IRISRBL a simple anti-spam Service

Introduction

RedIRIS considers that the Reputation List is the best way to reduce spam coming from botnets. For this reason, RedIRIS puts at the disposal of its affiliated institutions the IRISRBL Service (Reputation Block List), which consists of two DNS zones containing millions of IP addresses of bad reputation to be used by e-mail servers and which will contribute towards reducing the amount of spam.

The IRISRBL Service is a DNSbl (DNS Real Time Block List) generated, controlled and managed by RedIRIS. Until now, to find out about the reputation of an IP address, it was necessary to perform DNS lookups sequentially in spamhaus, spamcop, mail-abuse, RedIRIS ListaBlanca, etc. With IRISRBL only one lookup is required. This document is a guide on the various aspects of the IRISRBL Service, designed for those responsible for the electronic mail service of RedIRIS institutions. This service has two DNS zones to which lookups may be sent:

    weak.dnsbl.rediris.es
    strong.dnsbl.rediris.es

Lookups sent to these DNS zones are configured in the usual way, the same as for any other blacklist. RedIRIS recommends the strong zone is used and puts at the disposal of RedIRIS institutions suitable mechanisms to exclude IPs that are considered false positives.

If you belong to an institution connected to RedIRIS and you wish to use the IRISRBL Service, you should make an application on the FORM, shortly after which you will be able to use the service.

If you do not belong to an institution within the RedIRIS community and believe that the IRISRBL Service is blocking your mail, before sending a complaint please read the note "How does the IRISRBL Service affect you?"

Advantages of the IRISRBL Service

The IRISRBL Service is exclusively for the use of RedIRIS institutions and these are the only entities that can request the service.

  • Simple system offering information about the reputation of an IP. Positive or negative reputation.
  • It contributes towards reducing spam by around 70-80%, similar to other DNSBLs, with the advantage of being managed by RedIRIS.
  • It enables rapid resolution of false positives, instantly excluding the implicated IPs without any formalities.
  • It reduces the number of MTA DNS lookups, as a single DNS lookup provides data from different sources: RBL, RedIRIS spamtraps and ListaBlanca (whitelist)
  • It is not necessary to configure the Red IRIS ListaBlanca in the MTA.
  • IRISRBL is not aggressive with the policies of Institutions connected to RedIRIS.
  • It reinforces the anti-spam measures of the institutions connected to RedIRIS.
  • It uses a technology (DNSbl) that is well known and generates confidence.
  • It is easy to use, configure and integrate.
  • Robust to failures. Should there be an interruption to the service, this does not mean interruption of the institution's electronic mail service.
  • Detection, warnings and alerts of compromised IPs within the Institutions.
  • It will be open to other projects: log files analysis, storage of complaints, etc.

DNSbl mechanism of action

IRISRBL is a DNSBL, a Blocking List; it is a database that is consulted in real time by e-mail servers to obtain an opinion of the reputation of the origin of an e-mail. The role of IRISRBL is to advise and provide an opinion to RedIRIS institutions on the reputation of specific IPs with respect to incoming electronic mail.

The Policy of the Receiver decides the action to take

Each institution and in general each domain that decides to implement antispam filters is defining a policy and actions for accepting incoming e-mail. The receiver unilaterally decides to use IRISBL as a blocking list and what it does with the incoming e-mail coming from an IP included in the IRISRBL list. IRISRBL only indicates if an IP is or is not included in the database.

Highlighted points:
  1. The receiver takes the decision to accept, label or reject e-mail messages depending on, among other factors, whether the IP of the sender is included in IRISRBL.
  2. The receiver looks up IRISRBL asking, "Is the IP of the sender in RBL?". IRISRBL automatically responds in real time to the request about the sender of the e-mail.
  3. RedIRIS does not intervene in the decision adopted by the Receiver about what to do with the incoming e-mail from an IP included in IRISRBL.
  4. Instead of rejecting a message coming from an IP included in IRISRBL, the message can be labelled, which is very helpful for future analyses of the contents (spamassassin etc.).
  5. RedIRIS recommends that Institutions using IRISRBL block/reject the connection of IPs included in IRISRBL, instead of accepting them and then ending up storing them in the wastebasket. Rejecting and blocking an e-mail in an SMTP transaction means that the content of the message does not enter your domain, thus reducing the use of resources. We maintain a classical rule for electronic mail: If an e-mail cannot be delivered the sender must ALWAYS be made aware of this, and receive information about the causes of non-delivery.