Posted on March 5th, 2010 at 5:07 pm by Eric Farson
Spamhaus has just released the newest block list to date. The Domain Block List (DBL) is Spamhaus’ newest feature, which allows spam filtering to be taken to a new level. The DBL is essentially constructed using the landing pages in the body of an email, which are based on domains and IP addresses. It is designed to work as a second stage of spam filtering, with the first filtering stage based on sender and source IP addressing information via Spamhaus’ Zen collection of block lists. Using these IP based block lists as the first stage prevents nearly 90% of spam from getting through to the mailbox. If the spam gets through the IP based filter, the spam needs to be further filtered, which is where block lists such as the DBL come into play.
The DBL is based on different domain criteria including the spam senders and sources, but it primarily uses the email landing pages, or the links that are contained within the body of the email message. This way, even if a spammer changes the source or sender IP address, the landing page or hyperlink is still associated with the same domain name or IP address. For years, spam filter software such as SpamAssasin has included URI and domain filters in its rule sets. Blocklists such as the SURBL and URIBL are currently being used with this software. However, unlike these blocklists, the DBL was designed to work specifically along side the IP address based block lists.
Updating itself every 120 seconds, the DBL system detects and lists spam in real-time. Using an automated system and Spamhaus project team members around the world, the database is maintained 24/7. There is no public interaction involved and no public spam reports will be accepted or processed. Spamhaus uses spam traps and email flow monitoring as their primary method to obtain spam-linked domains. DBL can be used with SpamAssasin 3.3.1, open source spam filter software due to be released in the near future.
The DBL is designed to work in conjunction with IP based blacklists such as Spamhaus Zen. The Zen collection of blocklists is used to filter incoming mail based on IP addressing information, rejecting nearly 90% of traffic. The second stage is where DBL comes in. If mail is able to sneak through using Zen blocklists, more in depth filters are used, which check the message bodies including the domains and IP’s of websites advertised in them. This is done using software, such as SpamAssassin, that scans the message bodies for URI and URLS and testing these against URI blocklists like the DBL, SURBL, and the URIBL. The DBL alone can eradicate between 60 -90% of spam. Remaining spam, after both spam filtration stages, should be reduced to less than 0.5% total, with 0% false positives.
3 Comments »