It's a blog.
In: Uncategorized27 Sep 2008
I don’t put a lot of faith in DNSBLs, which are blacklists of spammer IPs. (They’re hosted as nameserver entries; you’d submit a DNS lookup for 126.96.36.199.example.com, where example.com was the DNSBL, to see if 188.8.131.52 was in the list; if it was, you’d get an “A” record of 127.0.0.2 (customary) back as a match.)
My concern is mostly that, historically, DNSBL providers have gotten carried away and started to list whole netblocks, and then whole netblocks of their enemies who aren’t sending spam… And pretty soon, you’re getting a lot of false positives. (Non-spammers who falsely test “positive” in spam checks.) In other words, you start rejecting legitimate e-mail because the blacklists tell you it’s spam. That’s a risk I’m not willing to take, and it’s an even more unacceptable risk for a business to take.
Other blacklists just don’t work. They match something like 10% of spammers. One blacklist I looked at rejects something like 40% of spam, and 50% of legitimate mail. (Yes, that’s right: it rejects more legitimate mail than spam.) So you probably won’t be surprised to learn that I don’t use any blacklists, other than a running list of people who have sent me obvious spam in the past 14 days. (I should probably lower the time period to something like 5 days, but I’m really not in a hurry to.)
But there are some blacklists that aren’t evil. Take these stats with a grain of salt, because they don’t check for false positives, and because they’re based on a limited sample, but I’ve found the following lists to be reliable:
Between the OpenRBL site and Spamikaze’s list, I do have some more that I’d like to experiment with. I should again reiterate that this was a very non-scientific test; it evaluated fewer than 20 IP addresses which have been blacklisted by my servers in the past few days. It assumes that their servers get spam from the same sources that I do; given that many large blacklists contain millions of IPs, this isn’t an accurate assumption at all. All these statistics are really good for is pointing out blacklists that are worth taking a look at.