Distributed Server Boycott List
Online Advertising
Distributed Server Boycott List
The Distributed Server Boycott List is a
DNSBL
that lists
IP addresses of insecure hosts. DSBL can be used by server
administrators to tag or block e-mail
messages that come from insecure servers, often
spam.
The DSBL publishes its lists as DNS zones that can be queried by anyone on
the Internet.
Blocking
It is not possible for DSBL to block or intercept mail. E-mail is sometimes
blocked or bounced with a message referencing DSBL. These messages were not
blocked by DSBL; they were blocked by the administrator of the receiving
mail server, who chose to reject messages coming from a potentially-insecure IP
address listed by DSBL. See
DNSBL for a
description of how
mail transfer agents interact with these lists.
Methodology
DSBL lists IP addresses of hosts that are demonstrated to be insecure. DSBL
defines an insecure host as one that allows e-mail to be sent from anyone to
anyone else (normal servers only send mail from their own users to anyone else).
These types of servers are commonly abused by spammers, although DSBL does not
claim that the hosts have sent spam or have been abused by spammers; only that
they could be.
DSBL builds its lists by receiving specially-formatted "listme" e-mails
triggered by independent outside testers. DSBL itself does not test hosts for
security vulnerabilities. The independent testers use software that causes
insecure servers to send a message to an e-mail address monitored by DSBL. The
message includes a time-sensitive cryptographically secure cookie to
prevent servers from being listed by mistake. When a valid listme message is
received DSBL adds the IP address of the server that delivered the message to
one of its lists.
For these messages to reach DSBL the insecure server must have allowed anyone
(a DSBL independent tester) to send mail to anyone (DSBL's monitored address).
This proof-of-vulnerability is kept on file at DSBL's web site.
In addition to
open mail relays, DSBL lists hosts that were vulnerable to abuse due to
formmail bugs, open proxies, and other problems. Because the independent testers can use any
available method to trigger the listme messages, they can adapt to
newly-discovered vulnerabilities as spammers do.
The independent testers normally perform tests on hosts that have sent spam
to them. Thus many of the IP addresses listed by DSBL are the addresses of
servers that have been abused by spammers.
De-listing
For an IP address to be removed from DSBL's lists, the administrator of the
IP address must demonstrate "accountability" by first requesting, and then
responding, to a de-listing message from DSBL. The message can only be sent to
the postmaster or abuse desk of the listed IP address. The postmaster's e-mail
domain is determined by consulting
reverse DNS.
Until this accountability test is passed, the host remains listed. Thus it is
possible that some of the IP addresses listed by DSBL have been secured, but are
still listed because the administrator has not demonstrated accountability by
requesting and responding to a de-listing message.
Because DSBL does not perform vulnerability tests, the only criterion for
removal is this accountability test. It is entirely possible that hosts that are
de-listed are still vulnerable to abuse. If this is the case, it is expected
that the host will be re-listed by an independent tester the next time it is
abused.
Automated system and credibility
DSBL is a largely automated system. The de-listing process, in particular, is
an automated self-service web page.
Manual processes are not used to remove an IP address from the list, except
in rare cases where a bug in DSBL's software prevented a de-listing. DSBL's
operators believe that manual de-listing processes would undermine the list's
credibility.
Lists
DSBL currently operates three lists:
- unconfirmed.dsbl.org: The unconfirmed list contains IP
addresses of hosts that have delivered listme messages triggered by
anonymous or untrusted testers. DSBL does not recommend using this list as
part of a blocking system.
- list.dsbl.org: The trusted list contains IP addresses of
hosts that have delivered listme messages triggered by trusted independent
testers.
- multihop.dsbl.org: The multihop list contains IP addresses
of hosts that deliver mail for insecure servers. The servers in this list
may appear to be secure, but can be abused by spammers because they trust
other servers that are insecure. This category sometimes includes the mail
servers of large ISPs, and DSBL recommends using this list as part of a
message scoring system, not as a blocking list.
External links
Home | Up
Online Advertising, made by MultiMedia | Free content and software
This guide is licensed under the GNU
Free Documentation License. It uses material from the Wikipedia.
|