The Spamhaus Project

news

Using our public mirrors? Check your return codes now.

by The Spamhaus TeamFebruary 11, 20215 minutes reading time

Jump to

Introduction

Back in late 2019, we advised of some new return codes for users of our public mirrors. We appreciate world events may have distracted you from this technical update. However, we will soon be implementing these codes and want to ensure these changes don’t cause you any serious operational issues.

A reminder

As of March 2021, we will begin the implementation of the following return codes:

Return codeMeaning
127.255.255.252Typing error in DNSBL Name
127.255.255.254Query via public/open resolver/generic unattributable rDNS
127.255.255.255Excessive Number of Queries

Please note that none of these return codes relate to the reputation of the query – they are error codes. You need to check that no application uses these codes to reject email or for any other blocking or filtering of internet traffic.

If you are not parsing these codes correctly, all query responses may be treated either as "LISTED" or "NOT LISTED." Both results are far from ideal, with a potentially disastrous outcome. To safeguard against this, check your Mail Transfer Agent (MTA) configuration now.

Additionally, while each of these error codes relates to a different issue, fundamentally, they have a similar outcome, i.e., you are not successfully querying the DNSBL. Therefore your email stream isn’t protected.

Why are these changes being implemented?

Spamhaus runs the public mirrors to enable small independent businesses and non-profit organizations to filter their email safely at no cost. With a network of servers spread across the globe, this significant DNS infrastructure serves billions of queries to the public every day, for free. However, as with all free things, it is open to abuse. Therefore, to protect the service for those whom it is intended, we are introducing these changes.

The return codes explained

127.255.255.252 | Typing error in DNSBL Name

This indicates that there is an error in the DNSBL name that is detailed in the code. Take, for example, 1.1.168.192.xen.spamhaus.org instead of 1.1.168.192.zen.spamhaus.org.

Why is a typo an issue? Where you input incorrect DNSBL names, you won't be querying the relevant blocklist and will return no reputation data.

What to do if you receive this code? Go back and review your configuration and check that all the DNSBL names are accurately entered.

127.255.255.254 | Query via public/open resolver/generic rDNS

If this code is returned, it indicates that you are making the DNSBL query via a public/open resolver or an IP address with generic, unattributable reverse DNS. Therefore the query is blocked, and it will return no reputation data.

Why is querying via a public/open resolver an issue? When you query the free public mirrors via a public or open resolver or an IP address with generic, unattributable reverse DNS, we can’t determine the volume of queries you are making. As a result, we don’t allow our DNSBLs to be queried via these means.

What to do if you receive this code? First and foremost - confirm that this code is not being used to reject email or for any other blocking or filtering of any internet traffic by any application. Here is information on how to correctly configure commonly used MTAs for use with our public mirrors.

If you want to continue using a public resolver, we suggest utilizing the free Data Query Service (DQS), managed by Spamhaus Technology. This service provides you with faster updates and requires minimal configuration changes. Here are further details on MTA configurations for the DQS.

To continue using the free Public Mirrors, you can query from a dedicated IP that has proper reverse and forward DNS to perform your queries.

127.255.255.255 | Excessive Number of Queries

This return code indicates that you made the DNSBL query via a DNS resolver that isn't conforming with our usage terms, i.e., is making an excessive number of queries. Consequently, the query is blocked, and it will return no reputation data.

Why are excessive query numbers an issue? As we've already touched on, this free service is for non-commercial use. We limit the number of queries made to the free public mirrors to secure high service levels for all its intended users.

What to do if you repeatedly receive this code? As with the previous return code, you need to ensure that it is not being used to reject email or for any other blocking or filtering of any internet traffic by any application.

Your needs (and query volumes) are commercial; therefore, we recommend trying the Data Query Service (DQS) managed by Spamhaus Technology, which distributes the data.

Next steps

We urge you to review your configuration. Confirm that any software querying the public mirrors can distinguish between the error codes detailed above and the valid reputational codes provided for our lists. By taking this action you should avoid any potential issues with your MTA rejecting all (or none) of your email as spam.

Check your logs regularly. Should you receive any of these error codes, please take the necessary action to rectify the issue and make sure that our IP and domain reputation data continues to protect your emails.

That’s all for now. Happy filtering!