5

How does DNSWL work? It's clear to me when someone report a spam, but how can I gain a higher score/trust?

Do some companies report "good" servers? Or will the score go up with time without reporting spam to them?

mvorisek
  • 485
  • 6
  • 19

1 Answers1

8

DNSWL usually refers to DNSWL.org but can more generally refer to the DNS-based Whitelist concept itself, which is the reverse of a DNS Blocklist (DNSBL, a.k.a. DNS Blacklist, Blackhole List, or its original name of Real-time Blackhole List, RBL). On the commercial level, there are several providers of "IP Reputation" services that assign a score to most IPs that indicate its level of danger or safeness. SenderBase is one such service.

Different services will use different methods for determining whether or not to list an IP, and much of that is going to be a trade secret. Many DNS Whitelists (and all IP Reputation systems) are automatic, but DNSWL.org requires a submission in order to kick off the process (which I think must come from the IP owner), then basically uses spam traps and spam report systems to determine how clean the given IPs are.

From the DNSWL.org website:

Your email filter should try to avoid tagging messages as spam if they come from one of the good mailservers we list, which are assigned into one of four trust levels:

TRUST LEVEL   DESCRIPTION
High          Highly unlikely to send spam, and expected to be very 
              fast in remediating issues.
Medium        Rare spam occurrences, corrected promptly.
Low           Occasional spam occurrences, actively corrected but
              less promptly. This is the default for most categories.
None          These are legitimate mail servers, but they may also
              emit spam or have other issues from time to time.
              This is the default for some categories
              (eg Email Marketing Provider).

DNSWL.org, like most services that track good reputation, determines trust by looking at (a lack of) violations over time. A high volume mail relay without spam reports will slowly gain an increased level of trust. A low volume mail relay will likely never get better than "Low" in DNSWL.org's system.

Adam Katz
  • 869
  • 8
  • 16
  • I meant DNSWL.org, the question is what I can do to get higher score and if it will be automatically increased with via with no spam reports (or did the org. use also "white" reports). – mvorisek Jul 30 '15 at 18:49
  • DNSWL.org, like most of these lists, is merely an inversed blacklist. You really just need more time to prove you don't spam, though if you're low volume, you'll always remain of "Low" trust (I've added this to my answer). There are other [deliverability](https://duckduckgo.com/?q=email%20deliverability) tricks you can do (e.g. implement [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework), [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail), and [DMARC](https://en.wikipedia.org/wiki/DMARC)) as well, but at the higher levels, you need a professional service. – Adam Katz Jul 30 '15 at 19:43
  • I marked this as answered, thank you. If anyone has more information about how to get better score, you are highly welcome. – mvorisek Jul 30 '15 at 20:55
  • One more subquesting, do you think that specifying "mail" or "smtp" in ptr will improve the score, as the IP will than look as dedicated for email? – mvorisek Jul 30 '15 at 20:55
  • 2
    Ensuring that your `A` record (*not* a `CNAME`) points at an IP whose `PTR` record points back at the same host name and that your SMTP server uses this hostname in its `HELO` would help (this is called [FCrDNS](https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS)). I don't think "mail" or "smtp" would hurt (it might even help). I do know that it'll hurt to have a PTR that looks automatically generated (like _static-0-2-5.example.com_ for IP 192.0.2.5). – Adam Katz Jul 30 '15 at 22:48