There are several Internet organizations, possibly most prominently MAPS, who maintain lists of IP addresses that are known in some way to support spammers (having open relays, hosting Web sites, distributing marketing spamming software, etc.). If you operate a mail server, usually there is something in its configuration (e.g., Sendmail's rulesets) which can consult these lists, called "blacklists" or "blocklists," in an automated way when receiving a piece of mail. Usually this takes the form of a DNS lookup of a specially crafted name. For example, if MAPS discovers there's an open relay at address 10.20.30.40, they will put an entry for 40.30.20.10.relays.mail-abuse.org in their DNS servers. When your mail server is receiving mail, it calls the operating system to ask it what the IP address of the email client is, comes up with 10.20.30.40, then does a nameserver (DNS) query for the above string. If your mail server gets an expected response, it throws an error back to the email client, and refuses to accept the email. If instead it gets back an error (due to no record being there for example), it assumes the email is coming from an OK source and proceeds.

As a form of even more severe punishment, some of the blacklist organizations distribute Internet routing information (BGP data) that cause ALL IP traffic from these networks to be effectively discarded. Effectively, this forms an Internet "blackhole" (it's unreachable from your network).

Since many spams originate from "throwaway" dialup accounts, and sometimes DSL or cable modems, another list that MAPS maintains is a list of blocks of addresses (netblocks) which ISPs have assigned to their dialup, cable modem, or DSL customers. These are somewhat effective, but often perfectly legitimate emailers send email autonomously (that is to say, without using their ISP's email relay).

As long as you are the one running the email server, this can be effective. If your ISP receives and stores (or forwards) email for you, this will be of no use, because the address from which the mail will be coming is your ISP, and it's pretty much a given that your ISP won't be on the RBL (realtime blackhole list).

Unfortunately, MAPS has become a subscription service, but it may be worth it if you're doing this as a service to a group, such as your family or your house of worship. But there are a few different possibilities; use your favorite WWW search engine to look for "email blocking lists" or similar phrase.

got feedback? got feedback?

Any feedback you provide is sent to the owner of this FAQ for possible incorporation and shown publically as well.

by rchandra edited by Sarah
last modified: 2002-06-18 09:33:51