Relay Security and Blocking Lists

As spamming techniques evolved to become more effective, various techniques have been developed to fight it. One popular technique is called Domain Name Service Blocking Lists (DNSBLs). This technique is sometimes referred to as Real-Time Blackhole Lists or Relay Blocking Lists (RBLs). These lists are used by administrators to report open relays and systems sending spam to a centralized repository holder. Keep in mind; RBLs do not just include e-mail systems as described above. In addition to open relays, there are RBLs for open proxies, Uniform Resource Indicators (URIs), and more.

Open proxies are becoming a larger part of the spammer arsenal; therefore, administrators must account for these RBLs as well (not just open relay lists). Organizations can subscribe to the RBLs and configure MTAs to reject any e-mail from a system listed in the RBLs. For those administrators whose networks end up listed on RBLs, the process to be removed can be difficult and tedious . First, the e-mail server must be secured so that it no longer allows open relaying. Second, the administrator must generally apply to be removed from the RBLs. Today, this is typically automated; however, this wasn't always the case and sometimes delays for removal were inevitable. Being part of an RBL meant subscribers to the RBL would not receive e-mail from your entire organization. As one can see, it is very important to successfully secure e-mail infrastructure to avoid these issues.

Uniform Resource Indicators or Universal Resource Indicators (URIs) are resource addresses generally used to identify resources found on the Internet, also known as Uniform Resource Locators (URLs). URI RBLs differ from other RBLs in the fact that a system is not included in these lists because it was found to relay. Systems (or IP addresses) found in URI RBLs are systems whose IP addresses are found within the message bodies of known spam messages. The goal of URI RBLs is to disassociate your organization with any systems known to participate willingly or inadvertently in the spam community. The systems included here do not necessarily have to send the spam; they just have to be identified somewhere throughout the spam process (that is, in hyperlinks included in the message body).