F.A.Q. Tweaking DNSBLs

Tweaking DNSBLs

Q Understanding the different types of DNSBLs

Currently there are three DNSBL-groups in Disruptor OL:

  • common DNSBLs
  • blackholes.us
  • countries.nerd.dk

The common DNSBLs can be used for the usual blocking job: they list 'well known spam sending IPs'.

'blackholes.us' is a DNSBL that groups sender IPs by different aspects: location based or provider based. So if you decide to block all mails coming from Wanadoo (a large France ISP), simply check this DNSBL.

'countries.nerds.dk' has the same intention like 'blackholes.us', but is a little more detailed and completely...

Be warned: both list IPs regardless whether they really send spam or not.

Q How to choose the DNSBLs?

Not easy to plan if you are new to all those things. It depends on your situation and where the mail you get comes from.

My general rule for those people: Don't turn any DNSBL on but wait until the first Spam arrives. Than use the 'Check DNSBLs' tool and choose a DNSBL that would catch this Spam.

Q DNSBLS don't hit, but 'Check DNSBLs' does. Why?

There is a small but important difference between those two functions: the spam checking function is cached but the 'Check DNSBLs' is live.

So in rare cases you get Spam from a source that was tested 'good' the day before. By default, the cache holds items for two days, so this is a really rare exception. I don't suggest to lower the cache save time, because it raises the load at the DNSBL-servers.