Home | Contact Us | Download | Support | Purchase | Shopping Cart | Products

Product List
  "This seems to have fixed the problem--thanks again for the great support!"
R. Dudley
  DNSbl - DNS Black List Spam Checking

Spam Checking
aspNetPOP3 has built-in spam checking using DNSbl servers. This brief summary will talk about checking messages for spam.

What is DNSbl?
DNSbl stands for DNS Blackl-ist or Block-list. It is a way of using DNS servers, as a database, to keep track of IPs that produce spam. Various organizations maintain these DNS servers for their own, and sometimes public, use. A listing of DNS servers that we tested can be found below.

How do you use it?
Basically you query one of these DNS server database, using the ip4r format. If the DNS responds with an agreed upon result, the IP address can be considered a source of spam.

Ok, so what does it really mean?
You grab the IP address an email came from, query a special DNS server, designated as a DNSbl, and the DNS server's response tells you if the IP Address is a previous source of spam. But we've done all the hard work for you.

How do you use the aspNetPOP3 DNSbl Features?
The POP3 object has a new property called the BlackListChecker and a new method called CheckBlackList. This object is responsible for DNSbl lookups and parsing. Basically you populate the BlackListChecker with the DNSbl servers of your preference (see some DNSbl servers below), and pass a message index to the POP3 object. Here are two quick code snippets:

static void Main(string[] args){
    POP3 p = new POP3( true, false );
    p.BlackListChecker = CreateChecker();
    //check to see if the message is spam
    bool result = p.CheckBlackList( 0 );
    Console.WriteLine( "Message 0 is considered spam: {0}", result );
static BlackListChecker CreateChecker()
    BlackListChecker blc = new BlackListChecker();
    //add a few DNSbl servers
    blc.AddDNSBlackList( "sbl-xbl.spamhaus.org", "" );
    blc.AddDNSBlackList( "dnsbl.sorbs.net", ",,,,,,,,,," );
    return blc;
Public Overloads Shared Sub Main()  
   Dim p As New POP3(True, False)
   p.BlackListChecker = CreateChecker()

   'check to see if the message is spam
   Dim result As Boolean = p.CheckBlackList(0)
   Console.WriteLine("Message 0 is considered spam: {0}", result)
End Sub 'Main
Shared Function CreateChecker() As BlackListChecker
   Dim blc As New BlackListChecker()
   'add a few DNSbl servers
   blc.AddDNSBlackList("sbl-xbl.spamhaus.org", "")
   blc.AddDNSBlackList("dnsbl.sorbs.net", ",,,,,,,,,,")
   Return blc
End Function 'CreateChecker

Other DNSbl Lists
Want some more listings of DNS servers? Here are a few more lists.

Below is a table of DNSbl servers. We recommend you visit the links listed below and determine the best DNSbl for your scenario  Some servers are extreme, and blacklist on the smallest infraction, while others take a while to get listed. If you are aware a DNSbl, not listed below, feel free to email us, so we can update the list.

NOTE: We have no affilation with any of the DNSbl servers listed below. We do not promote one over the other. If you are listed on any of these servers DO NOT EMAIL US. Contact the respective owner.
DNSbl Service Results Comments (taken from respective DNSbl website)

Lookup Server:
dnsbl.antispam.or.id We identify spam sources - whether intentional or not - at the time they are sending spam. Not before and not after.
Since knowing EXACTLY when a host is sending spam is as easy as sending people to Pluto, we decide to do the next best thing. We ESTIMATE when a host is sending spam or not based on the number of recent spam samples from that particular host.
Abusive Hosts Blocking List

Lookup Server:
dnsbl.ahbl.org - Open Relay - Open Proxy - Spam Source - Provisional Spam Source Listing block (will be removed if spam stops) - Formmail Spam - Spam Supporter - Spam Supporter (indirect) - End User (non mail system) - Shoot On Sight - Non-RFC Compliant (missing postmaster or abuse) - Does not properly handle 5xx errors - Other Non-RFC Compliant - Compromised System - DDoS - Compromised System - Relay - Compromised System - Autorooter/Scanner - Compromised System - Worm or mass mailing virus - Compromised System - Other virus - Other
The AHBL is a project of the Summit Open Source Development Group. It is designed to replace the old and no longer functional blackholes.2mbit.com (AKA Summit BL).
More Info www.ahbl.org
Blars Block List

Lookup Server:
block.blars.org Spam sending domain Multi-hop relay Dialups not in MAPS DUL Wants spam compainers to jump through hoops No working abuse address Hosts spamers web sites Hosts spammers email dropboxes breakin attempts
127.0.1.x sued or prosecuted DNSBL lister
127.0.2.x DOS attack
127.0.4.x supplier of spamware
127.0.8.x knowingly supports spammers
127.0.16.x Legal threats
127.0.32.x attempted mail relay exploits
127.0.64.x attempted formmail exploits
The BlarsBL is maintained by Blars at his wim. Use for any purpouse should be done at your own risk, and Blars is not responsible for use by anyone but himself.

In general, an entire netblock is added rather than just a single IP or customer of a larger ISP. (For example, if hugeisp has a /16 that they allocate a single /24 to spamcustomer, the /16 will be listed rather than just the /24.) An entire ISP may be added if they show a pattern of rejecting valid spam complaints for invalid reasons.
Blitzed Open Proxy Monitor

Lookup Server:
In opm.blitzed.org, the A record has an IP address of 127.1.0.x where x is a bitmask of the types of proxy that have been reported to be running on the host. The values of the bitmask are as follows:
WinGate 1
Router 8


Blitzed is an IRC network, and therefore the DNSBL was originally focused on and built from evidence of IRC abuse. Very quickly however it became obvious that spamtraps could provide just as much (if not more) evidence of open proxy abuse, and now more than 50% of our list content comes from spam.
Composite Blocking List

Lookup Server:
cbl.abuseat.org The CBL takes its source data from very large spamtraps, and only lists IPs exhibiting characteristics which are specific to open proxies of various sorts (HTTP, socks, AnalogX, wingate etc) which have been abused to send spam, worms/viruses that do their own direct mail transmission, or some types of trojan-horse or "stealth" spamware, without doing open proxy tests of any kind.

Lookup Server:
bl.csma.biz McFadden Associates professionally manages a number of high-volume Internet mail servers. These servers run software packages including MailScanner and SpamAssassin to scan all mail passing through these servers. Based on a number of algorithms, a "score" is assigned to each e-mail. Whenever a "high sscoring" SPAM is received--mail that is junk beyond reasonable doubt--it is filtered and its details recorded in this database. (For more information on MailScanner and SpamAssassin, see their respective websites.)

We currently maintain two databases: bl.csma.biz and sbl.csma.biz. The first database contains only aggressive hosts that have spammed repeatedly during a short timeframe. The second database is a bit more aggressive, recording all hosts that have generated spam within a 45-day period.


Lookup Server:
sbl.csma.biz The more aggressive of the McFadden Associates databases, recording all hosts that have generated spam within a 45-day period.

Lookup Server:
bl.deadbeef.com Why do I have a blacklist? Because I don't want to get spam from irresponsable ISPs. Basically, if there is no way to contact an ISP to report abuse, then they are auto-blacklisted.
Distributed Server Boycott List

Lookup Server:
  • (trusted users only):
    • single stage open smtp relays
    • open proxies allowing the CONNECT command
    • webservers using a non-secure formmail
Distributed Server Boycott List

Lookup Server:
  •  (trusted users only):
    • outputs of multi-hop open relay
Distributed Server Boycott List

Lookup Server:
  • open smtp relays
  • open proxies allowing the CONNECT command
  • webservers using a non-secure formmail
  • servers with unaccountable users, since a user of an ISP will be able to submit the mail servers of his/her own ISP for inclusion into DSBL; this will probably get many of the free email services and free ISPs listed, especially the unattentive ones that let spammers use their services
JAMM Consulting's spam blocklist

Lookup Server:
dnsbl.jammconsulting.com This blocklist is very aggressive and will likely lead to false positives. Anyone using it understands and agrees:
Anyone using this list does so at their own volition and JAMM Consulting is not liable for any outcomes from the use and/or misuse of this list.  If you disagree with this policy, do not use this list for any purposes whatsoever.

Lookup Server:
relays.bl.kundenserver.de When our mail cluster receives mail from a host, this host is scheduled to be checked for being an open relay (see http://mail-abuse.org/tsi/ for closer information on the subject of such unsecured mail servers and how to fix this security problem). Relaytest.kundenserver.de attempts to relay a mail via this host and as soon as the mail is received at relaytest.kundenserver.de, we'll list the affected host as an open relay.

Lookup Server:
This is a personal RBL, not intended for any specific usage. If you use this list, then use it at your own risk, as it's here for me to personally use to stop SPAM to my personal servers.. I do my best to not list any innocents, only legit sites that fit the categories below. Still I can't assure anyone of 100% accuracy.

Comments on the results

  1. Dial-Up/Cable/DSL IP Addresses. These are generally determined by manually looking at the reverse DNS names. If you have a real mail server in one of these blocks, please let me know so I can correct this list, but you will also be tested to verify you're not an open relay. Note that this list contains Cable Modems, DSL, Dial-Up netblocks. Being on this list does NOT mean you are a SPAMMER, it means you are connected to the net via DSL/Cable/Dial-Up Modem, and your DNS shows this to be the case. You *should* be using your upstream ISP's mailserver. So writing to us cursing that we are acusing you of being a SPAMMER and to remove you from this list will not get a reply. We don't force any ISP to use this part of the list, it's here for information only, people can do what they please with it.

    The IP returned by this list on a positive query is if you care to test for it specifically.
  2. Individual SPAM Sources. The addresses in here are gotten from E-Mail that I have received that was SPAM. If you have inherited such IP address space, please let me know and we will remove you, but should we get additional SPAM from your IP will be added back to the list.

    The IP returned by this list on a positive query is if you care to test for it specifically.

  3. Bulk mailers that don't require confirmed opt-in from their customers, or that have allowed known spammers to become clients and abuse their services.

    The IP returned by this list on a positive query is if you care to test for it specifically.

  4. Single-Stage Open Relays that are not listed on one of the other active RBL's.

    The IP returned by this list on a positive query is if you care to test for it specifically.

  5. Multi-Stage Open Relays. chains that have sent spam to us, and are not listed on of the other active RBL's.

    The IP returned by this list on a positive query is if you care to test for it specifically.

  6. SpamBlock Sites Sites on this listing have sent us direct SPAM, but when looking up the rDNS information on the spam's IP, we realize it's an entire Class-C that has NO DNS mappings as well. So as it's a range with identified SPAM, and no way to isolate the range, we block the entire block.

Lookup Server:
relays.nether.net Any host that sends e-mail to an invalid username @ puck.nether.net or @nether.net is tested to insure that it is not an open-relay. due to the proliferation of spam due to open-relays we have found this to be a necessity.
NJABL Not Just Another Bogus List

Lookup Server:
dnsbl.njabl.org - open relays - dial-up/dynamic IP ranges - Spam Sources - Multi-stage open relays - Systems with insecure formmail.cgi - Open proxy servers
NJABL.ORG is Not Just Another Bogus List. This effort began out of frustration with the amount of spam coming into our networks and with the lack of options for an existing dnsbl with policies and stability we could live with.

Lookup Server:
relays.ordb.org ORDB.org is the Open Relay Database. ORDB.org is a non-profit organisation which stores a IP-addresses of verified open SMTP relays.
Passive Spam Block List

Lookup Server:
psbl.surriel.com An easy-on, easy-off blacklist that doesn't rely on testing and should reduce false positives because any user can remove their ISP's mail server from the list.

Lookup Server:
rbl.rangers.eu.org see TXT record spam source spam supporting ISP dynamic IP range, dial-up or DSL line with randomly assigned address multistage open-relay abusable web2email gateway abusable unconfirmed subscription other spam source virus/worm source misconfigured anti-virus scanner sending false notifications
IP addresses and ranges are listed based on spam received by users of several mail servers and a number of published and unpublished spamtraps (reactive listings) as well as publicly available evidence of spammer operations (preventive listings). No nominations are accepted.

Lookup Server:
sbl-xbl.spamhaus.org The SBL is a realtime database of IP addresses of verified spam sources (including spammers, spam gangs and spam support services), maintained by the Spamhaus Project team and supplied as a free service to help email administrators better manage incoming email streams.

Lookup Server:
dnsbl.sorbs.net - Spam and Open Relays - Open SOCKS servers - Open Proxy Servers - Open SMTP Relays - Sent SPAM to SORBS admins - Vulnerable Lists - Blocks - Network Hijacked - Dynamic IP - Bad DNS Setup - No Mail Should be Sent from this Domain
SORBS is an acronym for Spam and Open Relay Blocking System. This is not strictly accurate as a description though, as it stops Open Proxy servers and machines that appear to be hacked sorces of spam, as well as Open Relays.

Lookup Server:
blacklist.spambag.org This is the traditional distribution method, via a DNS zone. The DNS zone is blacklist.spambag.org. It is suitable to be used as a typical E-mail filters, and most popular mail servers already have the ability to access DNS-based lists.

Lookup Server:
bl.spamcannibal.org SpamCannibal is a free software toolkit to help stop DoS attacks, UBE (Unsolicited Bulk Email), UCE (Unsolicited Commercial Email), and other spam from reaching your network and your mail servers.

Lookup Server:
bl.spamcop.net This blocking list is somewhat experimental. This system and most other spam-filtering systems should not be used in a production environment where legitimate email must be delivered. Many end-users and administrators have decided that risking the loss of legitimate email is worth the benefit of blocking most spam. As a result, this list is now used widely and it's reputation for blocking spam while reducing the risk of erronious blocking is growing.

Lookup Server:
l1.spews.dnsbl.sorbs.net The SPEWS Level 1 & Level 2 data can be accessed from their multi-zone spam prevention database (l1.spews.dnsbl.sorbs.net / l2.spews.dnsbl.sorbs.net). Use of their system is also free.

Lookup Server:
l2.spews.dnsbl.sorbs.net A less strict list of l1 (contains all of l1's entries).

Lookup Server:
blackholes.uceb.org The address is known to us as an open SMTP relay server. The address is known to us as a host that has sent spam in the past. The address is known to us as part of a network of spam originating hosts. The address identified as dial-up host that has sent spam in the past. The ISP that holds this address is not willing to undertake any actions against spam or does not answer spam complaints. The holder of this address asked us not to test the SMTP servers open relay status. The address is known to us as a host that has sent spam in the past and fakes the SMTP head to prevent domain name based spam
In late summer 2001 I started a new blackhole list of sites that send SPAM to me. I add any IP addresses of mailservers that are used to send SPAM, mailservers that are used as relay to send SPAM and mailservers of organizations that support or even make money with sending these floods of commercial emails!

I am a "hardcore spam blocker". My motto is: first block the access, then talk. If I recevie a SPAM mail I add the senders address to my list without informing any abuse@ or postmaster@ accounts or ISP's who own the address.
WPBL - Weighted Private Block List

Lookup Server:
db.wpbl.info WPBL is a fully automated real-time blocklist that uses distributed mail sightings from many users to list IP addresses that are relaying spam. Our goal is to list individual IP addresses that are actual spam sources as judged by highly accurate statistical (mostly bayesian) filters running on real email accounts.

The box is not shipped. aspNetPOP3 is a downloadable product.