Successfully accessing Spamhaus's free block lists using a public DNS
2018-07-04 10:00:00 GMT, by Barry Branagh
Do you utilise Spamhaus’s free domain name server block lists (DNSBLs)? Are you currently using Google’s Public DNS, or similar public recursive server? You may not be aware, but with this combination, every time you make a query to Spamhaus it will return a ‘non-existent domain’ (NXDOMAIN) which in this case means we are not providing reputation advice about whether or not to receive that email. Essentially this means that your spam emails will not be blocked by the queries you are running. Here’s why…
Why use a public recursive DNS?
There are a number of reasons why people choose to employ a public DNS resolver, such as Google Public DNS. Perhaps your Internet Service Provider’s (ISPs) recursive name server suffers from high latency, due to it being overloaded. Let’s be honest, given the competitive nature of this marketplace some providers have been known to ‘skimp’ in this area, in order to reduce operating costs.
Also, let’s not forget its ease of use. If you’re setting up an address to use as your DNS resolver, then 188.8.131.52 (one of Google’s public DNS resolver IP addresses) is one of the simplest numbers to remember.
So why don’t Spamhaus’s free DNSBLs work through some public DNS resolvers?
Regrettably we have had to block some public DNS resolvers because they can be exploited by some users to get more than their fair share of a free service.
Taking a step back
Back in 1998 when both the world wide web (w.w.w.) and Spamhaus were in their infancy, 3.1% of the global population were utilising the internet, according to data from the International Telecommunication Union. Fast forward 20 years and now 48% of the world’s population uses the internet. That takes the numbers from 188 million users in 1998 to 3,663 million users in 2017. This means that not only are the number of global internet users increasing at a phenomenal rate, but the number of those using Spamhaus’s free public mirrors is also dramatically increasing.
Sharing is caring
We believe in providing the public with threat intelligence for free; helping small independent businesses, schools and non-profit making organisations safely filter their email at no cost.
With a network of over 80 public DNSs spread across 35 countries, this significant international DNS infrastructure serves billions of queries to the public every day, for free.
But note that word ‘public’ in the above paragraph. This free service is intended to be available for those who are genuinely ‘the public’, fulfilling all of the following criteria:
- Use of the Spamhaus DNSBLs is non-commercial
- Your email traffic is fewer than 100,000 SMTP connection per day
- Your DNSBL query volume is fewer than 300,000 queries per day
Further details can be found at Spamhaus DNSBL Usage Terms.
Spamhaus understands that anything free is difficult to resist. Therefore usage is monitored of these free DNSBLs to ensure this resource isn’t being exploited. If an IP address exceeds the above criteria it is suggested the user pays to use the commercial DNSBL data feed service.
Yes, but why block queries from public recursive name servers?
It’s simple - public recursive name servers act as an anonymising service and enable large scale users to hide behind them. Given the lack of transparency and inability to identify those who are abusing the free service a difficult decision was made to add some public domain name servers to our access control list… ultimately blocking your query.
To quantify the issue, over a 24 hour period Spamhaus receives approximately two billion queries from, what could be argued, the most popular public recursive DNS. This is roughly 20% of the total number of queries made over the same period.
But I want to use both a public recursive DNS and Spamhaus’s free block lists.
Not a problem, as long as you meet the criteria detailed above. Spamhaus can provide you with free access to our DNSBL data feed, via a data query service (DQS), simply sign up for the DQS here. It’s straightforward and can be set up in a matter of minutes, and enables you to have access to our domain name server block lists, whilst still using a public DNS.
Any questions? Simply contact Spamhaus Technology.
Get in touch
Brian Krebs | Bitcanal - "Hijack Factory" Shunned from Web
Brian Krebs covers the Bitcanal "Hijack Factory" story which hit the news this week. In the article Krebs highlights that virtually all of Bitcanal's IP address ranges had been listed by Spamhaus.Read more
Doug Madory | Shutting down the BGP Hijack Factory - Bitcanal
This week sees Spamhaus featuring in the news again. Bitcanal, a notorious bad actor, who has continually hijacked Border Gateway Protocol (BGP) routes, has effectively been kicked off the internet. Doug Madory, Director of Internet Analysis at Oracle Dyn, takes an in-depth look at the story: Shutting down the BGP Hijack Factory.Read more
Connect with Spamhaus Technology
Keep up to date with the latest news at Spamhaus Technology.