested software that started sending SPAM to all the contacts in their email client.
  • Maybe your email administrator made a mistake when configuring your email system, and opened you up as an open relay.
  • Maybe the WordPress or Drupal installation on your website was compromised, and injected with phishing code.

We all do our best to ensure that these types of errors aren’t the norm, but human error happens.

As a mail recipient, RBLs protect you from these issues by rejecting these messages before they land in your inbox. As a mail sender, RBLs protect others FROM your issues- and limit your overall liability, by reducing the number of messages delivered.

By listing compromised mail servers and website domains, and using these RBLs and URIBLs in our mail systems, we effectively limit the spread of SPAM and phishing websites, which is good for everybody.

Sounds Great- What’s the Catch?

Once you’re listed- as the name indicates- you’re “black-holed”- much of your email won’t be reaching its destination, and traffic to your websites could be limited.

If your business relies on email communication- either as a tool, or a product- then the longer you’re listed, the worst it is for your bottom line, and your reputation. It looks really bad if your customers email you, and get a bounce message indicating that your email system has been blocked.

The sooner you know there is an issue, the sooner the issue can be resolved, and the sooner you can request delisting from the RBLs in question.

RBLTracker

RBLTracker provides a fully automated RBL monitoring service, which checks your IP addresses and website domains, against a customizable list of the top DNSBLs, and will alert you immediately if your system is listed.

Don’t wait days or weeks to find out that your email hasn’t been reaching your customers- click here to find out more!

How Are RBLs Used? (Part 2)

Originally posted on RBLTracker

In Part 1 of our series we talked about what RBLs are, and the different types of RBLs. In this article, we’ll talk more about how they can be used by administrators to control the flow of SPAM into their networks.

How Are They Used?

Most mail server software can be configured to make requests against DNSBLs, and reject or accept mail, based on if the sending mail servers IP address is listed in the DNSBL. Or in the case of URIBLs, if a domain name or website URL found in the body of the message is listed.

Example

As a quick example, the Exim mail transfer agent (MTA) supports specifying one or more DNSBLs during the ACL processing of an inbound SMTP message.

exim_rbl

Exim will make a DNS lookup request on the sending mail servers’ IP address, and if found in the DNSBL, can reject the message with a specific error message.

The Postfix MTA allows administrator to add one or more DNSBLs using the reject_rbl_client configuration option in the smtpd_recipient_restrictions option.

postfix_rbl

You can also do a simple check on Windows, Mac, and Unix, using the command line nslookup tool. Simply reverse the digits in your IP address, and prefix it to one of the DNSBL host names.

So for example, if your IP address was 127.0.0.2 and you wanted to check the bl.spamcop.net DNSBL, you would do a DNS lookup on: 2.0.0.127.bl.spamcop.net:

manual_lookup

Check back for Part 3 of our series where I talk about how RBLs affect organizations, and why they can be an important part of your day-to-day administration.

What are RBLs and How Do They Work? (Part 1)

antispamOriginally Posted on RBLTracker

Real-Time Blackhole Lists (RBL) are a simple but effective way for organizations around the world, to share the location (in this case, the IP addresses) of email systems that are reputed to send email SPAM.

The most common implementation of these lists are distributed via DNS, and referred to as DNS-based Blackhole Lists (DNSBL). Distributing this data via DNS makes perfect sense; it’s a technology that already exists, and servers all already have access to. It’s fast, and the data (IP addresses and domains) is well suited for DNS.

Types of RBLs

There are hundreds of RBLs available worldwide, managed by hundreds of organizations and individuals. Most RBLs are free to use, some are pay-to-use, and they all have their own methodologies for compiling their databases, and their own processes for being delisted.

Two of the most common and reliable methodologies for collecting data for RBLs, are based on user input, or something they call a “honey pot”.

Crowd Sourced

RBLs based on user input are the most common, and often most reliable. This data is effectively crowd sourced. When an email recipient receives a SPAM message (assuming their system supports it), they can “flag this message as SPAM”. If enough recipients flag the same message as SPAM, the IP address of the sender will be added to the RBL database.

This is common in free email services like Hotmail and Gmail.

Honey Pots

Another common source for RBL data is something called a honey pot. These are basically email addresses that are never used for any legitimate email purposes, and aren’t owned by any end users. They simply exist out on the Internet in places where robots and SPAM aggregators collect email addresses.

Any email that comes to these addresses is by definition unsolicited, and considered SPAM, and will land you on an RBL.

URIBLs

Another type of RBL is the URI Blackhole List (URIBL). This is used for distributing domain names of websites that are reputed to send SPAM or to be involved in phishing schemes. So this doesn’t just affect organizations that run their own mail servers, but anyone that has a website as well.

There are definitely RBLs that are more reputable than others; there are some that have no process for being delisted, and others where you have to pay to be delisted. In my opinion, the pay-to-delist RBLs should not be considered reputable, and should not be used by mail system administrators.

Stay tuned for Part 2 of this series, where I’ll talk about how these RBLs are used by organizations, and give you some real-world examples of how RBLs can help you combat SPAM.

RBLTracker.com: Now with DNSSEC and TLSA

The RBLTracker domain is now signed with DNSSEC, and we’ve published the website certificate fingerprint via a TLSA record (also known as DANE), so that you can be 100% sure you’re interacting with the RBLTracker servers. dnssec

This can be validated through the Verisign Labs Test Tool.

What is DNSSEC, and why do I care?

The point of DNSSEC is to provide a way for DNS records to be trusted by whoever receives them. The key innovation of DNSSEC is the use of public key cryptography to ensure that DNS records are authentic.

DNSSEC not only allows a DNS server to prove the authenticity of the records it returns. It also allows the assertion of “non-existence of records”.

What about DANE, what’s that all about?

DANE, or “DNS-based Authentication of Named Entities”, is a way for domain and website owners to publish SSL certificate fingerprints, so that visitors can validate that the certificate being used on a website is valid for that site.

Over the last few years, there have been several security breaches with Certificate Signing Authorities (CA’s)- companies that sign certificates that you use for your secure website- allowing the issuance of certificates for domains, not owned by the domain owners.

Using DANE, you can define exactly which certificate or CA is valid for your website, restricting the ability for a would-be hacker to masquerade as your website, by gaining access to your CA.

This obviously only makes sense in tandem with DNSSEC, as you need to validate that the DNS information providing the certificate fingerprint is valid, and not modified along the way.

How can I tell if a site is using DNSSEC/DANE?

Until there is more mainstream support for DNSSEC/DANE- for example, building support for it directly in the OS layer and in web browsers- there is a great browser plugin by cz.nic, that will show you when a site is protected with DNSSEC and DANE.

RBLTracker: Two-factor Authentication using Clef

clefYou can now log in to your RBLTracker account using secure, two-factor authentication using Clef.

Clef is secure two-factor authentication using your mobile device, with no passwords or tokens, and no personal data is shared between RBLTracker and Clef.

Simply download the Clef Mobile App, and then register your RBLTracker account with Clef from the Profile page of your RBLTracker account.

register_clef

 

Once registered, you can log in and log out of the RBLTracker interface using your mobile device- it’s that easy! If you have any questions or comments about using Clef, please let us know @ info@rbltracker.com

Two-factor authentication is available to all RBLTracker accounts. Sign up Today!