Now that I have reactivated the use of RBL’s/DNSBL’s on my web server I have been on the hunt for the “perfect” RBL. I define ‘perfect’ as providing fast responses, 99.98% or better uptime, and containing the type’s of IP’s I want to block: spammers, bots, troll’s and proxies.
Since most of the DNSBL’s out there are made for email servers, you cant just go slapping any one on your server to block the riff-raff. Many of the lists out there will block IP’s that dont have PTR records, are on dynamic IP’s, etc. Things like that are good for blocking email spammers, but not good for blocking access to your site. Any time you add a new blacklist you should watch your logs carefully and double-check every IP it blocks in Google/WHOIS, etc, and at a minimum make sure it’s not blocking too many IP’s. Lists like ZEN.spamhaus.org or barracudacentral.org can and will block damn-near anyone, so be careful.
Unfortunately there is no one, perfect DNSBL – each block list will block slightly different IP’s. Since I don’t like to have more than two or three DNSBL’s active at the same time for fear of page-load slowdowns, I’ve been rotating the DNSBL’s over the last week or two and carefully watching the stats for each one. These are my favorites so far:
xbl Spamhaus – Spamhaus is like the Cadillac of DNSBLs. XBL.spamhaus.org contains hijacked PCs, some open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits. – If I had to pick only ONE RBL to use, xbl.spamhaus.org would be my choice.
opm.tornevall.org – Great list for open proxies and TOR proxies. opm.tornevall was originally created by a forum webmaster that got sick of trolls and finally did something about it.
combined.abuse.ch – The DNSBL built in Switzerland – it must be good! combined.abuse.ch contains all three of abuse.ch’s DNSBLs – DRONE, httpBL, & SPAM and blocks everything from hijacked PC’s to referral spammers and compromised web-servers.
dnsbl-3.uceprotect.net – The BADASS of DNSBLs! USE WITH CAUTION – dnsbl-3.uceprotect.net is a very strict list of spammers. You may want to start out with dnsbl-2 or dnsbl-1.uceprotect.net and work your way up.
all.spamrats.com – Another hard-line spammer-blocking DNSBL. Like uceprotect.net, use all.spamrats.com with care.
One good way to find out what blocklist might be good for you is to run-thru the IP’s of known spammers (that you find caught by Akismet, BadBehavior, etc) and run the IP through a multi-block list checker like robotex.com – It can help point you to the exact DNSBL that is right for your website.
Do you use an RBL? What is your favorite? Have you tried using RBLs and had to stop? Why?