The most direct and effective way to effectively reject spam from Malicious spam source sites and/or from the exploited spam source site is to reject the connection from this source.
Theoretically, this may also reject normal emails from the site, which may cause the emails to fail to be delivered normally. However, we can do this for the following reasons:
Receiving emails from any source may cause the mailbox to be full of spam, which affects the performance and capacity of the mail server and brings about high bandwidth fees, in addition, the recipient is wasting unnecessary time processing the spam;
Filtering spam through programs not only technically cannot guarantee full reliability, but also brings a lot of load to the server;
Manual one-to-one sorting of mails is basically not feasible, not only from the workload, but also may bring about privacy issues;
By rejecting connections to Malicious spam sites, the actual volume of spam mails can be decreased, reducing the spam market and suppressing the development of spam;
By rejecting the connection of the source site of the spam, administrators of the site can fully recognize the consequences of the use and eliminate the conditions for the use.
Based on the above advantages and disadvantages, we believe that by putting the confirmed spam source site, whether malicious or not, into a blacklist Blackhole List ), then, releasing the list to protect the email server from being attacked by blacklisted sites is indeed an effective method to combat increasingly severe spam.
Currently, the most popular and promising real-time blacklist technology is Realtime Blackhole List (RBL. This technology is usually implemented through DNS query and regional transmission. Currently, several popular real-time blacklist servers are provided through DNS, such as RBL and RBL + of Mail-Abuse. There is no large RBL service in China. This site is about to release an RBL service ).
The real-time blacklist is actually A list of IP addresses that can be queried. You can use the DNS query method to check whether A record of an IP address exists and whether it is included in the real-time blacklist. For example, if you want to determine whether an address 111.222.333.444 has been blacklisted, then the software using the blacklist service will issue a DNS query to the blacklisted server, such as the cbl.anti-spam.org.cn), the query is like this: 444.333.222.111.cbl.anti-spam.org.cn does the record exist? If the address is blacklisted, the server returns a valid address, this address is 127.0.0.2. This address is used because the address segment 127/8 is retained for ring testing. Other addresses can be used for this address except 127.0.0.1, for example, sometimes 127.0.0.3 is used .). If it is not listed in the blacklist, the query will receive a negative answer.
Sometimes, because the email server is very busy and the query results are not cached, there will be a lot of queries on the blacklist server, resulting in slow query response. In this case, you can use the DNS region transmission to transmit data from the blacklist server to the local DNS server, and then query the local DNS server. Regional transmission can be set to manual update, Scheduled Update, or automatic update, depending on your application.
The DNS query and regional transmission of the blacklist server are not free to use. Some servers are available to anyone for query and regional transmission, while some are only available to specific users.
Currently, most mainstream email servers support real-time blacklist services, such as Postfix, Qmail, Sendmail, and IMail. Blacklist service provision and blacklist maintenance are provided and maintained by the blacklist service provider. Therefore, the authority and reliability of the List depend on the provider. Generally, most providers are organizations with international reputation, so the list can still be trusted.
However, because most blacklisted service providers are foreign organizations and companies, their blacklists do not effectively reflect domestic spam, therefore, there are few email providers using the real-time blacklist service in China. This is why we need to provide our own real-time blacklist service. We hope to provide a blacklist mainly targeting domestic spam status and dynamic address distribution to effectively curb spam.
We know that the most thorough, direct, and effective way to defend against spam is to reject all connections from Malicious spam source sites and/or exploitation of spam source sites. To this end, many anti-spam technologies in the world use the black List technology. Currently, the most popular black List technology is the real-time black List Realtime Blackhole List (RBL) technology.