arblcheck 1.4.2

arblcheck is a tool for checking names/IPs against DNS blocklists.
arblcheck is a tool for checking names/IPs against DNS blocklists.

There are many DNS-based email blocklists, each of which is handed the IP address of an email sender. It returns an indicator of "they're in the list"or "they're not in the list", and most of the time the "in the list" response causes our mailserver to drop the connection. No point in accepting mail from purported spammers, right?

The Open Relay Database, which lists IP addresses of computers known to be open relays. Being an open relay is highly correlated with being a middleman for spam, and we've found that rejecting mail from these servers not only reduces our spam load, but also creates an incentive on the open relay owners to secure their computers. We love ORDB.

There are plenty of other lists of varying utility and rates of adoption, but the benefits and drawbacks of any individual list are beyond the scope of this document. Here, we're only concerned about how to query a list, not evaluate it.

All of the blocklists we're talking about use DNS as their lookup mechanism: the IP address of the connecting server is converted into a domain name, and this name is used in a standard DNS name lookup. These are always based on the IP address of the sender, not on any part of the email envelope (such as From: or To: lines).

For instance, to perform an ORDB lookup of the mailserver located at 63.203.17.35 involves a DNS query of 35.17.203.63.relays.ordb.org looking for an A (address) resource record. If there is no such record, then this IP address is not "on the list", so the connection should be accepted. Note that the four octets of the IP address are reversed, la the in-addr.arpa mechanism.

DNS Blocklists have been around long enough to have "history", and some of the original lists have disappeared for one reason or another. This means that queries to lists that no longer exist return "no such domain", which is the same as "not on the list".

An effect of this behavior is that queries to lists that no longer exist (or to lists whose names have simply been misspelled) are not reported as any kind of error. This suggests that these incorrect queries could stick around for a long time, giving an inappropriate sense of confidence in the non-spam-ness of the incoming connections, not to mention the waste of resources asking questions that won't ever get an interesting answer.

Fortunately, there seems to be a de facto standard for asking "is this a valid DNSBL?", and that involves making a query for the IP address 127.0.0.2. This should always return an "it's on the list" value, and it can be done to verify that a particular DNSBL is working or not.

What's New in This Release:

Updated the DNSbl list (included SPEWS)

last updated on:
June 16th, 2008, 4:56 GMT
price:
FREE!
developed by:
Steve Friedl
homepage:
www.unixwiz.net
license type:
GPL (GNU General Public License) 
category:
ROOT \ Internet \ DNS

FREE!

In a hurry? Add it to your Download Basket!

user rating 13

3.3/5
 

0/5

Add your review!

SUBMIT