Subscribe to RSS News Feed
About Spamhaus  |  Press Office  |  FAQs   
One year anniversary of the DBL brings a new zone

2011-03-03 09:51:00 UTC, by Steve Linford & the DBL team
Recent News Articles

Network Hijacking on the Rise

Subscription Bombing: COI, CAPTCHA, and the Next Generation of Mail Bombs

More Domain Stats: The 10 Most Abused Registrars

SBL/ZEN DNS lookups to return DROP/eDROP status

Spamhaus Presents: The World's Worst Top Level Domains

Verizon Routing Millions of IP Addresses for Cybercrime Gangs

Brazilian internet users suffer SoftLayer's security fail

Network under attack? You might be surprised where that's coming from!

Older News Articles:
Spamhaus News INDEX

5 March 2011: One year ago this week, The Spamhaus Project released a new spam-blocking advisory list for the world's internet users. Its focus was on the domain side of email filtering. Called the Domain Block List, the DBL has now been in worldwide use for a full year. The reported results have been excellent with the domain filtering ability of the DBL helping "clean up" most of what the front line IP-address based lists may miss - and as with all our data, having virtually no false positives.

The DBL design

Following in the footsteps of two other excellent domain blocklists SURBL and URIBL, Spamhaus tailored the DBL to work specifically in conjunction with our IP address based lists. We also added some of our own tweaks to the way the our domain blocklist functions. These include a very fast turnaround time from bad domain detection, to the domain being listed in our global blocklist system: 60-seconds! This makes it harder for spammers who register and use thousands of domains to get them by email filters during a lag in the domain blocklist zone being built.

Spamhaus also worked with SpamAssassin who released a version specifically with DBL support: SpamAssassin 3.3.1. This and newer SpamAssassin versions allow users to benefit from the DBL's special "wildcard" feature. Wildcarding defeats a trick spammers use called subdomaining. On one of their domains, they will create thousands of second-level subdomains (e.g. for, spammers could create,,, etc.). But with DBL wildcarding, once we detect as malicious, all its subdomains will also be reported to users as malicious.

These features help detect far more spam emails and help drive up the costs to the spammers as domains, even very low cost ones, must still be purchased. Behind the scenes, Spamhaus uses data produced by the DBL to alert registrars to the spammer domains. Over the past year, Spamhaus working in cooperation with these progressive registrars have been able to disable hundreds of thousands of spammer domains.

A New Problem...

Due to the success of ISPs and email providers in preventing inbox delivered spam from domains in the DBL and other domain blocklists, spammers have resorted to new tactic: Using URL shortening services (such as,,, to shorten (hide) the real spammer domain/URL with a legitimate shortening service URL.

There are hundreds or more of these URL shorteners (also called redirectors) on the web these days. The cybercriminal-type spammers have tracked down many of them and set up thousands of these short URLs to put in the body of their spams trying to avoid detection by the DBL and other domain blocklist systems.

The spammers also know that by using these legitimate services, ISPs and email providers will be less inclined to block them as it can cause false positives.

...brings a New Solution

One way to address this problem would have been to treat URL shortener domains the same way as any other spammed domain and include them in our main DBL zone. But, as mentioned, most of these URL shortener serve a legitimate purpose and are used in non-spam emailings. Spamhaus has always worked to avoid the blocklisting of assets that would cause unjustified false positives.

Many URL shortener services have worked hard to eliminate the abuse of their systems. Using several methods they are able to vastly limit the large scale creation of URLs by spammers. Sadly, others have ignored this issue and we continue to see their URLs in millions of spam messages each day.

The best solution was to give users a way to choose what they want to do with these spammed URL shorteners. Spamhaus created a new "URL shortener/redirector" zone in the DBL. By returning a specific code for this zone, filter designers and end-users of the Spamhaus DBL can decide what to do with the information. This may be to block fully, or to score email messages in a way to avoid false positives.

How to use the DBL

Please see our original DBL announcement and our DBL FAQ for information on how to implement the DBL and the new "URL shortener/redirector" zone.

Some DBL statistics
Number of domains blocklisted by the DBL in 2010: About 1.2 million
Number of domains (on average) in the DBL on a given day: Around 65,000
Number of domains added to the DBL on a given day: Varies between 3,000 to 9,000
Top seven most common TLDs and ccTLDs in the DBL: .info, .com, .ru, .net, .cc, .org & .tk

About Spamhaus

The Spamhaus Project is an international nonprofit organization whose mission is to track the internet's spam operations, to provide dependable realtime anti-spam protection for Internet networks and to work with Law Enforcement Agencies to identify and pursue spammers worldwide. The number of internet users whose mailboxes are currently protected by Spamhaus DNSBLs now exceeds 1.4 Billion. Founded in 1998, Spamhaus is based in Geneva, Switzerland and London, UK and is run by a dedicated team of 30 investigators and forensics specialists located in 9 countries.

Article links:

Spamhaus Information

Press Office
Spamhaus News Index
Spamhaus in the media
About Spamhaus
Spamhaus Official Statements
Article Information

Permanent link to this news article:
One year anniversary of the DBL brings a new zone

Subscribe to RSS News Feed
Spamhaus News Quotes

Permission to quote from or reproduce Spamhaus News articles is granted automatically providing you state the source as Spamhaus and link to the news record.
© 1998-2016 The Spamhaus Project Ltd. All rights reserved.
Legal  |  Privacy