Do you utilize Spamhaus’ free blocklists via the public mirrors? Are you currently using Google’s Public DNS, or similar public recursive server? You may not be aware, but with this combination, every time you make a query to Spamhaus it will return a ‘non-existent domain’ (NXDOMAIN). That means we are not providing reputation advice about whether or not to receive that email i.e. your spam emails will not be blocked by the queries you are running. Here’s why…

Why use a public recursive DNS?

There are a number of reasons why people choose to employ a public DNS resolver, such as Google Public DNS. Perhaps your Internet Service Provider’s (ISPs) recursive name server suffers from high latency, due to it being overloaded. Let’s be honest, given the competitive nature of this marketplace some providers have been known to ‘skimp’ in this area, in order to reduce operating costs.

Also, let’s not forget its ease of use. If you’re setting up an address to use as your DNS resolver, then 8.8.8.8 (one of Google’s public DNS resolver IP addresses) is one of the simplest numbers to remember.

So why don’t Spamhaus’s free DNSBLs work through some public DNS resolvers?

Regrettably we have had to block some public DNS resolvers because they can be exploited by some users to get more than their fair share of a free service.

Taking a step back

Back in 1998 when both the world wide web (w.w.w.) and Spamhaus were in their infancy, 3.1% of the global population were utilising the internet, according to data from the International Telecommunication Union.

Fast forward 20 years and now 48% of the world’s population uses the internet. That takes the numbers from 188 million users in 1998 to 3,663 million users in 2017. This means that not only are the number of global internet users increasing at a phenomenal rate, but the number of those using Spamhaus’s free public mirrors is also dramatically increasing.

Sharing is caring

We believe in providing the public with threat intelligence for free; helping small independent businesses, schools and non-profit making organisations safely filter their email at no cost.

With a network of over 80 public DNSs spread across 35 countries, this significant international DNS infrastructure serves billions of queries to the public every day, for free.

But note that word ‘public’ in the above paragraph. This free service is intended to be available for those who are genuinely ‘the public’, fulfilling all of the following criteria:

  1. Use of the Spamhaus DNSBLs is non-commercial
  2. Your email traffic is fewer than 100,000 SMTP connection per day
  3. Your DNSBL query volume is fewer than 300,000 queries per day
    Further details can be found at Spamhaus DNSBL Usage Terms.

Spamhaus understands that anything free is difficult to resist. Therefore usage is monitored of these free DNSBLs to ensure this resource isn’t being exploited. If an IP address exceeds the above criteria it is suggested the user pays to use the commercial DNSBL data feed service.

Yes, but why block queries from public recursive name servers?

It’s simple – public recursive name servers act as an anonymising service and enable large scale users to hide behind them. Given the lack of transparency and inability to identify those who are abusing the free service a difficult decision was made to add some public domain name servers to our access control list… ultimately blocking your query.

To quantify the issue, over a 24 hour period Spamhaus receives approximately two billion queries from, what could be argued, the most popular public recursive DNS. This is roughly 20% of the total number of queries made over the same period.

But I want to use both a public recursive DNS and Spamhaus’s free block lists.

Not a problem, as long as you meet the criteria detailed above. Spamhaus can provide you with free access to our DNSBL data feed, via our Data Query Service (DQS), simply sign up for the low-volume free DQS here. It’s straightforward and can be set up in a matter of minutes, and enables you to have access to our domain name server block lists, whilst still using a public DNS.

Any questions? Simply contact us.

Related Products

Data Query Service (DQS)

Spamhaus’ Data Query Service (DQS) is an affordable and effective solution to protect your email infrastructure and users.

Using your existing email protection solution, you will be able to block spam and other related threats including malware, ransomware, and phishing emails.

The service has never failed and utilizes the longest established DNSBLs in the industry.

 

  • Proactive & preventative
  • Save on email infrastructure & management costs
  • Actionable

Resources

Botnet Threat Update Q1 2020

15 April 2020

Report

The number of botnet Command & Controllers (C&Cs) associated with fraudulent sign-ups, reduced by 57% in Q1 2020, however it isn't all good news. Find out the full details on botnet C&C activity here.

Email blocklists – buy cheap, buy twice!

29 October 2019

Blog

As IT budgets and resources are squeezed it’s understandable to shop around, be it for hardware, software, or threat intelligence data, for that matter. But beware…not all email blocklists (DNSBLs) are equal.

Newly registered domains – how to avoid the risks with ZRD

6 December 2016

Blog

Spamhaus’ Zero Reputation Domain service protects users from newly-registered domains used by cybercriminals to send spam and drive traffic to harmful websites.