news
One year anniversary of the DBL brings a new zone
In this News Article
Jump to
5 March 2011: One year ago this week, The Spamhaus Project released a new spam-blocking advisory list for the world's internet users. Its focus was on the domain side of email filtering. Called the Domain Block List, the DBL has now been in worldwide use for a full year. The reported results have been excellent with the domain filtering ability of the DBL helping "clean up" most of what the front line IP-address based lists may miss - and as with all our data, having virtually no false positives.
The DBL design
Following in the footsteps of two other excellent domain blocklists SURBL and URIBL, Spamhaus tailored the DBL to work specifically in conjunction with our IP address based lists. We also added some of our own tweaks to the way the our domain blocklist functions. These include a very fast turnaround time from bad domain detection, to the domain being listed in our global blocklist system: 60-seconds! This makes it harder for spammers who register and use thousands of domains to get them by email filters during a lag in the domain blocklist zone being built.
Spamhaus also worked with SpamAssassin who released a version specifically with DBL support: SpamAssassin 3.3.1. This and newer SpamAssassin versions allow users to benefit from the DBL's special "wildcard" feature. Wildcarding defeats a trick spammers use called subdomaining. On one of their domains, they will create thousands of second-level subdomains (e.g. for example.ru, spammers could create spam1.example.ru, spam2.example.ru, spam3.example.ru, etc.). But with DBL wildcarding, once we detect example.ru as malicious, all its subdomains will also be reported to users as malicious.
These features help detect far more spam emails and help drive up the costs to the spammers as domains, even very low cost ones, must still be purchased. Behind the scenes, Spamhaus uses data produced by the DBL to alert registrars to the spammer domains. Over the past year, Spamhaus working in cooperation with these progressive registrars have been able to disable hundreds of thousands of spammer domains.
A New Problem...
Due to the success of ISPs and email providers in preventing inbox delivered spam from domains in the DBL and other domain blocklists, spammers have resorted to new tactic: Using URL shortening services (such as bit.ly, is.gd, goo.gl, t.co) to shorten (hide) the real spammer domain/URL with a legitimate shortening service URL.
There are hundreds or more of these URL shorteners (also called redirectors) on the web these days. The cybercriminal-type spammers have tracked down many of them and set up thousands of these short URLs to put in the body of their spams trying to avoid detection by the DBL and other domain blocklist systems.
The spammers also know that by using these legitimate services, ISPs and email providers will be less inclined to block them as it can cause false positives.
...brings a New Solution
One way to address this problem would have been to treat URL shortener domains the same way as any other spammed domain and include them in our main DBL zone. But, as mentioned, most of these URL shortener serve a legitimate purpose and are used in non-spam emailings. Spamhaus has always worked to avoid the blocklisting of assets that would cause unjustified false positives.
Many URL shortener services have worked hard to eliminate the abuse of their systems. Using several methods they are able to vastly limit the large scale creation of URLs by spammers. Sadly, others have ignored this issue and we continue to see their URLs in millions of spam messages each day.
The best solution was to give users a way to choose what they want to do with these spammed URL shorteners. Spamhaus created a new "URL shortener/redirector" zone in the DBL. By returning a specific code for this zone, filter designers and end-users of the Spamhaus DBL can decide what to do with the information. This may be to block fully, or to score email messages in a way to avoid false positives.
How to use the DBL
Please see our original DBL announcement and our DBL FAQ for information on how to implement the DBL and the new "URL shortener/redirector" zone.
| Some DBL statistics |
| Number of domains blocklisted by the DBL in 2010: |
| Number of domains (on average) in the DBL on a given day: |
| Number of domains added to the DBL on a given day: |
| Top seven most common TLDs and ccTLDs in the DBL: |
About Spamhaus
The Spamhaus Project is an international nonprofit organization whose mission is to track the internet's spam operations, to provide dependable realtime anti-abuse protection for Internet networks and to work with Law Enforcement Agencies to identify and pursue spammers worldwide. The number of internet users whose mailboxes are currently protected by Spamhaus DNSBLs now exceeds 1.4 Billion. Founded in 1998, Spamhaus is based in Geneva, Switzerland and London, UK and is run by a dedicated team of 30 investigators and forensics specialists located in 9 countries.
Article links:
- Approaching 100% spam block: Spamhaus releases the Domain Block List* The Spamhaus DBL* DBL FAQ (including notes for users and developers)
- SpamAssassin* SURBL* URIBL
table.contacts { width: 680px; background-color: #fafafa; border: 1px #000000 solid; border-collapse: collapse; border-spacing: 0px; }
td.contactDept { background-color: #ffcc00; border: 1px #000000 solid; font-family: Verdana; font-weight: bold; font-size: 12px; color: #404040; }
td.contact { border-bottom: 1px #6699CC dotted; text-align: left; font-family: Verdana, sans-serif, Arial; font-weight: normal; font-size: .7em; color: #404040; background-color: #fafafa; padding-top: 4px; padding-bottom: 4px; padding-left: 8px; padding-right: 0px; }