What DNS blacklists do you use?

[mtindor]

Just wondering what DNSBLs, if any, people are using with their Cpanel setups - Specifically I'm talking about using DNSBLs to reject from suspect spam sources during SMTP.

I've been doing web hosting for about 10 years now, and it has always been a catch-22 using blacklists to reject incoming connections when you have a lot of business accounts that you are hosting.

It's one thing to host a 5 gaming clan websites for 4.99 a piece and using 5 blacklists to reject from suspect spam sources without your customers knowing.... But, what if you have 500 customers on a server and they are businesses. Is anybody considernig any blacklist these days 'legitimate' enough to reject during SMTP based upon the sender IP being in a DNSBL? If so, what DNSBLs are you using?

Zen.spamhaus.org and bl.spamcop.net will absolutely cause you to reject legitimate mail more than just about any other blacklist. Then again, they are also the most effective against rejecting spam.

Any others that do a decent job that would generate less false positives (for servers in the US with accountholders in the US) ?

Would just like to see some people's opinion. I'm mostly interested in hearing from those who host a _lot_ of accounts, with many being businesses.

Mike

 

[Infopro]

Zen.spamhaus.org and bl.spamcop.net will absolutely cause you to reject legitimate mail more than just about any other blacklist.

I disagree. Do you have any facts to back this up? I'd be interested in knowing why you say this.

 

[mtindor]

I disagree. Do you have any facts to back this up? I'd be interested in knowing why you say this.

You didn't answer my question. And this isn't the presidential election. What blacklists do you use to block potential incoming spam sources during the SMTP phase? Do you ever get complaints from your customerbase regarding this?

My feelings come from personal experience of working for 8 years at a 25,000 customer regional ISP - and seeing for myself that employing those lists does indeed end up blocking legitimate mail. Zen - with the addition of PBL specifically, you end up blocking mail from entities who are running legitimate mail servers on their IP space that is mislabeled as dynamic IP space - or maybe they have generic rDNS in place. Sure, some of us jump through hoops to abide by as many of the best practices in mail that we can, but not everybody has a staff dedicated to doing that nor the resources. So you end up using certain blacklists that group certain IP space as bad even if the user of that particular IP space isn't one of the bad apples.

Look at IP space listed on the SBL - sure, administrators of mail servers should take steps beforehand to ensure that the place where they are going to run a mail server doesn't have their IP space blacklisted... but it's not always possible, or the homework is not always done beforehand. So who pays the price? That legitimate mail server operator who just happens to be stuck on 'bad' Ip space.

Sure, depending on the list, you can often get delisted pretty quickly by meeting certain criteria, but that doesn't stop those servers from being listed initially and thus being blocked - all it takes is one mail not getting to the destination to cause a company to bark loudly about the practice of rejecting their mail based what you believe is a spam threat.

Over the course of now 10 years at a company, I can say that I have had to make countless whitelisting exceptions for legitimate mail that was being blocked by spamhaus. I've had to explain to hundreds of people, if not more, why mail from their business acquaintances, friends, family, etc. are being rejected instead of being delivered to their mailbox. It's not always an easy sell.

I personally support Spamhaus 200% - and for our own company mail I have no problem rejecting during SMTP. But when you go the extra step and start rejecting during SMTP for all of your customers without them understanding completely what is happening and how you are potentially causing them to not receive legitimate email, that's when problems arise.

So, we currently do not reject during SMTP based upon the existence of any IP in any blacklist when it comes to our webhosting customers. We did it four our dialup/broadband customers who had email addresses within our domain - But we don't do it for our hosted domains owned by our customers unless they would specifically ask for us to do so.

Mike