DNS Blocklist (DNSBL)
What is DNS Blocklist (DNSBL)?
DNS Blocklist (DNSBL)A DNS-based mechanism described in RFC 5782 that lets mail systems query a list of IP addresses or domains known to send spam or malware and apply blocking, scoring, or routing decisions.
A DNS Blocklist (DNSBL) — also called a Realtime Blackhole List (RBL) — exposes a list of bad IPs or domains under a DNS zone such as zen.spamhaus.org or bl.spamcop.net. A receiver reverses the IPv4 address, appends the zone, and performs a DNS A query: a positive response (typically 127.0.0.x) marks the source as listed, often with a TXT record explaining the category. RFC 5782 standardizes the query format and test entries (127.0.0.2). DNSBLs are central to greylisting, spam scoring, and edge filtering, but operators must understand listing criteria, latency, false positives, and delisting procedures. URI-based variants (URIBLs) check links in message bodies. DNSWL whitelists complement DNSBLs by signaling known-good senders.
● Examples
- 01
An MTA rejects connections when the sending IP appears on Spamhaus ZEN with a 5xx error.
- 02
A spam-scoring policy adds points if a URL in the body resolves on SURBL or URIBL.
● Frequently asked questions
What is DNS Blocklist (DNSBL)?
A DNS-based mechanism described in RFC 5782 that lets mail systems query a list of IP addresses or domains known to send spam or malware and apply blocking, scoring, or routing decisions. It belongs to the Network Security category of cybersecurity.
What does DNS Blocklist (DNSBL) mean?
A DNS-based mechanism described in RFC 5782 that lets mail systems query a list of IP addresses or domains known to send spam or malware and apply blocking, scoring, or routing decisions.
How does DNS Blocklist (DNSBL) work?
A DNS Blocklist (DNSBL) — also called a Realtime Blackhole List (RBL) — exposes a list of bad IPs or domains under a DNS zone such as zen.spamhaus.org or bl.spamcop.net. A receiver reverses the IPv4 address, appends the zone, and performs a DNS A query: a positive response (typically 127.0.0.x) marks the source as listed, often with a TXT record explaining the category. RFC 5782 standardizes the query format and test entries (127.0.0.2). DNSBLs are central to greylisting, spam scoring, and edge filtering, but operators must understand listing criteria, latency, false positives, and delisting procedures. URI-based variants (URIBLs) check links in message bodies. DNSWL whitelists complement DNSBLs by signaling known-good senders.
How do you defend against DNS Blocklist (DNSBL)?
Defences for DNS Blocklist (DNSBL) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for DNS Blocklist (DNSBL)?
Common alternative names include: DNSBL, RBL, Real-time Blackhole List.
● Related terms
- network-security№ 452
Greylisting
An anti-spam technique that initially returns a temporary SMTP rejection for unknown sender triplets and only accepts the message on a later, properly retried delivery attempt.
- network-security№ 984
Secure Email Gateway
A perimeter or cloud service that filters inbound and outbound email for spam, phishing, malware, data leakage, and policy violations before it reaches user mailboxes.
- network-security№ 333
DMARC
An email authentication standard defined in RFC 7489 that lets domain owners publish a policy telling receivers what to do with messages that fail SPF or DKIM and aligned domain checks.
- network-security№ 1076
SPF (Sender Policy Framework)
An email authentication mechanism defined in RFC 7208 that lets a domain publish in DNS which IP addresses or hosts are authorized to send mail using its domain in the envelope MAIL FROM.
- network-security№ 330
DKIM
An email authentication standard defined in RFC 6376 that lets a sending domain add a cryptographic signature to outgoing messages so receivers can verify that headers and body were not altered.
- attacks№ 375
Email Spoofing
Forging email headers so a message appears to come from a trusted sender, typically to enable phishing, fraud, or malware delivery.