Real-time Blackhole Lists (RBLs)

What is an RBL?

A Real-time Blackhole List, or Domain Name System-based Blackhole List (DNSBL), is a list of internet domains and/or IP addresses that should be blocked due to alleged abuse. These include computers and networks operated by active spammers as well as systems passively involved with spam, such as internet service providers whose users are known to send spam, or machines that have been hijacked by spammers.

Unlike static email blocklists, RBLs are intended to be dynamic – updated and published on a regular basis. They are popular among mail hosts, including Email Service Providers (ESPs), Internet Service Providers (ISPs), and Anti-spam agencies (ASAs), who refer to the lists to detect and block unwanted emails entering their network. 

Criteria for listing

DNSBLs / email blocklists are numerous and diverse — anyone can make and publish one. There is no centralized source or authority for RBLs therefore. Some RBL maintainers make them available publicly (either for free for a fee). Others are for internal use only (e.g. for MSPs).

Different RBLs use different processes and criteria for adding and removing entries. Often these are secret. They may include the use of “spam traps” or “honey pots” for identifying abusive hosts.

Technical usage

RBLs are usually referenced during the SMTP connection phase by the MTA or Firewall, and incoming connections from hosts which match are blocked without accepting any traffic. Blocks may be permanent or temporary.

RBLs typically use special DNS queries to check if a specific unknown host is trustworthy or not. The DNS query acts as a simple remote database lookup and often allows requesting the reason for the host being listed, if it is listed at all. Therefore the list checking is typically live and conducted once per-host (e.g. one check per unknown IP address).

Some services also offer caching options and non-DNS based APIs as an alternative lookup interface.

Benefits

RBLs are a popular, proven, and efficient way to stop unwanted and abusive messages before they enter your email inbox. By stopping messages when the very first connection between mail hosts is made, disk space (for storing mail), and processing resources are preserved, as spam filters and other threat management software will never see or analyse the blocked mail.

Disadvantages

If your IP address is listed on an RBL, you may have trouble sending legitimate emails and getting delisted to allow the resumption of normal sending. Each RBL maintainer typically has its own distinct procedure for getting a host delisted, which must typically be followed manually by a representative of the blocked host.

RBL usage is set by the receiver, not the email sender, which means that senders have no control over the RBLs that recipient hosts use to filter their email or the effect of those lists on their outbound mail.

Controversy

From their inception, RBLs have raised justified concern over abuse by list maintainers, and the potential for censorship — “who watches the watchmen”?

RBLs are not regulated by any authority, and the power that comes with blocking mail is used for both good and for bad intentions. Motives aside: they are responsible for a significant percentage of false positives or “friendly fire” — innocent mail hosts being blocked for no good reason.

Solutions

1. Lightmeter Control Center checks your mailserver IPs against the most popular available RBLs and triggers Insights where blocks are detected. Read more about RBL Insights.
2. Lightmeter Control Center will recommend steps for RBL removal to unblock email sending where these steps are known and documented in the Mailops Knowledgebase (add your own recommendations if they’re missing here).