2

While SMTP servers should not be on RBL, to ensure deliverability of emails, what about DNS servers themselves? Does it matter? I am asking this question because multiple Route53 DNS servers are on various RBL, mainly SORBS.

I understand that URIBL.com will blacklist domains with web sites hosted on VMs that are running in what the consider as "bad IP neighborhood", e.g.: blacklisting example.com if www.example.com is hosted in a "bad IP neighborhood".

Does the same apply to DNS servers?

BrightMorning
  • 21
  • 2

1 Answers1

1

The DNS Blackhole List (DNSBL) or Real-time Blackhole List (DNSRBL) is purely for fighting spam by listing IP addresses that have been sending unsolicited messages to honeypots or otherwise shouldn't be sending email. There are different kind of listings for different purposes (see e.g. SORBS Zones Available) and the administrators of the receiving MTAs should decide how aggressively they want to fight spam.

In all cases, it's always about whether to accept email from an IP address or not. The check is always done against the IP address of the sending MTA during the SMTP connection. The check itself has no effect to other protocols than SMTP. It's only used for denying email messages.

So how is DNS related? DNS is used for performing the queries from the blacklist database. For example when 198.51.100.20 tries to deliver mail and the MTA is configured to check against dnsbl.sorbs.net (Aggregate zone), a DNS query for 20.100.51.198.dnsbl.sorbs.net (IP address in the reverse order, list and the provider) is performed.

  • If the answer is NXDOMAIN (non-existing hostname), the IP address is not listed.

  • If the answer an IP, 20.100.51.198.dnsbl.sorbs.net A 127.0.0.x, the IP address is listed.

    SORBS Aggregate zone (as well as e.g. Spamhaus) happens to use different loopback addresses as return codes for distinguish different type of listings when combined into a single query. Single listings will usually respond with IP 127.0.0.2.

Therefore, it doesn't matter whether your DNS server is listed or not. It's normal that a DNS server may never be used for sending mail, and may also be deliberately listed in noserver zone.

Esa Jokinen
  • 43,252
  • 2
  • 75
  • 122
  • The question is not about how RBL works. The description that you gave is about how RBL works. The question is whether RBL operators do go to the extent of looking up where the DNS servers are located, and if the DNS servers are hosted in locations deemed to be undesirable (eg: "bad IP neighborhood), then list the IP addresses of the MX servers. It appears that this is the extent to which URIBL has gone to list domain names. – BrightMorning Aug 18 '17 at 07:34
  • It wouldn't have been nice to answer "No." without explaining, why. Also, `MX` records are for receiving mail, not for sending, so they are unrelated. The only DNS record affecting this would be [SPF](http://www.openspf.org/Introduction)'s `TXT` record, and it's a totally different test from RBLs. – Esa Jokinen Aug 18 '17 at 07:56
  • It has been a few years since when I originally asked this question. In the intervening years, it has been observed that some mail operators indeed consider whether the MX servers, DNS servers, the Web servers of the sending domain, are in an IP range that is not favored for whatever reason (such as being blacklisted). It may not be the original intention of RBLs, but this is indeed what has been observed. – BrightMorning Sep 17 '20 at 07:34