{"id":1176,"date":"2008-09-27T20:52:08","date_gmt":"2008-09-28T00:52:08","guid":{"rendered":"http:\/\/blogs.n1zyy.com\/n1zyy\/?p=1176"},"modified":"2008-09-27T20:52:08","modified_gmt":"2008-09-28T00:52:08","slug":"blacklists","status":"publish","type":"post","link":"https:\/\/blogs.n1zyy.com\/n1zyy\/2008\/09\/27\/blacklists\/","title":{"rendered":"Blacklists"},"content":{"rendered":"

I don’t put a lot of faith in DNSBL<\/a>s, which are blacklists of spammer IPs. (They’re hosted as nameserver entries; you’d submit a DNS lookup for 4.3.2.1.example.com, where example.com was the DNSBL, to see if 1.2.3.4 was in the list; if it was, you’d get an “A” record of 127.0.0.2 (customary) back as a match.)<\/p>\n

My concern is mostly that, historically, DNSBL providers have gotten carried away and started to list whole netblocks, and then whole netblocks of their enemies who aren’t sending spam… And pretty soon, you’re getting a lot of false positives. (Non-spammers who falsely test “positive” in spam checks.) In other words, you start rejecting legitimate e-mail because the blacklists tell you it’s spam. That’s a risk I’m not willing to take, and it’s an even more unacceptable risk for a business to take.<\/p>\n

Other blacklists just don’t work. They match something like 10% of spammers. One blacklist I looked at rejects something like 40% of spam, and 50% of legitimate mail. (Yes, that’s right: it rejects more legitimate mail than spam.) So you probably won’t be surprised to learn that I don’t use any blacklists, other than a running list of people who have sent me obvious spam in the past 14 days. (I should probably lower the time period to something like 5 days, but I’m really not in a hurry to.)<\/p>\n

But there are some blacklists that aren’t evil. Take these stats with a grain of salt, because they don’t check for false positives, and because they’re based on a limited sample, but I’ve found the following lists to be reliable:<\/p>\n