Choosing a Good DNSBL

stry_cat submitted a story about selecting a good DNSBL. It talks about some of the problems with DNS blacklists and the sorts of things that you should be looking for. Things like Speed, Selection Criteria, and Goals make the list. And of course not requiring payment to be removed from the blacklist.

There is no such thing as a good DNSBL

[deviator]

They all have issues; all of them create headaches for administrators of legitimate e-mail servers at one time or another.

NEVER use a DNSBL as an absolute block

[ebunga]

DNSBLs are subject to the whims of some of the most unreliable and whiny schmucks on the face of the planet. NEVER under any circumstances use a single DNSBL as an absolute block. Use it to increment a score along the lines of Spam Assassin that will eventually hit a threshold, preferably with a minimal content-based component. Don't even think about using multiple hits on multiple lists as a gauge of spam-worthiness. The amount of inbreeding and sharing among lists is disgustingly high. Not even the Spamhaus aggregate is trustworthy these days.

Spammers can get around blacklists anyways. They're about as effective as locking a door made of tissue paper. The number of false positives is high. The amount of spam blocked is negligible. My suggestion is to abandon the idea altogether.

Re:NEVER use a DNSBL as an absolute block

[Shaman]

Sounds good, except it's not true. I was just on one of our spam systems (Barracuda 400) and the stats look something like this:

20,000,000 blocked e-mails
480,000 tagged e-mails
90,000 viruses found
135,000 quarantined messages (user choice to quarantine or not)
610,000 delivered/approved mail

To nobody's surprise, some spam is still getting through. This is in less than two weeks, and there are two servers to handle the load, the other one is more or less as bad.

So what were you saying about not using blacklists?