|
FAQ – General questions |
|
The section is under development.
If you have suggestions or questions that should be covered in this section, please mail us to Contact .
|
|
If an IP-address of your server got into our blocking list, then before mailing us about it, make sure that:
It is important to remember that the following key settings should be performed:
-
- «PTR» record to inspect the Reverse zone (Reverse Resolve).
- «A» record to confirm the involvement of the host to the domain.
- Registration of Name and/or IP-address of the host in «MX» and/or «SPF» domain records for delegation of authority to send emails.
- If the domain is set correctly and doesn’t have a reputation of a domain which sends SPAM, our system automatically releases blocking within 1-2 hours.
- If unblocking did not occur or you wish to feel safe, you can request an update of information about your domain through the appropriate form on the page Service.
False blocking is possible for two reasons:
- Information on your domain is outdated or is absent in our database. If the domain settings correspond to our recommendations, then soon after the database updating, your addresses will be unlocked.
- Blocked address is not declared as an email server or trusted Relay of your domain. Such blocking we do not consider as false, it is a reflection of the email policy of your domain. The address will not be unlocked until revision of the email policy by the domain administrator.
.
Access to the database RBL (DNSBL) is only available through RBLDNS service.
The reasons:
-
- The e-mail address database has more than 2 million records and a volume of 50 Mbytes. The vast majority of software applications are not designed to work with "Black lists" of this size.
- Database of locked addresses and networks quickly becomes outdated. The database update is performed every 1-2 hours.
.
If you compare our service with similar RBL/DNSBL services, you can note the following key differences:
- We don’t create "meaningless and useless entities" in the form of databases with different "shades of gray".
-
- We don’t publish variations of WL, DUL, ZOMBIE, SOCKS, PROXY, etc., which pose a serious problem for an administrator, the problem of choice: "It is difficult to estimate scope, criticality and effectiveness of each of them." Because finally a simple result is needed: Yes or No. For whatever reason, an IP is locked and the case is that: "Either we trust the service, or do not use it."
- The more services are used when checking, the more requests must be sent to make a decision, and this affects the time of e-mail messages delivery. As a result, the number of connections on the receiving end increases and the e-mail messages queue on the sending end grows, too. In addition, with each additional item in the check list, the probability of interruption of e-mail message delivery through Time-Out increases.
- We did our best to simplify and unify the rules of Locking and Unlocking addresses, which are detailed in our recommendations and architecture.
- Our service is maximally loyal to the users.
-
- If your e-mail address has been locked for any reason, is absent in our database (a new domain), you have ported your servers or services, etc. circumstances. But at the same time you meet all of our minimum requirements for setting up a domain and e-mail addresses, your e-mail address will be unlocked automatically. Many users and administrators who faced the fact of IP-address locking by our service have obtained a solution (IP Unlocked) even before they began to perceive it as a problem.
.
Comparing the service with alternative solutions and systems based on the analysis of e-mail message content, we can note the following key differences:
-
- The initial setting can be reduced to a single record in the MTA configuration.
- In its simplest use, installation and setting of additional software is not required.
-
- All check is limited to a single DNS request, the duration of which rarely exceeds 100 ms.
- When you use our service in the "blocking" mode, when the email server refuses to accept an e-mail message with a negative result of the check of the sender’s IP address:
-
- The activity of SPAM systems (BotNets) in relation to your domain is dramatically reduced. After only 2-3 weeks from the time you start using our service, you will notice a decrease in the number of attempts to deliver SPAM to your server 3-8 fold. This gives a positive effect, which can occur only in the temporary unavailability of our service, you will not notice a sudden large amount of SPAM, just because your domain became not interesting for SPAMmers.
- A user or an administrator of locked address receives a notice about impossibility of e-mail message delivery almost immediately after it has been sent. This allows identifying the problem quickly and beginning to solve it. The availability of recommendations on our website allows you to understand the cause and eliminate it.
- We draw your attention that our service, in contrast to filtering systems which are based on analysis of an e-mail message content, does not eliminate manifestations of the SPAM problem and solves the problem itself, at least for your domain.
.
All these differences, in our opinion, simplify the use of the service and increase its effectiveness.
.
DNSBL — is a DNS BlackList or DNS Blocking List. A list of addresses of locked hosts provided by the DNS service. It is a progenitor of all xBL services.
RBLDNS — is a Realtime BlackList DNS or Realtime Blocking List DNS. A list of addresses of locked hosts changing (adapting) in real time (not less than once daily) and is provided through the DNS service. It differs from DNSBL in higher rate of reaction to changes.
RRBL — is a Realtime Reputation BlackList or Realtime Reputation Blocking List. A list of addresses of hosts with a dubious (not verified) reputation, changing (adapting) in real time (not less than once in 2-4 hours) and is provided through the DNS (DNSBL) service.
DNSBL, RBLDNS and RRBL — are three very similar to each other services. The key difference is only in the process of formation and frequency of updating lists of locked IP addresses, and as a consequence, the speed of reaction to changes in the Internet.
What are RBLDNS, DNSBL and RRBL used for?
The main purpose of RBLDNS, DNSBL and RRBL services is maintenance of IP-addresses database from which it is not recommended to receive emails. The access to this database is provided by means of DNS protocol. To put it simply, it is AntiSPAM.
.
Many people who faced the problem of SPAM, wondered:"Why, with all the variety of ways and means for SPAM blocking, the problem does not lose its relevance up to the present day?" . There are three reasons:
- The FIRST reason: to ensure their mutual compatibility all e-mail servers (MTA - Mail Transfer Agent) share the same principles of email processing, i.e. standards prescribed in RFC-772, RFC-780, RFC-788, RFC-821, RFC-974, RFC-1425, RFC-1651, RFC-1869, RFC-2821, RFC-5321 for basic SMTP protocol of e-mail operation (SMTP - Simple Mail Transfer Protocol). More detailed information about the operation of SMTP you can get here. If to describe the principle laid in this protocol in one sentence, it would be read like this: "If the addressee exists, the email message must be delivered.".
- The SECOND reason: the fundamental principles that are laid in the technology of e-mail operation have become the main reason for the appearance of SPAM problem; it became necessary to create tools to deal with it, regardless of the standard of the SMTP protocol:
- Access lists (ACL - Access Control List) became the first and the simplest technique, but with the growth of the Internet, they began to reach a huge size and their individual update manually ceased to bring an acceptable result.
- In the second step of antiSPAM process there were laid foundations of senders verification for their trustworthiness, such foundations include: inspection of the Reverse zone (Reverse Resolving), check of a sender's address on its existence and several other technologies. They all saved from SPAM for a very short period of time. Soon it became clear that all these protection technologies are becoming more resource consuming and begin to interfere with each other.
- As a result, there appeared a new line of SPAM filtering, External Filters for email servers. Because of their flexibility, they began to be used not only to filter out SPAM, but also to check email by Anti-viruses, etc. Taking into account that External Filters process received e-mail messages, the decision about the "quality" of mail is a result of the analysis of:
- content of e-mail (syntactic and logical analysis of the content).
- service information hidden in the e-mail message header (system information hidden from the user).
To date, the syntactic analysis becomes not very effective or very resource-consuming for the servers, because SPAMmers use international transliteration, pictures and other tricks. Low efficiency of External Filters together with the analysis of content in its pure form is caused by the fact that for making a decision a template is needed, i.e. an e-mail message must reach a certain number of recipients until gets into the system which creates templates, trapping mailbox, and by the time of the templates update, the message is usually modified to bypass filters.
- The THIRD reason: To ensure an acceptable level of performance, most of SPAM filtering systems, especially with logical analysis of email messages, require ample resources and extensive infrastructure. As a consequence, they are supplied to customers on a paid basis only, and very often as a part of a more complex product, such as anti-virus. What difficulties this can create:
-
- Very often, a limited list of supported platforms and software. That limits the choice of solutions, or forces to adapt an existing infrastructure of the company according to it.
- To analyze the content of an e-mail message, it must be accepted, and this fact is considered by most SPAM systems as a successful delivery, and their interest in the domain is kept. As a result, the problem is not solved, only its manifestations are eliminated.
Those who cannot afford commercial solutions have to be satisfied with the systems in free access with the efficiency of up to 60-70%. With a combination of several tools and techniques and highly skilled administrator the efficiency can reach 80-90%, with very substantial costs on productivity and speed of email delivery. As a rule, the parity is achieved at the level of 60-75%. This situation only fuels the interest both of the customers and SPAMmers.
.
.
Summarizing all the above, a natural question arises: "What way of controlling SPAM can be considered as the most reliable and effective?".
The answer suggests itself; a filtering method must meet the following requirements:
- High processing speed and / or low resource consumption. To minimize the delays during delivery of email and to reduce requirements for system resources of an email server.
- Efficiency of updating of criteria (signatures) for locking SPAM-email.
- Difficulty of bypassing a lock.
- Simplicity of administration, both during the initial setup and during operation.
It is obvious that all these conditions can be met only by a system based on Reputation lists (in our understanding, RRBL - Realtime Reputation BlackList). Here are its main characteristics, which fully meet the above listed requirements:
- For publishing the RRBL (RBL) the DNS service is used, which ensures fast speed of response.
- An update of the database can be performed practically in real time. Currently, our service updates the database with a period of 1-2 hours.
- It is not possible to bypass the service, because the decisions on locking emails are taken only on the basis of the reputation of host IP-address. Thus, if any host on the Internet has proved itself as a SPAMmer and got into the RRBL (RBL), then from that moment all emails sent from its IP-address are not considered as trustworthy and is blocked. So, neither changes in the content and structure of email will allow cheating the blocking system.
- The use of this method is extremely simple. The majority of modern email servers (MTA) support the DNSBL technology in the basic configuration.
In spite of all the advantages of the RRBL (RBL) technology, it is necessary to pay attention to a number of limitations that cannot be classified as the shortcomings of the technology itself.
- Basic understanding of the technology of email operation by the administrator of the email system.
- Fulfillment of minimum recommendations at initial setup of the email system of a domain, as well as their implementation at its further development.
- Respectful relationships between administrators of email systems. A position "If you received SPAM from my email system, it's entirely your problem, and if I have been locked, then be so kind to register my server in the White List." – is not allowed.
To estimate your chances of getting into our list of unreliable addresses and networks, we recommend you to read "Basic principles of formation of the RRBL (RBL)". See below.
.
Before starting to search and select the RBL/DNSBL service for your email server, you need to formulate the tasks to be resolved:
- What percentage of SPAM you want to filter. They usually say: "The more, the better." But if you look at the situation objectively, then SPAM filtering over 70% often is only possible by commercial solutions, or by significant time expenditures from the administrator. Our service allows you to achieve the required quality of filtration, and besides it is free.
- What is the allowable percentage of false positives? Not only the fact of false positives is of great importance; it is inherent in all methods of filtering. Time required to solve this problem not only from your side, but also from the side of locked address must be considered as well.
- The number of services that you can add to the check list. This parameter is usually highly dependent on the individual characteristics of the system and rarely exceeds reasonable 8-10 records. By the way, many admirers of our service use only 1-3 records on their servers.
.
Where to search?
.
How to search?
- This is a routine procedure. On the basis of received SPAM messages we prepare a list of IP-addresses from which they were delivered and check each of them on the Multi-RBL service. We draw up a list of services which provided the greatest percentage of blocking.
.
ATTENTION: Do not forget to check, at least selectively, IP-addresses of email senders that are important for you and your company. This procedure, for some reason, is performed by few.
ATTENTION: If our service made a false block, it's not a reason to stop using it, try to perform another check of erroneously blocked address in 1-3 hours. In 90% of cases the false block is released automatically.
.
If to describe the essence of the service in one sentence, "We keep a database of IP-addresses and domains of all known to us trustworthy Internet mail systems – a list of hosts with proven reputation.".
At formation of the RRBL (RBL), we follow the following harmonized principles:
- All hosts and networks from the Internet are potentially hazardous (potential SPAMmers) – non-confirmed (dubious) reputation.
- From the list of potentially dangerous networks free networks are excluded (networks listed in the pool of free networks of registrars) – undetermined reputation.
- From the Blocking list there are excluded all IP-addresses of hosts and networks with proven reputation , responsibility for the correct operation of which was taken by the domain (domain administrator), which:
- belong to a mail system of any Internet domain, i.e., are registered in the DNS zone of the domain (MX records).
- are declared as trusted relays (network of relays) and registered in the DNS zone of a domain (the so called the SPF-records), see recommendations.
- ATTENTION: Even if a domain is configured in accordance with the recommendations, but from IP-addresses declared in its DNS zone SPAMming was fixed (based on numerous complaints of users of our service or receipt of SPAM emails to trapping email addresses), the email address will be blocked in a compulsory way.
- ATTENTION: Exclusion of an address from the compulsory blocking is performed on the basis of a written application via a contact form on a first-come, first-served basis (processing time is not regulated). Is possible to exclude the addresses from the compulsory blocking with an interval of 90-120 days before appearance of grounds for its another compulsory blocking.
- ATTENTION: If a DNS zone of a domain for a long time contains hosts and networks with a dubious reputation (SPAMmers) in the list of "trusted", the DNS zone of this domain is placed into the STOP list and excluded from the analysis by our system.
.
Thank you for understanding.
.
.