about DNSBLs

DNSBL (domain name system blackhole lists) use 'databases' to determine, whether the senders IP or domain name is a 'well known source' of spam.

Main advantage for the user (that's you!) is, that accessing these databases is quite fast and reliable. There is no need to set up 'message rules' or anaylze the message, just simply query the database.

The disadvantage are the various 'policies' of listing spam the DNSBL-list owners follow. These policies can be more or less strict, some are very conservative in listing, some are more aggressive. The aggressive ones might raise the number of false positives , the conservatives might let spam slip through Disruptor OL.

As a general solution I suggest not to delete spam but create a spam folder and let Disruptor OL move the messages into it. And then simply do a visual check every week and delete them after that...

To see what DNSBL caused the listing as spam, use the 'Check DNSBLs' function:

progressive cache handling

The default cache strategie is to save hits and misses for two days. This is a good compromise in speed and error (if a 'good' ip turns bad or vice versa).

Disadvantage is that the 'long term well known' spam sender IPs fade out of the cache with the same speed like the rare ones (that might be only abused for a short term due to a security hole).

Disruptor OL uses a progressive cache: rare and often spam-IP numbers don't expire the same speed anymore.

The expire time for frequent spam IPs is set to

ex = ( ln(CacheAdds)+1 ) * default hit cache expire

"CacheAdds" means the number of times the IP was added to the hit cache.

Non-spam-IPs always expire the same speed. Progressive data expires after 365 days.

Check DNSBLs

At the top you see all IPs Disruptor OL has found in the message, to the left you see all known DNSBLs. The green ones are currently active. Doubleclick onto a row to turn on/off the activation and don't forget to press 'OK' to save the results.

The red one is a DNSBL that seems to be not working (or it does not give the valid answer back when the 'are you alive?'-test is done). This is not a real problem, it does not lead to false positives . But it might slow down the fetching of results, if this DNSBL is active.

Read more about DNSBLs

List of All Known DNS-based Spam Databases
Blacklists Compared