Security :: Real-time Black Lists (RBLs)

Printer-friendly version

Real-time Black Lists (RBLs) are lists of IP addresses known to regularly send spam. Several such lists are maintained by different organizations concerned about the proliferation of spam. Internet Service Providers make use of these lists in order to prevent spam from known sources from reaching their customers, and the license fees they pay for the use of the lists pays for the ongoing research needed to keep the lists updated. This is quite different from the antimalware business, in which each solution vendor maintains their own "black list" (database of virus "signatures"); spam detection databases are usually operated by independent third-party developers.

By subscribing to RBL services, ISPs and other organizations can be continuously updated on the IP addresses from which they need to block traffic. Email arrives at a user's incoming mail server or router, which checks the RBL for the connecting email address. If the IP address matches one on the list, the connection is dropped before any traffic is accepted from the spammer. Most mail server software can be configured to reject or flag messages which have been sent from a site listed on one or more RBLs. The RBL usually lists server IP addresses from ISPs whose customers are responsible for the spam and from ISPs whose servers are hijacked for spam relay.

The first RBL was created by Paul Vixie in 1997 as part of his Mail Abuse Prevention System; other well-known RBL compilers include Spamhaus and Spam Cop. Check out this list of known RBL compilers.