Tuesday, January 11, 2011

DNSWL - Please List your Mail Server

If you operate a legitimate mail server, please file a request to have your IP address listed at DNSWL.org.  If your buddy's MTA IP address is not listed, suggest that they get themselves listed.  DNSWL is useful for multiple purposes like:
  • Spamassassin adds a negative score if the sending IP address is listed in DNSWL.  This can be both good and bad in different ways, but recent measures indicate that it makes almost no difference to spamassassin's determination.  This is because spamassassin is carefully balanced, and DNSWL is rarely wrong.  If you do see cases where DNSWL is wrong, please report it.
  • Some major servers use DNSWL as a means to avoid greylisting for "known good" IP addresses.  This eliminates delays during delivery of mail from your server.
  • Some DNSBL's use DNSWL as additional input in their reputation decision.  Not exactly a "stay out of DNSBL" pass but it does help, assuming you really are not sending spam.
When you submit your request for DNSWL inclusion, keep in mind the definitions of DNSWL's four levels.  You may include a suggestion of which level your server falls under.  The following are not their official definitions, but rather how I feel about them.

  • DNSWL_HIGH: Never sends spam.  This usually is only true of smaller, private operated servers.
  • DNSWL_MED: Same thing as HIGH, except your server occasionally sends spam that quickly gets stopped because you are policing the server.  This is usually from hosting inexperienced users who occasionally become infected by spambot trojans, or your PHP web application got cracked.
  • DNSWL_LOW: Same thing as MED, except you aren't very good at noticing when things are going wrong and quickly putting a stop to it.
  • DNSWL_NONE: Your server sends plenty of legitimate mail but also regular occurrences of spam.  ISP's usually fall into this category.  Freemail operators like Yahoo nearly always belong in this category, as they have completely failed to prevent daily spamming from new and compromised user accounts.  Such IP addresses are listed as DNSWL_NONE because they do not qualify for LOW, but yet we don't want to ever blacklist (or greylist delay) this IP address as we know it does send legitimate mail.

No comments:

Post a Comment