Fun with RBLs / DNSBLs

Posted: 23rd December 2011 by Seth Killey in Nerdy Stuff

In the past I’ve filtered inbound e-mail using a commercial on-premise software program, and later I used Postini for filtering before it reached my firewall.  However, I’ve realized that doing so is for suckers because it really is pretty easy to block SPAM nowadays.  Of course, if you host your e-mail with a cloud provider this may not be an option, but for those of us still running Exchange in-house here are some notes on my implementation.

First off, my firewall subscription includes an anti-malware scanner for e-mail so that’s a simple check box.  What really takes some research is deciding on which RBLs to use.  Prior to using the firewall as an MTA, I filtered mail using a Linux solution involving Postfix, Amavis-new, ClamAV and SpamAssassin.  This worked remarkably well, but I never felt comfortable with all the moving parts.  However, I did use the logic built into SpamAssassin to decide trustworthy RBLs.

If you go to you can see a list of RBLs or DNSBLs used by SpamAssassin.  Of those listed, I use the following:

  • Spamhaus – specifically which I have found to be the best in terms of identifying SPAM without the false positives.  If you stop with this service alone you’ll be in pretty good shape.
  • SORBS – (update: I have since removed this listing due to false positives)

A couple more useful tools when deciding on an RBL:

  • Curious about which RBLs get the best results?  Check this website
  • Worried your IP may be getting blocked by an RBL?  Check this website